Re: Matter of DN and what's possible

On 1/8/12 6:40 PM, Peter Williams wrote:
>
> SAN is the users name.
>
> SIA is the pointer to the describer resource - one of whose alternates 
> predicate's values locates the place where the .cer blob can be picked 
> up, with the right mime type(s). Another alternate can point to the 
> PEM encoded blob . Another can point to the .p12 wrapped form of the 
> same blob. Another can point to the .p7m and .p7c forms of the blob 
> (located in cert stores). Another can point to signed SAML2 
> entitydescriptor, with a base64 encoded element within (containing the 
> blob(s)).
>
> There is actually a choice. One could have different access methods in 
> the cert SIA, one per . But, somehow, I feel the semantic web 
> describer apparatus will do a better job (and drives the integration).

+1000 .

Kingsley
>
>
>
>
> > From: mo.mcroberts@bbc.co.uk
> > Date: Sun, 8 Jan 2012 23:15:28 +0000
> > CC: public-xg-webid@w3.org
> > To: kidehen@openlinksw.com
> > Subject: Re: Matter of DN and what's possible
> >
> >
> > On 8 Jan 2012, at 23:07, Kingsley Idehen wrote:
> >
> > > On 1/8/12 5:52 PM, Mo McRoberts wrote:
> > >>> What we need to get people to understand somehow is the fact 
> that you can have a URL (a Locator) and a generic URI (Name) in a cert 
> such that publishers can make descriptor resources for cert. subjects 
> -- using URIs as subject names -- and then publish to network 
> resources addresses identified using URLs. Doing this reduces 
> publisher tedium inevitably introduced by Linked Data nuances re., 
> de-referencable URI based names.
> > >> I asked previously that you post an example cert (don't worry 
> about the key material, obviously) which shows what you mean — i.e., 
> what things you'd put where and how you believe they should be processed.
> > >>
> > >
> > > Based on my reply to Peter, we will make a cert that just uses the 
> less controversial Subject Information Access extension. The semantics 
> of this cert. element covers exactly what I need i.e., a place for 
> URLs that resolve to resources bearing directed graphs where 
> attribute=value or predicate=object pairs coalesce around identifiers 
> for the cert. subject, as placed in SAN .
> >
> > If I'm understanding correctly, you're saying (for example), that 
> sIA might contain a URL, while the sAN contains the URI of the 
> certificate holder which appears within the document published at the 
> sIA URL?
> >
> > M.
> >
> > --
> > Mo McRoberts - Technical Lead - The Space,
> > 0141 422 6036 (Internal: 01-26036) - PGP key CEBCF03E,
> > Project Office: Room 7083, BBC Television Centre, London W12 7RJ
> >
> >
> >
> >


-- 

Regards,

Kingsley Idehen	
Founder&  CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen