Re: [foaf-protocols] Standardising the foaf+ssl protocol to launch the Social Web

Bruno Harbulot wrote:
> Hi all,
> 
> I'll start by a list of points that could be standardized (open questions).
> 
> First, on the authentication part:
> 
> 1. Standardizing the representation format: RDF/XML, RDFa, N3?

-1

> 2. Standardizing the vocabulary.

+1

> 3. Standardizing the data we expect to store in the X.509 certificate.

+1

> 4. Standardizing the delegated login procedure.
> Should this be part of this specification or another specification?

fwiw & imho, under another spec - as that delegated login would still 
have to use 'this' spec to do the actual login

> 5. Addressing the issue of signed RDF assertions or comparison with
> other repositories of keys.
> 
>    So far, we've been using a simple dereferencing of the WebID to do the
> verification. It's OK, but it doesn't really improve the security
> compared to OpenID. There is potential to improve the security by using
> the keys of course. How far do we want to go there?

easy either way on this one, would also be interested to see if we can 
get a fingerprint in to the webid.

> Secondly, on the authorization part, it's all the work about ontologies
> for ACLs. Should this belong to the same specification? I see this as a
> separate issue (although equally interesting).

v interested in this one myself, perhaps separate, perhaps separate spec 
under same working group or suchlike..

Best,

Nathan

Received on Tuesday, 6 July 2010 16:58:25 UTC