On 06/08/2010 11:30 PM, From Story Henry:
That's the trick of foaf+ssl: we do not rely on Certificate Authorities to vouch for the client. The certificates can be either self signed, or signed by some unknown CA.The trick used is the same as the one used by OpenID. ( In fact OpenID inspired much of what is behind Web ID. ) The SSL connection lets the server know that the client has the private key of the public key sent in the X.509 certificate. Because the X.509 certificate also contains the Web ID (in the subject alternative name position), the server can do an HTTPS get on the WebID and if the public key matches there, Identity is proven.
In that case I don't see the benefit of using an SSL certificate at all, OpenID seems to provide the same thing a bunch easier - or am I mistaken? Obviously - and I know that - your opinion might be not without bias, so you don't have to defend it. And probably neither is mine...
But if you can explain the benefit or the shortcoming of OpenID compared to your idea?
Regards
Signer: Eddy Nigg, COO/CTO
StartCom Ltd. <http://www.startcom.org>
XMPP: [email protected] <xmpp:[email protected]>
Blog: Join the Revolution! <http://blog.startcom.org>
Twitter: Follow Me <http://twitter.com/eddy_nigg>
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
