[Freedombox-discuss] FOAF developers taking FreedomBox into their equation
Jonas Smedegaard
dr at jones.dk
Thu Mar 10 11:23:59 UTC 2011
On Thu, Mar 10, 2011 at 02:55:08AM +0100, bertagaz at ptitcanardnoir.org wrote:
>On Thu, Mar 10, 2011 at 12:11:01AM +0100, Melvin Carvalho wrote:
>> On 10 March 2011 00:02, Jonas Smedegaard <dr at jones.dk> wrote:
>> > On Wed, Mar 09, 2011 at 10:29:06PM +0000, Clint Adams wrote:
>> Traditionally we've always 'self signed' our WebID certificates. So
>> there's no CA that needs to be in the loop. In fact, I dont know of
>> any instance WebID has *ever* been used with a CA, but I suppose it
>> is possible too. :)
>
>Then how does the authentification part works? Is there a web of trust,
>or a way to be sure a X.509 cert belongs to a certain ID?
WebID is technically called FOAF+SSL.
It is a FOAF resource which includes claims of its own URL and a public
key that is governing it. And it is a client certificate containing a
URL referencing that FOAF.
So when presenting the client certificate, it can be verified by
checking that the URL it references does indeed contain that same public
key as the client certificate.
Instead of trying to shoot down above, please read up on it first. I am
not an engineer of WebID nor an expert in the security parts of it.
More info: http://www.w3.org/wiki/foaf+ssl
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20110310/f623d200/attachment.pgp>
More information about the Freedombox-discuss
mailing list