Re: WebID-ISSUE-64 (redirects): Redirects [WebID Spec] from Kingsley Idehen on 2012-10-09 (public-xg-webid@w3.org from October 2012)

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Tue, 09 Oct 2012 17:11:55 -0400
To: public-xg-webid@w3.org
Message-ID: <5074931B.9070102@openlinksw.com>

On 10/9/12 3:47 PM, Henry Story wrote:
> On 9 Oct 2012, at 20:28, Kingsley Idehen <kidehen@openlinksw.com> wrote:
>
>> On 10/9/12 1:58 PM, Henry Story wrote:
>>> I opened this issue now:
>>>    https://www.w3.org/2005/Incubator/webid/track/issues/64
>>>
>>> Please come up with some text, and help along. It's a difficult issue.
>>>
>>> We need text for
>>>
>>>    a- what happens when a redirect moves from http to https  (security section)
>>>    b- how to resolve urls in remote documents that were reached by redirects
>>>    c- whether the WebID itself changes if redirected???
>>>    d- a note on reasonable numbers of redirects to follow and pointer to http spec
>>>
>>>   I am not sure I have an answer for c.
>> If the WebID changes, and there's no inference in play (e.g., owl:sameAS), it has to be invalid. That's the nature of the underlying semantics of this identity verification protocol.
> What would be useful would be some justfication for that statement.
> An example would help. Take a WebID
>
>     http://joe.example/#me
>
>
> We dereference
>    http://joe.example/
> which redirects with 303 to
>    http://joe.example/people/card
> which redirects with 301 to
>    http://joe.org/people/card
>
> Does that now mean that
>
>    http://joe.example/#me owl:sameAs http://joe.org/people/card#me ?

Is there an public key and webid relationship in the final document that 
matches what's in the x.509 certificate used in the TLS handshake? The 
path doesn't determine the semantics of the pivotal relationship between 
a webid and public key.

>
> Is there ever a case where that is the case?
It's possible, but still doesn't invalidate what I've stated above.

> Is there any standard we can point to to make our case either way?

As the owner of a WebID (a de-referencable URI) used to watermark an 
X.509 cert.  I control the route to the graph that validates my identity 
claims using the WebID protocol. That's what this protocol is about, 
semantically :-)


Kingsley
>
> Henry
>
>
>>> Henry
>>
>> -- 
>>
>> Regards,
>>
>> Kingsley Idehen	
>> Founder & CEO
>> OpenLink Software
>> Company Web: http://www.openlinksw.com
>> Personal Weblog: http://www.openlinksw.com/blog/~kidehen
>> Twitter/Identi.ca handle: @kidehen
>> Google+ Profile: https://plus.google.com/112399767740508618350/about
>> LinkedIn Profile: http://www.linkedin.com/in/kidehen
>>
>>
>>
>>
>>
> Social Web Architect
> http://bblfish.net/
>


-- 

Regards,

Kingsley Idehen	
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen

Attachments

application/pkcs7-signature attachment: S/MIME Cryptographic Signature

Received on Tuesday, 9 October 2012 21:12:18 UTC