On 12 Feb 2010, at 05:10, Niels Mayer wrote: > I needed some more background on this, as it turned out I was about to ask a > stupid question about who signs the certs, but that is basically answered > here: > > http://blogs.sun.com/bblfish/entry/foaf_ssl_pki_and_the (foaf+ssl, pki and > the duck-rabbit) > >> Whereas PKI is used for hierarchical trust, we use it to build a web of >> trust. Where X509 certs built up a lot on the Distinguished Name hierarchy, >> we nearly ignore it. Where X509 tried to place information in the >> certificate, we place it outside at the name location. Even though SSL can >> request client certificates in the browser, nobody does this, yet we build >> on this little known feature. Self signed client certificates, which would >> not have made sense in traditional PKI infrastructure, because they proove >> nearly nothing about the client, is what we build everything on.... > > > Ok, this is beginning to make sense. PGP via the web browser, using browser > mechanisms to install SSL client certificates. Looking for more background, > I found these: > > http://blogs.sun.com/bblfish/entry/foaf_ssl_adding_security_to > foaf+ssl: adding security to open distributed social networks > > http://blogs.sun.com/bblfish/entry/more_on_authorization_in_foaf > foaf+ssl: creating a web of trust without key signing parties > > http://blogs.sun.com/bblfish/entry/building_secure_and_distributed_social > Building Secure, Open and Distributed Social Network Applications > > ... > > I think it would be very useful to integrate FOAFiness with Xwiki's access > control: e.g. allow FOAFs passed document links in your wiki to > conditionally register/login and view/comment the given link/document. > Nonregistered users would be given access based on space-rights (if space > not publicly viewable, then access denied). By conditionally register/login, > I mean that you could place access control rules on how far you might want > to allow any private document to "spread" in a foaf network. E.g. some > documents would only be accessible by first-level friends, etc.
Exactly. One could give access rights on parts of the wiki with rules such as <http://xwiki.org/OSSGTP/> can only be edited by members of the <http://www.ossgtp.org/members/#ossgtp> group and their friends. So at <http://www.ossgtp.org/> there would be a foaf:Document describing the current members, which could be updated periodically. Xwiki.org would get that document every so often (or it could be pinged on changes). One can imagine a lot of different scenarios.... > Is something like the above part of the "use case" for Foaf+SSL in Xwiki?? Those are use cases for foaf+ssl, and I think XWiki is an Operating System, with aim to replace emacs, so yes you can do whatever you want ;-) Henry > > Niels > http://nielsmayer.com > _______________________________________________ > devs mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/devs _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
