[OpenID] cryptographics web of trust
Story Henry
henry.story at bblfish.net
Mon Aug 13 19:49:30 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Peter,
thanks for introducing me to XML-DSIG by showing how one can use it
to sign my foaf file. (see end of this email)
Putting on my RESTful and RDF glasses make me think that that
solution takes what would be termed the SOAPish turn: it tries to
envelop the content instead of referring to it. In the example
described at:
http://blogs.sun.com/bblfish/entry/cryptographic_web_of_trust
there is a URL for me
http://bblfish.net/people/henry/card#me
which one can HTTP GET information for by fetching
http://bblfish.net/people/henry/card
which returns one of the alternate representations
http://bblfish.net/people/henry/card.rdf
http://bblfish.net/people/henry/card.n3
The signatures for those representations are in other files, also
accessible via URLs namely
http://bblfish.net/people/henry/card.rdf.asc
http://bblfish.net/people/henry/card.n3.asc
By doing this we have the following advantages:
1- we can identify every object clearly by a URL. This works
nicely with the web caches, and is a good separation of concerns. We
have URLs for each representation, urls for me, urls for the signature
2- HTTP provides a clear distinction between the envelope and the
content. In the XML-DSIG example, is the content the XML-DSIG
wrapper, or is it the encoded N3 file?
3- separation of concerns: people only need to download the
signature and my public key if it is of interest to them. Perhaps if
there is something suspicious in the rdf content...
Now the disadvantage of the solution I proposed is that the caches
might end up returning a stale copy of the pgp signature. XML-DSIG
bypasses that problem of course because it sends the content and the
signature simultaneously. HTTP could solve the problem by sending the
signature in the header too, though that would clearly be cumbersome.
One simple solution is to specify the etag of the signature in the
card rdf:
<http://bblfish.net/people/henry/card.n3>
wot:assurance <http://bblfish.net/people/henry/card.n3.asc> ;
awol:type "text/rdf+n3" .
<http://bblfish.net/people/henry/card.n3.asc>
xxx:etag "13b3-ba-56463740";
xxx:content-length 186 .
Now a client that would get card.n3 would know that if it did an HTTP
GET on card.n3.asc which did not have
that etag or content-length, or last updated date, that the two
representations were in some way out of sync.
Currently they are not:
hjs at bblfish:0$ curl -I http://bblfish.net/people/henry/card.n3.asc
HTTP/1.1 200 OK
Date: Mon, 13 Aug 2007 19:29:22 GMT
Server: Apache/2.0.55 (Unix) DAV/2 mod_perl/2.0.2 Perl/v5.8.4
Last-Modified: Fri, 10 Aug 2007 11:04:21 GMT
ETag: "13b3-ba-56463740"
Accept-Ranges: bytes
Content-Length: 186
Content-Type: text/plain
This is about as much as I can say about XML-DSIG as a novice in
cryptography. I will try to look at it in more detail.
On 11 Aug 2007, at 07:56, Peter Williams wrote:
> See below:
>
> I (counter) signed your entire file, using XML-DSIG (with SAML-
> defined security semantics, as signaled).
Thanks, that is a nice introduction to XML-DSIG.
> I treated the FOAF file as a string-form of a (rather long) name,
> which bears its naming architcture, its naming contexts, its naming
> schema, its naming relationships, and its new name protections.
It looks like one should be able to extract a good ontology from the
above, in the spirit of WOT, or as an enhancement of WOT. Just a few
names to be added to http://xmlns.com/wot/0.1/
As shown in the article
http://blogs.sun.com/bblfish/entry/cryptographic_web_of_trust
the advantage of rdf vocabularies, is that they can be used in many
different contexts, in a very flexible manner.
> If one treats the FOAF file as a text stream, I dont see why one
> cannot similarly encode and then sign the N3 form. The XML form of
> the RDF seems to be adding little.
Indeed the XML form and the N3 form are just alternates of one
another, as I stated in the example
<http://bblfish.net/people/henry/card> a foaf:PersonalProfileDocument;
iana:alternate <http://bblfish.net/people/henry/card.rdf>,
<http://bblfish.net/people/henry/card.n3> .
They represent exactly the same graph. Indeed the xml is generated
automatically from the N3 using
cwm card.n3 --rdf > card.rdf
>
> ________________________________
>
> From: general-bounces at openid.net on behalf of Story Henry
> Sent: Fri 8/10/2007 7:11 AM
> To: Steven Livingstone
> Cc: foaf-dev; OpenID General
> Subject: Re: [OpenID] cryptographics web of trust
>
>
>
> Thanks for the feedback. I have extended the blog post to describe
> how one can link up to other people's public keys, sign their public
> keys, and how one can sign parts of one's foaf file, using Dan
> Brickley's and Tim Berners' Lee as examples.
>
> This develops a very powerful web of trust.
>
> http://blogs.sun.com/bblfish/entry/cryptographic_web_of_trust
>
> Henry
>
>
> On 9 Aug 2007, at 20:15, Steven Livingstone wrote:
>
>> Very cool.
>>
>> I did some work in encrypting FOAF files a few years back (well,
>> hacked something together in a few hours).
>> http://www.ecademy.com/node.php?id=4568
>>
>> I checked and it is still there:
>> http://livz.org/encrypt/PrivateFoaf.aspx
>>
>> With the FOAF URL :
>> http://www.ecademy.com/module.php?mod=network&op=foafrdf&uid=21584
>> and searching for the name "Robert Sullivan" and a password
>> "steven", you get my decrypted FOAF file.
>>
>> The limiting part of it all (to make it really easy) was the fact
>> you needed an identity "Robert Sullivan" and a shared secret
>> "steven" - this is why OpenID is so powerful. With an authenticated
>> OpenID, you would be able to decrypt the FOAF file automatically.
>>
>> I figured at the time that some online identity (which didn't
>> really exist) could easily be mapped to a corresponding public key,
>> allowing you to encrypt parts of your FOAF files (or any other
>> file) for specific users.
>>
>> I hadn't spent too much time on it but i'd sure like to see it move
>> forward in some way.
>>
>> I know there has been other work put into this stuff as well:
>> http://usefulinc.com/foaf/encryptingFoafFiles
>>
>> steven
>> http://livz.org <http://livz.org/>
>>
>>
>>> To: general at openid.net; foaf-dev at lists.foaf-project.org
>>> From: henry.story at bblfish.net
>>> Date: Thu, 9 Aug 2007 18:31:57 +0200
>>> Subject: [OpenID] cryptographics web of trust
>>>
>>> Hi, following some of the conversations I had on the openid
>> forums, I
>>> have read up about web security and used that new gained
>> knowledge to
>>> enhance my foaf file with a link to my public PGP key and used that
>>> to sign my foaf file. Using this it is easy to see how one can
>> create
>>> a semantic cryptographic web of trust.
>>>
>>> http://blogs.sun.com/bblfish/entry/cryptographic_web_of_trust
>>>
>>> There is a lot more to add for sure, but this is a good starting
>>> point. Great fun too.
>>>
>>> Henry Story
>>> _______________________________________________
>>> general mailing list
>>> general at openid.net
>>> http://openid.net/mailman/listinfo/general
>>
>>
>> See what you're getting into...before you go there See it!
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>
>
>
> <samlp:Response Destination="http://localhost:9030/sp/ACS.saml2"
> InResponseTo="_KrYhdmh3KExWfP5o0CAs7C9mfi"
> IssueInstant="2007-08-11T05:45:26.614Z" ID="_JbuqXO6H-
> BQIoeYwpd0NIE88d6" Version="2.0"
> xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer
> xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://
> www.acmemls.com/request-auth.jsp</saml:Issuer><ds:Signature
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <ds:SignedInfo>
> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-
> exc-c14n#"/>
> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/
> xmldsig#rsa-sha1"/>
> <ds:Reference URI="#_JbuqXO6H-BQIoeYwpd0NIE88d6">
> <ds:Transforms>
> <ds:Transform Algorithm="http://www.w3.org/2000/09/
> xmldsig#enveloped-signature"/>
> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> </ds:Transforms>
> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> <ds:DigestValue>TOs5pUtgy8p2wiQjXJuRfxa2224=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue>
> ctUDU/+NwF7GwNPlGa184G8a5BfnIi1Nmzp8uKCZ93T8gDJVKRBbJDzhhnZ8EF2Y9G
> +PpPvIWW7b
> Oq/wmW8iYg==
> </ds:SignatureValue>
> </ds:Signature><samlp:Status><samlp:StatusCode
> Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></
> samlp:Status><saml:Assertion Version="2.0"
> IssueInstant="2007-08-11T05:45:26.786Z"
> ID="eK2qsvd9xzsmzN7Z_V8sb08fqO-"
> xmlns:saml="urn:oasis:names:tc:SAML:
> 2.0:assertion"><saml:Issuer>http://www.acmemls.com/request-
> auth.jsp</saml:Issuer><saml:Subject><saml:NameID
> Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">%0d%
> 0a%3c!--+Processed+by+Id%3a+cwm.py%2cv+1.194+2007-08-06+16%3a13%3a56
> +syosi+Exp+--%3e%0d%0a%3c!--+++++using+base+file%3a%2f%2f%2fUsers%
> 2fhjs%2fDocuments%2fcard%2fcard.n3--%3e%0d%0a%0d%0a%0d%0a%3crdf%
> 3aRDF+xmlns%3d%22http%3a%2f%2fxmlns.com%2ffoaf%2f0.1%2f%22%0d%0a+++
> +xmlns%3aawol%3d%22http%3a%2f%2fbblfish.net%2fwork%2fatom-owl%
> 2f2006-06-06%2f%23%22%0d%0a++++xmlns%3acontact%3d%22http%3a%2f%
> 2fwww.w3.org%2f2000%2f10%2fswap%2fpim%2fcontact%23%22%0d%0a++++xmlns
> %3afoaf%3d%22http%3a%2f%2fxmlns.com%2ffoaf%2f0.1%2f%22%0d%0a+++
> +xmlns%3ageo%3d%22http%3a%2f%2fwww.w3.org%2f2003%2f01%2fgeo%
> 2fwgs84_pos%23%22%0d%0a++++xmlns%3aiana%3d%22http%3a%2f%
> 2fwww.iana.org%2fassignments%2frelation%2f%22%0d%0a++++xmlns%3ardf%
> 3d%22http%3a%2f%2fwww.w3.org%2f1999%2f02%2f22-rdf-syntax-ns%23%22%0d
> %0a++++xmlns%3ardfs%3d%22http%3a%2f%2fwww.w3.org%2f2000%2f01%2frdf-
> schema%23%22%0d%0a++++xmlns%3awot%3d%22http%3a%2f%2fxmlns.com%2fwot%
> 2f0.1%2f%22%3e%0d%0a%0d%0a++++%3cPersonalProfileDocument+rdf%3aabout
> %3d%22http%3a%2f%2fbblfish.net%2fpeople%2fhenry%2fcard%22%3e%0d%0a++
> ++++++%3ciana%3aalternate+rdf%3aresource%3d%22http%3a%2f%
> 2fbblfish.net%2fpeople%2fhenry%2fcard.n3%22%2f%3e%0d%0a++++++++%
> 3ciana%3aalternate+rdf%3aresource%3d%22http%3a%2f%2fbblfish.net%
> 2fpeople%2fhenry%2fcard.rdf%22%2f%3e%0d%0a++++++++%3cmaker+rdf%
> 3aresource%3d%22http%3a%2f%2fbblfish.net%2fpeople%2fhenry%2fcard%
> 23me%22%2f%3e%0d%0a++++++++%3cprimaryTopic+rdf%3aresource%3d%22http%
> 3a%2f%2fbblfish.net%2fpeople%2fhenry%2fcard%23me%22%2f%3e%0d%0a+++++
> +++%3ctitle%3eHenry+Story's+FOAF+file%3c%2ftitle%3e%0d%0a++++%3c%
> 2fPersonalProfileDocument%3e%0d%0a%0d%0a++++%3cPerson+rdf%3aabout%3d
> %22http%3a%2f%2fbblfish.net%2fpeople%2fhenry%2fcard%23me%22%3e%0d%0a
> ++++++++%3ccontact%3ahome+rdf%3aparseType%3d%22Resource%22%3e%0d%0a+
> +++++++++++%3ccontact%3aaddress+rdf%3aparseType%3d%22Resource%22%3e%
> 0d%0a++++++++++++++++%3ccontact%3acity%3eFontainebleau%3c%2fcontact%
> 3acity%3e%0d%0a++++++++++++++++%3ccontact%3acountry%3eFrance%3c%
> 2fcontact%3acountry%3e%0d%0a++++++++++++++++%3ccontact%3apostalCode%
> 3e77300%3c%2fcontact%3apostalCode%3e%0d%0a++++++++++++++++%3ccontact
> %3astreet%3e21+rue+Saint+Honore%3c%2fcontact%3astreet%3e%0d%0a++++++
> ++++++%3c%2fcontact%3aaddress%3e%0d%0a++++++++++++%3cgeo%3alat%
> 3e48.404532%3c%2fgeo%3alat%3e%0d%0a++++++++++++%3cgeo%3along%
> 3e2.700448%3c%2fgeo%3along%3e%0d%0a++++++++%3c%2fcontact%3ahome%3e%
> 0d%0a++++++++%3caimChatID%3eunbabelfish%3c%2faimChatID%3e%0d%0a+++++
> +++%3cbirthday%3e07-29%3c%2fbirthday%3e%0d%0a++++++++%
> 3ccurrentProject+rdf%3aresource%3d%22http%3a%2f%2fbblfish.net%2fwork
> %2fatom-owl%2f2006-06-06%2f%22%2f%3e%0d%0a++++++++%3ccurrentProject
> +rdf%3aresource%3d%22https%3a%2f%2fbloged.dev.java.net%2f%22%2f%3e%
> 0d%0a++++++++%3ccurrentProject+rdf%3aresource%3d%22https%3a%2f%
> 2fsommer.dev.java.net%2f%22%2f%3e%0d%0a++++++++%3cdepiction+rdf%
> 3aresource%3d%22http%3a%2f%2ffarm1.static.flickr.com%2f164%
> 2f373663745_1801c2dddf.jpg%3fv%3d0%22%2f%3e%0d%0a++++++++%
> 3cfamily_name%3eStory%3c%2ffamily_name%3e%0d%0a++++++++%3cgender%
> 3emale%3c%2fgender%3e%0d%0a++++++++%3cgivenname%3eHenry%3c%
> 2fgivenname%3e%0d%0a++++++++%3chomepage+rdf%3aresource%3d%22http%3a%
> 2f%2fbblfish.net%2f%22%2f%3e%0d%0a++++++++%3cknows+rdf%3aresource%3d
> %22http%3a%2f%2fdanbri.org%2ffoaf.rdf%23danbri%22%2f%3e%0d%0a+++++++
> +%3cknows+rdf%3aresource%3d%22http%3a%2f%2fdavelevy.info%2ffoaf.rdf%
> 23me%22%2f%3e%0d%0a++++++++%3cknows+rdf%3aresource%3d%22http%3a%2f%
> 2fpurl.org%2fcaptsolo%2fsemweb%2ffoaf-captsolo.rdf%23Uldis_Bojars%
> 22%2f%3e%0d%0a++++++++%3cknows+rdf%3aresource%3d%22http%3a%2f%
> 2ftorrez.us%2fwho%23elias%22%2f%3e%0d%0a++++++++%3cknows+rdf%
> 3aresource%3d%22http%3a%2f%2fweb.mac.com%2fthegearons%2fpeople%
> 2fPaulGearon%2ffoaf.rdf%23me%22%2f%3e%0d%0a++++++++%3cknows+rdf%
> 3aresource%3d%22http%3a%2f%2fwww.w3.org%2fPeople%2fBerners-Lee%
> 2fcard%23i%22%2f%3e%0d%0a++++++++%3cknows+rdf%3aresource%3d%22http%
> 3a%2f%2fwww.w3.org%2fPeople%2fConnolly%2f%23me%22%2f%3e%0d%0a+++++++
> +%3cknows+rdf%3aparseType%3d%22Resource%22%3e%0d%0a++++++++++++%
> 3crdf%3atype+rdf%3aresource%3d%22http%3a%2f%2fxmlns.com%2ffoaf%
> 2f0.1%2fPerson%22%2f%3e%0d%0a++++++++++++%3crdfs%3aseeAlso+rdf%
> 3aresource%3d%22http%3a%2f%2fwww.webmink.net%2ffoaf.rdf%22%2f%3e%0d%
> 0a++++++++++++%3cmbox_sha1sum%
> 3eee513cd82fea84825b803a44228fd9b765baf6d5%3c%2fmbox_sha1sum%3e%0d%
> 0a++++++++++++%3cname%3eSimon+Phipps%3c%2fname%3e%0d%0a++++++++%3c%
> 2fknows%3e%0d%0a++++++++%3cknows+rdf%3aparseType%3d%22Resource%22%3e
> %0d%0a++++++++++++%3crdf%3atype+rdf%3aresource%3d%22http%3a%2f%
> 2fxmlns.com%2ffoaf%2f0.1%2fPerson%22%2f%3e%0d%0a++++++++++++%3crdfs%
> 3aseeAlso+rdf%3aresource%3d%22http%3a%2f%2fdannyayers.com%2fme.rdf%
> 22%2f%3e%0d%0a++++++++++++%3cname%3eDanny+Ayers%3c%2fname%3e%0d%0a++
> ++++++%3c%2fknows%3e%0d%0a++++++++%3clogo+rdf%3aresource%3d%22%2fpix
> %2fbfish.large.jpg%22%2f%3e%0d%0a++++++++%3cmbox+rdf%3aresource%3d%
> 22mailto%3ahenry.story%40bblfish.net%22%2f%3e%0d%0a++++++++%3cmbox
> +rdf%3aresource%3d%22mailto%3ahenry.story%40gmail.com%22%2f%3e%0d%0a
> ++++++++%3cmbox+rdf%3aresource%3d%22mailto%3ahenry.story%40sun.com%
> 22%2f%3e%0d%0a++++++++%3cname%3eHenry+J.+Story%3c%2fname%3e%0d%0a+++
> +++++%3cnick%3ebblfish%3c%2fnick%3e%0d%0a++++++++%3copenid+rdf%
> 3aresource%3d%22http%3a%2f%2fbblfish.videntity.org%2f%22%2f%3e%0d%0a
> ++++++++%3copenid+rdf%3aresource%3d%22http%3a%2f%2fopenid.sun.com%
> 2fbblfish%22%2f%3e%0d%0a++++++++%3cpastProject+rdf%3aresource%3d%
> 22http%3a%2f%2fbabelfish.altavista.com%2f%22%2f%3e%0d%0a++++++++%
> 3cphone+rdf%3aresource%3d%22tel%3a%2b1-510-931-5491%22%2f%3e%0d%0a++
> ++++++%3cphone+rdf%3aresource%3d%22tel%3a%2b33-8-70-44-86-64%22%2f%
> 3e%0d%0a++++++++%3cschoolHomepage+rdf%3aresource%3d%22http%3a%2f%
> 2fwww.bbk.ac.uk%2fphil%2f%22%2f%3e%0d%0a++++++++%3cschoolHomepage
> +rdf%3aresource%3d%22http%3a%2f%2fwww.doc.ic.ac.uk%2f%22%2f%3e%0d%0a
> ++++++++%3cschoolHomepage+rdf%3aresource%3d%22http%3a%2f%
> 2fwww.kcl.ac.uk%2fkis%2fschools%2fhums%2fphilosophy%2f%22%2f%3e%0d%
> 0a++++++++%3ctitle%3eMr%3c%2ftitle%3e%0d%0a++++++++%3cweblog+rdf%
> 3aresource%3d%22http%3a%2f%2fbblfish.net%2fblog%2f%22%2f%3e%0d%0a+++
> +++++%3cweblog+rdf%3aresource%3d%22http%3a%2f%2fblogs.sun.com%
> 2fbblfish%2f%22%2f%3e%0d%0a++++++++%3cweblog+rdf%3aresource%3d%
> 22http%3a%2f%2fdel.icio.us%2fbblfish%22%2f%3e%0d%0a++++++++%
> 3cworkplaceHomepage+rdf%3aresource%3d%22http%3a%2f%2fsun.com%22%2f%
> 3e%0d%0a++++%3c%2fPerson%3e%0d%0a%0d%0a++++%3crdf%3aDescription+rdf%
> 3aabout%3d%22http%3a%2f%2fbblfish.net%2fpeople%2fhenry%2fcard.n3%22%
> 3e%0d%0a++++++++%3cawol%3atype%3etext%2frdf%2bn3%3c%2fawol%3atype%3e
> %0d%0a++++++++%3cwot%3aassurance+rdf%3aresource%3d%22http%3a%2f%
> 2fbblfish.net%2fpeople%2fhenry%2fcard.n3.asc%22%2f%3e%0d%0a++++%3c%
> 2frdf%3aDescription%3e%0d%0a%0d%0a++++%3crdf%3aDescription+rdf%
> 3aabout%3d%22http%3a%2f%2fbblfish.net%2fpeople%2fhenry%2fcard.rdf%
> 22%3e%0d%0a++++++++%3cawol%3atype%3eapplication%2frdf%2bxml%3c%
> 2fawol%3atype%3e%0d%0a++++++++%3cwot%3aassurance+rdf%3aresource%3d%
> 22http%3a%2f%2fbblfish.net%2fpeople%2fhenry%2fcard.rdf.asc%22%2f%3e%
> 0d%0a++++%3c%2frdf%3aDescription%3e%0d%0a%0d%0a++++%3crdf%
> 3aDescription+rdf%3aabout%3d%22http%3a%2f%2fdanbri.org%2fdanbri-
> pubkey.txt%22%3e%0d%0a++++++++%3cwot%3aassurance+rdf%3aresource%3d%
> 22danbri.pubkey.asc.asc%22%2f%3e%0d%0a++++%3c%2frdf%3aDescription%3e
> %0d%0a%0d%0a++++%3cPerson+rdf%3aabout%3d%22http%3a%2f%2fdanbri.org%
> 2ffoaf.rdf%23danbri%22%3e%0d%0a++++++++%3cname%3eDan+Brickley%3c%
> 2fname%3e%0d%0a++++%3c%2fPerson%3e%0d%0a%0d%0a++++%3cPerson+rdf%
> 3aabout%3d%22http%3a%2f%2fdavelevy.info%2ffoaf.rdf%23me%22%3e%0d%0a+
> +++++++%3cname%3eDave+Levy%3c%2fname%3e%0d%0a++++%3c%2fPerson%3e%0d%
> 0a%0d%0a++++%3cPerson+rdf%3aabout%3d%22http%3a%2f%2fpurl.org%
> 2fcaptsolo%2fsemweb%2ffoaf-captsolo.rdf%23Uldis_Bojars%22%3e%0d%0a++
> ++++++%3cname%3eUldis+Bojars%3c%2fname%3e%0d%0a++++%3c%2fPerson%3e%
> 0d%0a%0d%0a++++%3cPerson+rdf%3aabout%3d%22http%3a%2f%2ftorrez.us%
> 2fwho%23elias%22%3e%0d%0a++++++++%3cname%3eElias+Torres%3c%2fname%3e
> %0d%0a++++%3c%2fPerson%3e%0d%0a%0d%0a++++%3cPerson+rdf%3aabout%3d%
> 22http%3a%2f%2fweb.mac.com%2fthegearons%2fpeople%2fPaulGearon%
> 2ffoaf.rdf%23me%22%3e%0d%0a++++++++%3cname%3ePaul+Gearon%3c%2fname%
> 3e%0d%0a++++%3c%2fPerson%3e%0d%0a%0d%0a++++%3cPerson+rdf%3aabout%3d%
> 22http%3a%2f%2fwww.w3.org%2fPeople%2fBerners-Lee%2fcard%23i%22%3e%0d
> %0a++++++++%3cname%3eTim+Berners+Lee%3c%2fname%3e%0d%0a++++%3c%
> 2fPerson%3e%0d%0a%0d%0a++++%3cPerson+rdf%3aabout%3d%22http%3a%2f%
> 2fwww.w3.org%2fPeople%2fConnolly%2f%23me%22%3e%0d%0a++++++++%3cname%
> 3eDan+Connolly%3c%2fname%3e%0d%0a++++%3c%2fPerson%3e%0d%0a%0d%0a++++
> %3crdf%3aDescription%3e%0d%0a++++++++%3crdf%3atype+rdf%3aresource%3d
> %22http%3a%2f%2fxmlns.com%2fwot%2f0.1%2fPubKey%22%2f%3e%0d%0a+++++++
> +%3cwot%3afingerprint%3eE5C6CDCC5C1401B6EB2BC5EAED0BF9DBC7DEAB05%3c%
> 2fwot%3afingerprint%3e%0d%0a++++++++%3cwot%3ahex_id%3eC7DEAB05%3c%
> 2fwot%3ahex_id%3e%0d%0a++++++++%3cwot%3aidentity+rdf%3aresource%3d%
> 22http%3a%2f%2fbblfish.net%2fpeople%2fhenry%2fcard%23me%22%2f%3e%0d%
> 0a++++++++%3cwot%3alength+rdf%3adatatype%3d%22http%3a%2f%
> 2fwww.w3.org%2f2001%2fXMLSchema%23integer%22%3e1024%3c%2fwot%
> 3alength%3e%0d%0a++++++++%3cwot%3apubkeyAddress+rdf%3aresource%3d%
> 22http%3a%2f%2fbblfish.net%2fpeople%2fhenry%2fhenry.pubkey.asc%22%2f
> %3e%0d%0a++++%3c%2frdf%3aDescription%3e%0d%0a%0d%0a++++%3crdf%
> 3aDescription%3e%0d%0a++++++++%3crdf%3atype+rdf%3aresource%3d%22http
> %3a%2f%2fxmlns.com%2fwot%2f0.1%2fPubkey%22%2f%3e%0d%0a++++++++%3cwot
> %3ahex_id%3e9FC3D57E%3c%2fwot%3ahex_id%3e%0d%0a++++++++%3cwot%
> 3aidentity+rdf%3aresource%3d%22http%3a%2f%2fwww.w3.org%2fPeople%
> 2fBerners-Lee%2fcard%23i%22%2f%3e%0d%0a++++++++%3cwot%
> 3apubkeyAddress+rdf%3aresource%3d%22timbl.pubkey.asc%22%2f%3e%0d%0a+
> +++%3c%2frdf%3aDescription%3e%0d%0a%0d%0a++++%3crdf%3aDescription%3e
> %0d%0a++++++++%3crdf%3atype+rdf%3aresource%3d%22http%3a%2f%
> 2fxmlns.com%2fwot%2f0.1%2fPubKey%22%2f%3e%0d%0a++++++++%3cwot%
> 3ahex_id%3eB573B63A%3c%2fwot%3ahex_id%3e%0d%0a++++++++%3cwot%
> 3aidentity+rdf%3aresource%3d%22http%3a%2f%2fdanbri.org%2ffoaf.rdf%
> 23danbri%22%2f%3e%0d%0a++++++++%3cwot%3apubkeyAddress+rdf%3aresource
> %3d%22http%3a%2f%2fdanbri.org%2fdanbri-pubkey.txt%22%2f%3e%0d%0a++++
> %3c%2frdf%3aDescription%3e%0d%0a%3c%2frdf%3aRDF%3e</
> saml:NameID><saml:SubjectConfirmation
> Method="urn:oasis:names:tc:SAML:
> 2.0:cm:bearer"><saml:SubjectConfirmationData
> InResponseTo="_KrYhdmh3KExWfP5o0CAs7C9mfi"
> NotOnOrAfter="2007-08-11T05:50:26.833Z" Recipient="http://localhost:
> 9030/sp/ACS.saml2"/></saml:SubjectConfirmation></
> saml:Subject><saml:Conditions <http://localhost:9030/sp/ACS.saml2%
> 22/%3E%3C/saml:SubjectConfirmation%3E%3C/saml:Subject%3E%
> 3Csaml:Conditions> NotOnOrAfter="2007-08-11T05:50:26.817Z"
> NotBefore="2007-08-11T05:40:26.817Z"><saml:AudienceRestriction><saml:A
> udience>http://www.acmemls.com/request-auth.jsp</saml:Audience></
> saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement
> AuthnInstant="2007-08-11T05:45:26.770Z"
> SessionIndex="eK2qsvd9xzsmzN7Z_V8sb08fqO-"><saml:AuthnContext><saml:Au
> thnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</
> saml:AuthnContextClassRef></saml:AuthnContext></
> saml:AuthnStatement></saml:Assertion></samlp:Response>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (Darwin)
iD8DBQFGwLXS7Qv528feqwURAvf1AJ9b3mWBn+Dn+6eE3Gdxx5kUKGpbeQCfccTV
ClZ6euUnZa9H3TSf273+99k=
=eZ/+
-----END PGP SIGNATURE-----
More information about the general
mailing list