[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[Freedombox-discuss] FOAF developers taking FreedomBox into their equation

On Thu, Mar 10, 2011 at 01:27:17PM +0100, bertagaz at ptitcanardnoir.org 
>On Thu, Mar 10, 2011 at 12:23:59PM +0100, Jonas Smedegaard wrote:
>> On Thu, Mar 10, 2011 at 02:55:08AM +0100, bertagaz at ptitcanardnoir.org 
>> wrote:
>> >
>> >Then how does the authentification part works? Is there a web of 
>> >trust, or a way to be sure a X.509 cert belongs to a certain ID?
>> WebID is technically called FOAF+SSL.
>> It is a FOAF resource which includes claims of its own URL and a 
>> public key that is governing it. And it is a client certificate 
>> containing a URL referencing that FOAF.
>> So when presenting the client certificate, it can be verified by 
>> checking that the URL it references does indeed contain that same 
>> public key as the client certificate.
>> Instead of trying to shoot down above, please read up on it first. I 
>> am not an engineer of WebID nor an expert in the security parts of 
>> it.
>So why in your previous mail are you saying we can?

Sorry.  I meant to say that I _believe_ we can.

I live in a dream of FOAF being super relevant for FreedomBox.  What I 
meant to say with my final remark was that if you aim sharp and clever 
challenging questions at me, then you are shooting at a messenger: You 
may kill my dreams and thereby my preaching of this technology at this 
mailinglist, but if your intent is to verify solidity of the actual 
technology (not my dreams of it) then aim at the source - at those 
actually knowing what they are putting together.

I encourage those interested in the details of WebID to engage at the 
foaf-protocols mailinglist, and that we here on this list discuss if and 
how it may be relevant to integrate WebID with other facets of 
FreedomBox - only summarizing on those aspects discussed in-depth at 
that more appropriate list.

>My point is not to shoot something, just trying to understand. My 
>questions were similar to the one Daniel asked, maybe in a more naive 

Sorry, I did not mean to treat Daniel as smart and you not.  I simply 
responded in greater length to that first of three emails in this 
thread, then realized I might be too detailed (not eating my own dogfood 
- see my comment right above) and therefore responded only briefly on 
the others, including this one.

[other parts snippet - probably better answered by Henry or others]

  - Jonas

   * Jonas Smedegaard - idealist & Internet-arkitekt
   * Tlf.: +45 40843136  Website: http://dr.jones.dk/

   [x] quote me freely  [ ] ask before reusing  [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20110310/802a8a7f/attachment-0001.pgp>

Reply to: