[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Web ID as passwordless authentication for debian web services

Hi again.

Russ Allbery <rra@debian.org> writes:

> Jonas Smedegaard <dr@jones.dk> writes:
>> Quoting Russ Allbery (2013-05-16 19:57:59)
>
>>> Sure, but if you have control over the server certificate and are tying
>>> the server certificate to the user certificate via some mechanism like
>>> Monkeysphere, why do the whole indirection dance through a URI at all?
>
>> Because when identifier is a URI then it is reusable for other purposes 
>> than authentication.
>
> Thank you -- this and your other message clarifies for me.  The idea is to
> create a persistent representation of identity on the web that can be
> linked to, included in other graphs, etc.  The problem with a certificate
> is that, while you can link *from* it, you can't (easily) link *to* it or
> include it in graphs that can be followed with simple HTTP requests.
>

Well... you sort of can if you create a "canonical" Linked Data resource
for it whose URI is then an allias for the cert's public key. Of course
the corresponding private key is not dereferenceable ;)

Reusing my example already sent (sorry, may have missed keeping Daniel
in CC:),
<http://www-public.telecom-sudparis.eu/~berger_o/foaf.rdf#mecert>
identifies my SSL client cert's public key, which can then be referenced
from any of my FOAFs...

I'm not sure this answers the need to reference my cert in Linked Data
graphs.

Note that there are people working at the W3C of in browser encryption
and stuff, and it may happen that this is quite compatible with the
Linked Data paradigm, hence WebID + TLS, and I may have overlooked other
aspects re. X590 tying to Linked Data.

> I'm not sure what I personally think of this use case (I'm in general not
> a fan of rich social graphs, since I think the privacy drawbacks of making
> all of that data easy to mine outweigh the benefits in most cases), but
> it's definitely a use case a lot of people care about.
>

May I suggest you revisit the debian-project@ discussion about FOAF, where
WebID was mentioned a few months ago ?


I think it may be interesting to plan some WebID-related
hacking/presentations/discussions at the DebConf, to try and push things
forward a bit (I've planed to participate. Others ?).

Hope this helps, again.

Best regards,
-- 
Olivier BERGER 
http://www-public.telecom-sudparis.eu/~berger_o/ - OpenPGP-Id: 2048R/5819D7E8
Ingenieur Recherche - Dept INF
Institut Mines-Telecom, Telecom SudParis, Evry (France)
Reply to: