[OpenID] cryptographics web of trust

Peter Williams pwilliams at rapattoni.com
Mon Aug 13 21:29:22 UTC 2007


 
 
Ok. So Restful vs SOAPish transfer is the issue.  The debate over "inappropriate"  serialization of some resource as an XML message/stream is not the issue, thankfully. We are apparently not discussing the  old bugbear involving the inappropriate-notion of XML "messages", contrasted with appropriate XML "documents".
 
My topic was related to the issue presented. It focused on the communications semantics involved in the act of (securely) signaling an act of identity authentication for remote logon, supported by FOAF metadata (and other sources of metadata). This contrasts with the process of testing a serialized resource for such as author-authenticity after its been communicated by some means from its repository -  or cache - to some originating HTTP client known to have been able to assert HTTP-Authorization credentials.
 
Id invite you to ignore XML-DSIG detached or enveloped signatures differences (as the standard allows the designer to select either, as befits the design intent). Rather, focus on the internal enveloping I used: the communication-semantics-imposing SAML envelope I put around your HTML-encoded FOAF document. That use of SAML has nothing to do with XML_DSIG. For all it matters, I could have been using the long-discarded "SHTTP with PGP", to wrap the SAML-enveloped FOAF document. Or I could have been using the artifact-mode of SAML that uses no XML-DSIG wrapper whatsoever, assuming rather than https and HTTP signaling will address all that one needs need to authenticate the delivery channel (when the SAML protocols are applied to constrain HTTP flows to only secure flows). In all of these cases, its the delivery channel that is being authenticated, not the resource.
 
So, in my sample, SAML messages are not XML "documents"; they are XML messages intended to exist only on the wire, and exist only to control the flow of a secure communications protocol. Once the act of protocolized communication is over, the SAML message has no lifecycle and cannot be treated RESTfully (outside of such activities as wiretapping messages). For example, a SAML flow may encrypt the messages on the wire, thereby encrypting the FOAF resource with keys over which neither the author nor the client have any control or knowledge. However, those keys may imposed access controls.
 
One can thus distinguish between (1) the SAML protocols and (2) the SAML messages. Some of the SAML protocols are RESTful-ish, some are SOAPish, and others are a rather nasty hybrid designed to overcome the old limitations of WAP phones that had no javascript support. One SAML profile even dumps XML itself, and signs text-serializations of objects (hoping that modern internet channels are 16bit-byte clean). Only minor changes occur in the SAML message to accommodate these protocol variants, at least in the XML encoded variants. 
 
Lets now turn to REST. In the RESTful variants of the SAML protocols, only GET and POST are used in HTTP environments; in a manner almost identical to the "innovative" OpenID Auth2.0. I suppose HEAD could be used to pull the (signed) SAML-metadata from an HTML-profiled property or link OpenID Auth 1.0 style. Similarly, a trivial extension to the XRD in the XRDS XML document (OpenID-Auth2.0 draft style) could be used to pull the SAML (signed) metadata for discovery of the secure communication endpoints.
 
I was playing with your RESTful scenario, when I built the SAML experiment. When a FOAF using party now pulls Story Henry's FOAF file from the URL and stores a copy at the SAML/OpenID gateway, a FOAF file of the gateway will signal now semantics on the "quality" of Story Henry's FOAF file's signature, as perceived by the gateway to its relying parties. That is, the gateway will have used its wot to rely upon the FOAF-level signature, and will announce its results of its worldview to the new world via the semantics its posts in its own FOAF file.
 
Via signed FOAF, we just added to the OpenID world what the SAML world calls an SP-affiliation: the act of asserting to other Relying Parties the results of the act of reliance I just performed. 
 
There! Another would be patent application voided, this prior art notwithstanding.

________________________________

From: Story Henry [mailto:henry.story at bblfish.net]
Sent: Mon 8/13/2007 12:49 PM
To: Peter Williams; foaf-dev; Rest List
Cc: OpenID General
Subject: Re: [OpenID] cryptographics web of trust



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Peter,

thanks for introducing me to XML-DSIG by showing how one can use it 
to sign my foaf file. (see end of this email)

Putting on my RESTful and RDF glasses make me think that that 
solution takes what would be termed the SOAPish turn: it tries to 
envelop the content instead of referring to it. In the example 
described at:

    http://blogs.sun.com/bblfish/entry/cryptographic_web_of_trust

there is a URL for me

    http://bblfish.net/people/henry/card#me

which one can HTTP GET information for by fetching

    http://bblfish.net/people/henry/card

which returns one of the alternate representations

    http://bblfish.net/people/henry/card.rdf
    http://bblfish.net/people/henry/card.n3

The signatures for those representations are in other files, also 
accessible via URLs namely

    http://bblfish.net/people/henry/card.rdf.asc
    http://bblfish.net/people/henry/card.n3.asc

By doing this we have the following advantages:

   1- we can identify every object clearly by a URL. This works 
nicely with the web caches, and is a good separation of concerns. We 
have URLs for each representation, urls for me, urls for the signature

   2- HTTP provides a clear distinction between the envelope and the 
content. In the XML-DSIG example, is the content the XML-DSIG 
wrapper, or is it the encoded N3 file?

   3- separation of concerns: people only need to download the 
signature and my public key if it is of interest to them. Perhaps if 
there is something suspicious in the rdf content...

Now the disadvantage of the solution I proposed is that the caches 
might end up returning a stale copy of the pgp signature. XML-DSIG 
bypasses that problem of course because it sends the content and the 
signature simultaneously. HTTP could solve the problem by sending the 
signature in the header too, though that would clearly be cumbersome. 
One simple solution is to specify the etag of the signature in the 
card rdf:

<http://bblfish.net/people/henry/card.n3>
        wot:assurance <http://bblfish.net/people/henry/card.n3.asc> ;
        awol:type "text/rdf+n3" .

<http://bblfish.net/people/henry/card.n3.asc>
     xxx:etag "13b3-ba-56463740";
     xxx:content-length 186 .

Now a client that would get card.n3 would know that if it did an HTTP 
GET on card.n3.asc which did not have
that etag or content-length, or last updated date, that the two 
representations were in some way out of sync.
Currently they are not:

hjs at bblfish:0$ curl -I http://bblfish.net/people/henry/card.n3.asc
HTTP/1.1 200 OK
Date: Mon, 13 Aug 2007 19:29:22 GMT
Server: Apache/2.0.55 (Unix) DAV/2 mod_perl/2.0.2 Perl/v5.8.4
Last-Modified: Fri, 10 Aug 2007 11:04:21 GMT
ETag: "13b3-ba-56463740"
Accept-Ranges: bytes
Content-Length: 186
Content-Type: text/plain


This is about as much as I can say about XML-DSIG as a novice in 
cryptography. I will try to look at it in more detail.


On 11 Aug 2007, at 07:56, Peter Williams wrote:

> See below:
>
> I (counter) signed your entire file, using XML-DSIG (with SAML-
> defined security semantics, as signaled).

Thanks, that is a nice introduction to XML-DSIG.

> I treated the FOAF file as a string-form of a (rather long) name, 
> which bears its naming architcture, its naming contexts, its naming 
> schema, its naming relationships, and its new name protections.

It looks like one should be able to extract a good ontology from the 
above, in the spirit of WOT, or as an enhancement of WOT. Just a few 
names to be added to http://xmlns.com/wot/0.1/
As shown in the article

http://blogs.sun.com/bblfish/entry/cryptographic_web_of_trust

the advantage of rdf vocabularies, is that they can be used in many 
different contexts, in a very flexible manner.

> If one treats the FOAF file as a text stream, I dont see why one 
> cannot similarly encode and then sign the N3 form. The XML form of 
> the RDF seems to be adding little.

Indeed the XML form and the N3 form are just alternates of one 
another, as I stated in the example

<http://bblfish.net/people/henry/card>   a foaf:PersonalProfileDocument;
      iana:alternate <http://bblfish.net/people/henry/card.rdf>,
                     <http://bblfish.net/people/henry/card.n3> .

They represent exactly the same graph. Indeed the xml is generated 
automatically from the N3 using

cwm card.n3 --rdf > card.rdf




>
> ________________________________
>
> From: general-bounces at openid.net on behalf of Story Henry
> Sent: Fri 8/10/2007 7:11 AM
> To: Steven Livingstone
> Cc: foaf-dev; OpenID General
> Subject: Re: [OpenID] cryptographics web of trust
>
>
>
> Thanks for the feedback. I have extended the blog post to describe
> how one can link up to other people's public keys, sign their public
> keys, and how one can sign parts of one's foaf file, using Dan
> Brickley's and Tim Berners' Lee as examples.
>
> This develops a very powerful web of trust.
>
> http://blogs.sun.com/bblfish/entry/cryptographic_web_of_trust
>
> Henry
>
>
> On 9 Aug 2007, at 20:15, Steven Livingstone wrote:
>
>> Very cool.
>>
>> I did some work in encrypting FOAF files a few years back (well,
>> hacked something together in a few hours).
>> http://www.ecademy.com/node.php?id=4568
>>
>> I checked and it is still there:
>> http://livz.org/encrypt/PrivateFoaf.aspx
>>
>> With the FOAF URL :
>> http://www.ecademy.com/module.php?mod=network&op=foafrdf&uid=21584
>> and searching for the name "Robert Sullivan" and a password
>> "steven", you get my decrypted FOAF file.
>>
>> The limiting part of it all (to make it really easy) was the fact
>> you needed an identity "Robert Sullivan" and a shared secret
>> "steven" - this is why OpenID is so powerful. With an authenticated
>> OpenID, you would be able to decrypt the FOAF file automatically.
>>
>> I figured at the time that some online identity (which didn't
>> really exist) could easily be mapped to a corresponding public key,
>> allowing you to encrypt parts of your FOAF files (or any other
>> file) for specific users.
>>
>> I hadn't spent too much time on it but i'd sure like to see it move
>> forward in some way.
>>
>> I know there has been other work put into this stuff as well:
>> http://usefulinc.com/foaf/encryptingFoafFiles
>>
>> steven
>> http://livz.org <http://livz.org/>  <http://livz.org/>
>>
>>
>>> To: general at openid.net; foaf-dev at lists.foaf-project.org
>>> From: henry.story at bblfish.net
>>> Date: Thu, 9 Aug 2007 18:31:57 +0200
>>> Subject: [OpenID] cryptographics web of trust
>>>
>>> Hi, following some of the conversations I had on the openid
>> forums, I
>>> have read up about web security and used that new gained
>> knowledge to
>>> enhance my foaf file with a link to my public PGP key and used that
>>> to sign my foaf file. Using this it is easy to see how one can
>> create
>>> a semantic cryptographic web of trust.
>>>
>>> http://blogs.sun.com/bblfish/entry/cryptographic_web_of_trust
>>>
>>> There is a lot more to add for sure, but this is a good starting
>>> point. Great fun too.
>>>
>>> Henry Story
>>> _______________________________________________
>>> general mailing list
>>> general at openid.net
>>> http://openid.net/mailman/listinfo/general
>>
>>
>> See what you're getting into...before you go there See it!
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>
>
>
> <samlp:Response Destination="http://localhost:9030/sp/ACS.saml2" 
> InResponseTo="_KrYhdmh3KExWfP5o0CAs7C9mfi" 
> IssueInstant="2007-08-11T05:45:26.614Z" ID="_JbuqXO6H-
> BQIoeYwpd0NIE88d6" Version="2.0" 
> xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer 
> xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http:// <http:///> 
> www.acmemls.com/request-auth.jsp</saml:Issuer><ds:Signature 
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <ds:SignedInfo>
> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-
> exc-c14n#"/>
> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/
> xmldsig#rsa-sha1"/>
> <ds:Reference URI="#_JbuqXO6H-BQIoeYwpd0NIE88d6">
> <ds:Transforms>
> <ds:Transform Algorithm="http://www.w3.org/2000/09/
> xmldsig#enveloped-signature"/>
> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> </ds:Transforms>
> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> <ds:DigestValue>TOs5pUtgy8p2wiQjXJuRfxa2224=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue>
> ctUDU/+NwF7GwNPlGa184G8a5BfnIi1Nmzp8uKCZ93T8gDJVKRBbJDzhhnZ8EF2Y9G
> +PpPvIWW7b
> Oq/wmW8iYg==
> </ds:SignatureValue>
> </ds:Signature><samlp:Status><samlp:StatusCode 
> Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></
> samlp:Status><saml:Assertion Version="2.0" 
> IssueInstant="2007-08-11T05:45:26.786Z" 
> ID="eK2qsvd9xzsmzN7Z_V8sb08fqO-" 
> xmlns:saml="urn:oasis:names:tc:SAML:
> 2.0:assertion"><saml:Issuer>http://www.acmemls.com/request-
> auth.jsp</saml:Issuer><saml:Subject><saml:NameID 
> Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">%0d%
> 0a%3c!--+Processed+by+Id%3a+cwm.py%2cv+1.194+2007-08-06+16%3a13%3a56
> +syosi+Exp+--%3e%0d%0a%3c!--+++++using+base+file%3a%2f%2f%2fUsers%
> 2fhjs%2fDocuments%2fcard%2fcard.n3--%3e%0d%0a%0d%0a%0d%0a%3crdf%
> 3aRDF+xmlns%3d%22http%3a%2f%2fxmlns.com%2ffoaf%2f0.1%2f%22%0d%0a+++
> +xmlns%3aawol%3d%22http%3a%2f%2fbblfish.net%2fwork%2fatom-owl%
> 2f2006-06-06%2f%23%22%0d%0a++++xmlns%3acontact%3d%22http%3a%2f%
> 2fwww.w3.org%2f2000%2f10%2fswap%2fpim%2fcontact%23%22%0d%0a++++xmlns
> %3afoaf%3d%22http%3a%2f%2fxmlns.com%2ffoaf%2f0.1%2f%22%0d%0a+++
> +xmlns%3ageo%3d%22http%3a%2f%2fwww.w3.org%2f2003%2f01%2fgeo%
> 2fwgs84_pos%23%22%0d%0a++++xmlns%3aiana%3d%22http%3a%2f%
> 2fwww.iana.org%2fassignments%2frelation%2f%22%0d%0a++++xmlns%3ardf%
> 3d%22http%3a%2f%2fwww.w3.org%2f1999%2f02%2f22-rdf-syntax-ns%23%22%0d
> %0a++++xmlns%3ardfs%3d%22http%3a%2f%2fwww.w3.org%2f2000%2f01%2frdf-
> schema%23%22%0d%0a++++xmlns%3awot%3d%22http%3a%2f%2fxmlns.com%2fwot%
> 2f0.1%2f%22%3e%0d%0a%0d%0a++++%3cPersonalProfileDocument+rdf%3aabout
> %3d%22http%3a%2f%2fbblfish.net%2fpeople%2fhenry%2fcard%22%3e%0d%0a++
> ++++++%3ciana%3aalternate+rdf%3aresource%3d%22http%3a%2f%
> 2fbblfish.net%2fpeople%2fhenry%2fcard.n3%22%2f%3e%0d%0a++++++++%
> 3ciana%3aalternate+rdf%3aresource%3d%22http%3a%2f%2fbblfish.net%
> 2fpeople%2fhenry%2fcard.rdf%22%2f%3e%0d%0a++++++++%3cmaker+rdf%
> 3aresource%3d%22http%3a%2f%2fbblfish.net%2fpeople%2fhenry%2fcard%
> 23me%22%2f%3e%0d%0a++++++++%3cprimaryTopic+rdf%3aresource%3d%22http%
> 3a%2f%2fbblfish.net%2fpeople%2fhenry%2fcard%23me%22%2f%3e%0d%0a+++++
> +++%3ctitle%3eHenry+Story's+FOAF+file%3c%2ftitle%3e%0d%0a++++%3c%
> 2fPersonalProfileDocument%3e%0d%0a%0d%0a++++%3cPerson+rdf%3aabout%3d
> %22http%3a%2f%2fbblfish.net%2fpeople%2fhenry%2fcard%23me%22%3e%0d%0a
> ++++++++%3ccontact%3ahome+rdf%3aparseType%3d%22Resource%22%3e%0d%0a+
> +++++++++++%3ccontact%3aaddress+rdf%3aparseType%3d%22Resource%22%3e%
> 0d%0a++++++++++++++++%3ccontact%3acity%3eFontainebleau%3c%2fcontact%
> 3acity%3e%0d%0a++++++++++++++++%3ccontact%3acountry%3eFrance%3c%
> 2fcontact%3acountry%3e%0d%0a++++++++++++++++%3ccontact%3apostalCode%
> 3e77300%3c%2fcontact%3apostalCode%3e%0d%0a++++++++++++++++%3ccontact
> %3astreet%3e21+rue+Saint+Honore%3c%2fcontact%3astreet%3e%0d%0a++++++
> ++++++%3c%2fcontact%3aaddress%3e%0d%0a++++++++++++%3cgeo%3alat%
> 3e48.404532%3c%2fgeo%3alat%3e%0d%0a++++++++++++%3cgeo%3along%
> 3e2.700448%3c%2fgeo%3along%3e%0d%0a++++++++%3c%2fcontact%3ahome%3e%
> 0d%0a++++++++%3caimChatID%3eunbabelfish%3c%2faimChatID%3e%0d%0a+++++
> +++%3cbirthday%3e07-29%3c%2fbirthday%3e%0d%0a++++++++%
> 3ccurrentProject+rdf%3aresource%3d%22http%3a%2f%2fbblfish.net%2fwork
> %2fatom-owl%2f2006-06-06%2f%22%2f%3e%0d%0a++++++++%3ccurrentProject
> +rdf%3aresource%3d%22https%3a%2f%2fbloged.dev.java.net%2f%22%2f%3e%
> 0d%0a++++++++%3ccurrentProject+rdf%3aresource%3d%22https%3a%2f%
> 2fsommer.dev.java.net%2f%22%2f%3e%0d%0a++++++++%3cdepiction+rdf%
> 3aresource%3d%22http%3a%2f%2ffarm1.static.flickr.com%2f164%
> 2f373663745_1801c2dddf.jpg%3fv%3d0%22%2f%3e%0d%0a++++++++%
> 3cfamily_name%3eStory%3c%2ffamily_name%3e%0d%0a++++++++%3cgender%
> 3emale%3c%2fgender%3e%0d%0a++++++++%3cgivenname%3eHenry%3c%
> 2fgivenname%3e%0d%0a++++++++%3chomepage+rdf%3aresource%3d%22http%3a%
> 2f%2fbblfish.net%2f%22%2f%3e%0d%0a++++++++%3cknows+rdf%3aresource%3d
> %22http%3a%2f%2fdanbri.org%2ffoaf.rdf%23danbri%22%2f%3e%0d%0a+++++++
> +%3cknows+rdf%3aresource%3d%22http%3a%2f%2fdavelevy.info%2ffoaf.rdf%
> 23me%22%2f%3e%0d%0a++++++++%3cknows+rdf%3aresource%3d%22http%3a%2f%
> 2fpurl.org%2fcaptsolo%2fsemweb%2ffoaf-captsolo.rdf%23Uldis_Bojars%
> 22%2f%3e%0d%0a++++++++%3cknows+rdf%3aresource%3d%22http%3a%2f%
> 2ftorrez.us%2fwho%23elias%22%2f%3e%0d%0a++++++++%3cknows+rdf%
> 3aresource%3d%22http%3a%2f%2fweb.mac.com%2fthegearons%2fpeople%
> 2fPaulGearon%2ffoaf.rdf%23me%22%2f%3e%0d%0a++++++++%3cknows+rdf%
> 3aresource%3d%22http%3a%2f%2fwww.w3.org%2fPeople%2fBerners-Lee%
> 2fcard%23i%22%2f%3e%0d%0a++++++++%3cknows+rdf%3aresource%3d%22http%
> 3a%2f%2fwww.w3.org%2fPeople%2fConnolly%2f%23me%22%2f%3e%0d%0a+++++++
> +%3cknows+rdf%3aparseType%3d%22Resource%22%3e%0d%0a++++++++++++%
> 3crdf%3atype+rdf%3aresource%3d%22http%3a%2f%2fxmlns.com%2ffoaf%
> 2f0.1%2fPerson%22%2f%3e%0d%0a++++++++++++%3crdfs%3aseeAlso+rdf%
> 3aresource%3d%22http%3a%2f%2fwww.webmink.net%2ffoaf.rdf%22%2f%3e%0d%
> 0a++++++++++++%3cmbox_sha1sum%
> 3eee513cd82fea84825b803a44228fd9b765baf6d5%3c%2fmbox_sha1sum%3e%0d%
> 0a++++++++++++%3cname%3eSimon+Phipps%3c%2fname%3e%0d%0a++++++++%3c%
> 2fknows%3e%0d%0a++++++++%3cknows+rdf%3aparseType%3d%22Resource%22%3e
> %0d%0a++++++++++++%3crdf%3atype+rdf%3aresource%3d%22http%3a%2f%
> 2fxmlns.com%2ffoaf%2f0.1%2fPerson%22%2f%3e%0d%0a++++++++++++%3crdfs%
> 3aseeAlso+rdf%3aresource%3d%22http%3a%2f%2fdannyayers.com%2fme.rdf%
> 22%2f%3e%0d%0a++++++++++++%3cname%3eDanny+Ayers%3c%2fname%3e%0d%0a++
> ++++++%3c%2fknows%3e%0d%0a++++++++%3clogo+rdf%3aresource%3d%22%2fpix
> %2fbfish.large.jpg%22%2f%3e%0d%0a++++++++%3cmbox+rdf%3aresource%3d%
> 22mailto%3ahenry.story%40bblfish.net%22%2f%3e%0d%0a++++++++%3cmbox
> +rdf%3aresource%3d%22mailto%3ahenry.story%40gmail.com%22%2f%3e%0d%0a
> ++++++++%3cmbox+rdf%3aresource%3d%22mailto%3ahenry.story%40sun.com%
> 22%2f%3e%0d%0a++++++++%3cname%3eHenry+J.+Story%3c%2fname%3e%0d%0a+++
> +++++%3cnick%3ebblfish%3c%2fnick%3e%0d%0a++++++++%3copenid+rdf%
> 3aresource%3d%22http%3a%2f%2fbblfish.videntity.org%2f%22%2f%3e%0d%0a
> ++++++++%3copenid+rdf%3aresource%3d%22http%3a%2f%2fopenid.sun.com%
> 2fbblfish%22%2f%3e%0d%0a++++++++%3cpastProject+rdf%3aresource%3d%
> 22http%3a%2f%2fbabelfish.altavista.com%2f%22%2f%3e%0d%0a++++++++%
> 3cphone+rdf%3aresource%3d%22tel%3a%2b1-510-931-5491%22%2f%3e%0d%0a++
> ++++++%3cphone+rdf%3aresource%3d%22tel%3a%2b33-8-70-44-86-64%22%2f%
> 3e%0d%0a++++++++%3cschoolHomepage+rdf%3aresource%3d%22http%3a%2f%
> 2fwww.bbk.ac.uk%2fphil%2f%22%2f%3e%0d%0a++++++++%3cschoolHomepage
> +rdf%3aresource%3d%22http%3a%2f%2fwww.doc.ic.ac.uk%2f%22%2f%3e%0d%0a
> ++++++++%3cschoolHomepage+rdf%3aresource%3d%22http%3a%2f%
> 2fwww.kcl.ac.uk%2fkis%2fschools%2fhums%2fphilosophy%2f%22%2f%3e%0d%
> 0a++++++++%3ctitle%3eMr%3c%2ftitle%3e%0d%0a++++++++%3cweblog+rdf%
> 3aresource%3d%22http%3a%2f%2fbblfish.net%2fblog%2f%22%2f%3e%0d%0a+++
> +++++%3cweblog+rdf%3aresource%3d%22http%3a%2f%2fblogs.sun.com%
> 2fbblfish%2f%22%2f%3e%0d%0a++++++++%3cweblog+rdf%3aresource%3d%
> 22http%3a%2f%2fdel.icio.us%2fbblfish%22%2f%3e%0d%0a++++++++%
> 3cworkplaceHomepage+rdf%3aresource%3d%22http%3a%2f%2fsun.com%22%2f%
> 3e%0d%0a++++%3c%2fPerson%3e%0d%0a%0d%0a++++%3crdf%3aDescription+rdf%
> 3aabout%3d%22http%3a%2f%2fbblfish.net%2fpeople%2fhenry%2fcard.n3%22%
> 3e%0d%0a++++++++%3cawol%3atype%3etext%2frdf%2bn3%3c%2fawol%3atype%3e
> %0d%0a++++++++%3cwot%3aassurance+rdf%3aresource%3d%22http%3a%2f%
> 2fbblfish.net%2fpeople%2fhenry%2fcard.n3.asc%22%2f%3e%0d%0a++++%3c%
> 2frdf%3aDescription%3e%0d%0a%0d%0a++++%3crdf%3aDescription+rdf%
> 3aabout%3d%22http%3a%2f%2fbblfish.net%2fpeople%2fhenry%2fcard.rdf%
> 22%3e%0d%0a++++++++%3cawol%3atype%3eapplication%2frdf%2bxml%3c%
> 2fawol%3atype%3e%0d%0a++++++++%3cwot%3aassurance+rdf%3aresource%3d%
> 22http%3a%2f%2fbblfish.net%2fpeople%2fhenry%2fcard.rdf.asc%22%2f%3e%
> 0d%0a++++%3c%2frdf%3aDescription%3e%0d%0a%0d%0a++++%3crdf%
> 3aDescription+rdf%3aabout%3d%22http%3a%2f%2fdanbri.org%2fdanbri-
> pubkey.txt%22%3e%0d%0a++++++++%3cwot%3aassurance+rdf%3aresource%3d%
> 22danbri.pubkey.asc.asc%22%2f%3e%0d%0a++++%3c%2frdf%3aDescription%3e
> %0d%0a%0d%0a++++%3cPerson+rdf%3aabout%3d%22http%3a%2f%2fdanbri.org%
> 2ffoaf.rdf%23danbri%22%3e%0d%0a++++++++%3cname%3eDan+Brickley%3c%
> 2fname%3e%0d%0a++++%3c%2fPerson%3e%0d%0a%0d%0a++++%3cPerson+rdf%
> 3aabout%3d%22http%3a%2f%2fdavelevy.info%2ffoaf.rdf%23me%22%3e%0d%0a+
> +++++++%3cname%3eDave+Levy%3c%2fname%3e%0d%0a++++%3c%2fPerson%3e%0d%
> 0a%0d%0a++++%3cPerson+rdf%3aabout%3d%22http%3a%2f%2fpurl.org%
> 2fcaptsolo%2fsemweb%2ffoaf-captsolo.rdf%23Uldis_Bojars%22%3e%0d%0a++
> ++++++%3cname%3eUldis+Bojars%3c%2fname%3e%0d%0a++++%3c%2fPerson%3e%
> 0d%0a%0d%0a++++%3cPerson+rdf%3aabout%3d%22http%3a%2f%2ftorrez.us%
> 2fwho%23elias%22%3e%0d%0a++++++++%3cname%3eElias+Torres%3c%2fname%3e
> %0d%0a++++%3c%2fPerson%3e%0d%0a%0d%0a++++%3cPerson+rdf%3aabout%3d%
> 22http%3a%2f%2fweb.mac.com%2fthegearons%2fpeople%2fPaulGearon%
> 2ffoaf.rdf%23me%22%3e%0d%0a++++++++%3cname%3ePaul+Gearon%3c%2fname%
> 3e%0d%0a++++%3c%2fPerson%3e%0d%0a%0d%0a++++%3cPerson+rdf%3aabout%3d%
> 22http%3a%2f%2fwww.w3.org%2fPeople%2fBerners-Lee%2fcard%23i%22%3e%0d
> %0a++++++++%3cname%3eTim+Berners+Lee%3c%2fname%3e%0d%0a++++%3c%
> 2fPerson%3e%0d%0a%0d%0a++++%3cPerson+rdf%3aabout%3d%22http%3a%2f%
> 2fwww.w3.org%2fPeople%2fConnolly%2f%23me%22%3e%0d%0a++++++++%3cname%
> 3eDan+Connolly%3c%2fname%3e%0d%0a++++%3c%2fPerson%3e%0d%0a%0d%0a++++
> %3crdf%3aDescription%3e%0d%0a++++++++%3crdf%3atype+rdf%3aresource%3d
> %22http%3a%2f%2fxmlns.com%2fwot%2f0.1%2fPubKey%22%2f%3e%0d%0a+++++++
> +%3cwot%3afingerprint%3eE5C6CDCC5C1401B6EB2BC5EAED0BF9DBC7DEAB05%3c%
> 2fwot%3afingerprint%3e%0d%0a++++++++%3cwot%3ahex_id%3eC7DEAB05%3c%
> 2fwot%3ahex_id%3e%0d%0a++++++++%3cwot%3aidentity+rdf%3aresource%3d%
> 22http%3a%2f%2fbblfish.net%2fpeople%2fhenry%2fcard%23me%22%2f%3e%0d%
> 0a++++++++%3cwot%3alength+rdf%3adatatype%3d%22http%3a%2f%
> 2fwww.w3.org%2f2001%2fXMLSchema%23integer%22%3e1024%3c%2fwot%
> 3alength%3e%0d%0a++++++++%3cwot%3apubkeyAddress+rdf%3aresource%3d%
> 22http%3a%2f%2fbblfish.net%2fpeople%2fhenry%2fhenry.pubkey.asc%22%2f
> %3e%0d%0a++++%3c%2frdf%3aDescription%3e%0d%0a%0d%0a++++%3crdf%
> 3aDescription%3e%0d%0a++++++++%3crdf%3atype+rdf%3aresource%3d%22http
> %3a%2f%2fxmlns.com%2fwot%2f0.1%2fPubkey%22%2f%3e%0d%0a++++++++%3cwot
> %3ahex_id%3e9FC3D57E%3c%2fwot%3ahex_id%3e%0d%0a++++++++%3cwot%
> 3aidentity+rdf%3aresource%3d%22http%3a%2f%2fwww.w3.org%2fPeople%
> 2fBerners-Lee%2fcard%23i%22%2f%3e%0d%0a++++++++%3cwot%
> 3apubkeyAddress+rdf%3aresource%3d%22timbl.pubkey.asc%22%2f%3e%0d%0a+
> +++%3c%2frdf%3aDescription%3e%0d%0a%0d%0a++++%3crdf%3aDescription%3e
> %0d%0a++++++++%3crdf%3atype+rdf%3aresource%3d%22http%3a%2f%
> 2fxmlns.com%2fwot%2f0.1%2fPubKey%22%2f%3e%0d%0a++++++++%3cwot%
> 3ahex_id%3eB573B63A%3c%2fwot%3ahex_id%3e%0d%0a++++++++%3cwot%
> 3aidentity+rdf%3aresource%3d%22http%3a%2f%2fdanbri.org%2ffoaf.rdf%
> 23danbri%22%2f%3e%0d%0a++++++++%3cwot%3apubkeyAddress+rdf%3aresource
> %3d%22http%3a%2f%2fdanbri.org%2fdanbri-pubkey.txt%22%2f%3e%0d%0a++++
> %3c%2frdf%3aDescription%3e%0d%0a%3c%2frdf%3aRDF%3e</
> saml:NameID><saml:SubjectConfirmation 
> Method="urn:oasis:names:tc:SAML:
> 2.0:cm:bearer"><saml:SubjectConfirmationData 
> InResponseTo="_KrYhdmh3KExWfP5o0CAs7C9mfi" 
> NotOnOrAfter="2007-08-11T05:50:26.833Z" Recipient="http://localhost:
> 9030/sp/ACS.saml2"/></saml:SubjectConfirmation></
> saml:Subject><saml:Conditions <http://localhost:9030/sp/ACS.saml2% 
> 22/%3E%3C/saml:SubjectConfirmation%3E%3C/saml:Subject%3E%
> 3Csaml:Conditions>  NotOnOrAfter="2007-08-11T05:50:26.817Z" 
> NotBefore="2007-08-11T05:40:26.817Z"><saml:AudienceRestriction><saml:A
> udience>http://www.acmemls.com/request-auth.jsp</saml:Audience></
> saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement 
> AuthnInstant="2007-08-11T05:45:26.770Z" 
> SessionIndex="eK2qsvd9xzsmzN7Z_V8sb08fqO-"><saml:AuthnContext><saml:Au
> thnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</
> saml:AuthnContextClassRef></saml:AuthnContext></
> saml:AuthnStatement></saml:Assertion></samlp:Response>
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (Darwin)

iD8DBQFGwLXS7Qv528feqwURAvf1AJ9b3mWBn+Dn+6eE3Gdxx5kUKGpbeQCfccTV
ClZ6euUnZa9H3TSf273+99k=
=eZ/+
-----END PGP SIGNATURE-----





More information about the general mailing list