[OpenID] cryptographics web of trust

[Peter Williams]

Having studied little else for 15 years, publickey certification relates to reliance in some interesting ways. When I wrote my phd dissertation on a theory of reliance, the examiners failed it: (a) truely it was a crappy dissertation, yet (b) the notion that reliance is more viable an in internet/web culture than certification is a challenge to the first article of faith of some. And, one of my examiners had the latter faith - with inquistional zeal. The other had helped write X.500 Directory standards, and was more forgiving of a multi-faith world. All in all, the review of the trust disruption that comes from challenging faith at that level was a very worthwhile experience. (In that 2 hours I got to the debate the (polarized) nature of the same topics being addressed here - in a forum with almost no language dysfunction, other than my crappy thesis)

If you look at what I intentionally did, with my example of signing your PGP-detached signature signed reliance graph

1. rather than use xml-dsig to wrap one of the concrete syntaxes used for a RDF, I opted to have xml-dsig sign a SAML assertion file, treating the RDF thereby as an assertion expressed in the midst of a protocol binding

2. rather than use a detached signature, I enveloped the signed object. The signed assertion is only intended to exist while on the wire.

When you put these two constructs together, you get to add something that is missing from your wot scheme: temporality. The SAML assertion is temporal -- a statement with an expiry date.

One can trivally make the same temporal statement using OpenID AX of course. IN fact its easier, with shared-key based assurances. One stuffs the RDF N3 stream into an AX attributes, which is conveyed over the association established - for some period of time.

For the purpose of OpenID design debate, we have to find a way to formalize the relationship between AX and Auth, so that the "purpose for which we use an association" has well defined semantics. Ideally, a means would exist to declard that said purpose has realtime temporal semantics, perhaps  identical to those defined by the SAML standard.

Perhaps the OpenID agent has its own FOAF file, declaring that when it makes statement over the association channel, these can declare the missing context - enabling the consumer to evaluate the security semantics intended.

You can now play with these ideas, whether or not OPenID associations were to adopt this way of thinking. Think about putting the detached signature of and references to Henry foaf file into the SSL/TLS (realtime) handshake(s) replacing the ancient cert format, and signalling thereby the semantics of any and all statements made over that (temporal) association. The SSL endpoint will have to declare an FOAF file itself, which defines the purposes for which its pairwise association may be used, when making implicitely-authenticated statements.

Then you can have real fun, when you use SSL to help you multicase (reliable) statements to many consumers, when the publickey ciphersuite supports multicast key distribution, as in some advanced uses of the RSA cipher.