[OpenID] cryptographics web of trust
Story Henry
henry.story at bblfish.net
Wed Aug 15 18:55:11 UTC 2007
Allright, I think I now understand most of the SAML response message
you sent. This is after reading most of the "Digital Identity" book
from O'Reilly, and a few other articles on SAML and DSIG.
So there are two stages:
1. This you do now show. The Relying Party (a service like DZone for
example) asks the Asserting Party (some service in charge of my
identity, in this case http://www.acmemls.com/request-auth.jsp ?),
for my foaf file in some way. I understand that SAML does this with
property value pairs.
2. The response is the message sent below. The assertion (my foaf
file at #_JbuqXO6H-BQIoeYwpd0NIE88d6 in the xml) is signed with DSIG.
The SAML also specified the audience that should read this (seems the
same as the asserting party) and the date of validity of the assertion.
As I understand from the last paragraph of your message below the
point of doing this is that this allows the asserting party (the one
returning my SAML message) to say something about the trust level it
has in those assertions. Ok.
One thing I have noticed, is that a lot of SAML, just as with OpenId,
seems to be in the form of a question and answer dialog between the
relying and the asserting party. I would be fun to look at how much
of that could be replaced by SPARQL queries. Could the relying party
not get most of what is needed by sending queries such as this to the
asserting party?
PREFIX foaf: <http://xmlns.com/foaf/0.1/>
PREFIX wot: <http://xmlns.com/wot/0.1/>
SELECT *
WHERE {
<http://bblfish.net/people/henry/card#me>
foaf:mbox ?mbox;
foaf:openid ?openid .
OPTIONAL {
[] a wot:PubKey;
wot:identity <http://bblfish.net/people/henry/card#me>;
wot:pubkeyAddress ?pubKey .
}
}
Now if the asserting believes what is in my foaf file, he will return
those as results. Replying to a question is to give a trust level to
it.
SPARQL allows one to name graphs and query for their properties. Here
I am asking it to return trust level information for those statements.
PREFIX foaf: <http://xmlns.com/foaf/0.1/>
PREFIX wot: <http://xmlns.com/wot/0.1/>
SELECT *
WHERE {
?g trust:level ?t .
GRAPH ?g {
<http://bblfish.net/people/henry/card#me>
foaf:mbox ?mbox;
foaf:openid ?openid .
OPTIONAL {
[] a wot:PubKey;
wot:identity <http://bblfish.net/people/henry/card#me>;
wot:pubkeyAddress ?pubKey .
}
}
}
This is just to show what one can do, though it is probably not quite
the right way to do this.
The responses to such questions could also be signed using DSIG I guess.
Just some thoughts. Anyway, thanks for helping me get some foothold
in this space... I still have a lot to learn. Is there a place that
explains SP-affiliation well...
Henry
On 13 Aug 2007, at 23:29, Peter Williams wrote:
> [snip: mostly ok] Lets now turn to REST. In the RESTful variants of
> the SAML protocols, only GET and POST are used in HTTP
> environments; in a manner almost identical to the "innovative"
> OpenID Auth2.0. I suppose HEAD could be used to pull the (signed)
> SAML-metadata from an HTML-profiled property or link OpenID Auth
> 1.0 style. Similarly, a trivial extension to the XRD in the XRDS
> XML document (OpenID-Auth2.0 draft style) could be used to pull the
> SAML (signed) metadata for discovery of the secure communication
> endpoints.
>
> I was playing with your RESTful scenario, when I built the SAML
> experiment. When a FOAF using party now pulls Story Henry's FOAF
> file from the URL and stores a copy at the SAML/OpenID gateway, a
> FOAF file of the gateway will signal now semantics on the "quality"
> of Story Henry's FOAF file's signature, as perceived by the gateway
> to its relying parties. That is, the gateway will have used its wot
> to rely upon the FOAF-level signature, and will announce its
> results of its worldview to the new world via the semantics its
> posts in its own FOAF file.
>
> Via signed FOAF, we just added to the OpenID world what the SAML
> world calls an SP-affiliation: the act of asserting to other
> Relying Parties the results of the act of reliance I just performed.
>
>
> There! Another would be patent application voided, this prior art
> notwithstanding.
>
> ________________________________
>
> From: Story Henry [mailto:henry.story at bblfish.net]
> Sent: Mon 8/13/2007 12:49 PM
> To: Peter Williams; foaf-dev; Rest List
> Cc: OpenID General
> Subject: Re: [OpenID] cryptographics web of trust
>
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Peter,
>
> thanks for introducing me to XML-DSIG by showing how one can use it
> to sign my foaf file. (see end of this email)
>
> Putting on my RESTful and RDF glasses make me think that that
> solution takes what would be termed the SOAPish turn: it tries to
> envelop the content instead of referring to it. In the example
> described at:
>
> http://blogs.sun.com/bblfish/entry/cryptographic_web_of_trust
>
> there is a URL for me
>
> http://bblfish.net/people/henry/card#me
>
> which one can HTTP GET information for by fetching
>
> http://bblfish.net/people/henry/card
>
> which returns one of the alternate representations
>
> http://bblfish.net/people/henry/card.rdf
> http://bblfish.net/people/henry/card.n3
>
> The signatures for those representations are in other files, also
> accessible via URLs namely
>
> http://bblfish.net/people/henry/card.rdf.asc
> http://bblfish.net/people/henry/card.n3.asc
>
> By doing this we have the following advantages:
>
> 1- we can identify every object clearly by a URL. This works
> nicely with the web caches, and is a good separation of concerns. We
> have URLs for each representation, urls for me, urls for the signature
>
> 2- HTTP provides a clear distinction between the envelope and the
> content. In the XML-DSIG example, is the content the XML-DSIG
> wrapper, or is it the encoded N3 file?
>
> 3- separation of concerns: people only need to download the
> signature and my public key if it is of interest to them. Perhaps if
> there is something suspicious in the rdf content...
>
> Now the disadvantage of the solution I proposed is that the caches
> might end up returning a stale copy of the pgp signature. XML-DSIG
> bypasses that problem of course because it sends the content and the
> signature simultaneously. HTTP could solve the problem by sending the
> signature in the header too, though that would clearly be cumbersome.
> One simple solution is to specify the etag of the signature in the
> card rdf:
>
> <http://bblfish.net/people/henry/card.n3>
> wot:assurance <http://bblfish.net/people/henry/card.n3.asc> ;
> awol:type "text/rdf+n3" .
>
> <http://bblfish.net/people/henry/card.n3.asc>
> xxx:etag "13b3-ba-56463740";
> xxx:content-length 186 .
>
> Now a client that would get card.n3 would know that if it did an HTTP
> GET on card.n3.asc which did not have
> that etag or content-length, or last updated date, that the two
> representations were in some way out of sync.
> Currently they are not:
>
> hjs at bblfish:0$ curl -I http://bblfish.net/people/henry/card.n3.asc
> HTTP/1.1 200 OK
> Date: Mon, 13 Aug 2007 19:29:22 GMT
> Server: Apache/2.0.55 (Unix) DAV/2 mod_perl/2.0.2 Perl/v5.8.4
> Last-Modified: Fri, 10 Aug 2007 11:04:21 GMT
> ETag: "13b3-ba-56463740"
> Accept-Ranges: bytes
> Content-Length: 186
> Content-Type: text/plain
>
>
> This is about as much as I can say about XML-DSIG as a novice in
> cryptography. I will try to look at it in more detail.
>
>
> On 11 Aug 2007, at 07:56, Peter Williams wrote:
>
>> See below:
>>
>> I (counter) signed your entire file, using XML-DSIG (with SAML-
>> defined security semantics, as signaled).
>
> Thanks, that is a nice introduction to XML-DSIG.
>
>> I treated the FOAF file as a string-form of a (rather long) name,
>> which bears its naming architcture, its naming contexts, its naming
>> schema, its naming relationships, and its new name protections.
>
> It looks like one should be able to extract a good ontology from the
> above, in the spirit of WOT, or as an enhancement of WOT. Just a few
> names to be added to http://xmlns.com/wot/0.1/
> As shown in the article
>
> http://blogs.sun.com/bblfish/entry/cryptographic_web_of_trust
>
> the advantage of rdf vocabularies, is that they can be used in many
> different contexts, in a very flexible manner.
>
>> If one treats the FOAF file as a text stream, I dont see why one
>> cannot similarly encode and then sign the N3 form. The XML form of
>> the RDF seems to be adding little.
>
> Indeed the XML form and the N3 form are just alternates of one
> another, as I stated in the example
>
> <http://bblfish.net/people/henry/card> a
> foaf:PersonalProfileDocument;
> iana:alternate <http://bblfish.net/people/henry/card.rdf>,
> <http://bblfish.net/people/henry/card.n3> .
>
> They represent exactly the same graph. Indeed the xml is generated
> automatically from the N3 using
>
> cwm card.n3 --rdf > card.rdf
>
>
>
>
>>
>> ________________________________
>>
>> From: general-bounces at openid.net on behalf of Story Henry
>> Sent: Fri 8/10/2007 7:11 AM
>> To: Steven Livingstone
>> Cc: foaf-dev; OpenID General
>> Subject: Re: [OpenID] cryptographics web of trust
>>
>>
>>
>> Thanks for the feedback. I have extended the blog post to describe
>> how one can link up to other people's public keys, sign their public
>> keys, and how one can sign parts of one's foaf file, using Dan
>> Brickley's and Tim Berners' Lee as examples.
>>
>> This develops a very powerful web of trust.
>>
>> http://blogs.sun.com/bblfish/entry/cryptographic_web_of_trust
>>
>> Henry
>>
>>
>> On 9 Aug 2007, at 20:15, Steven Livingstone wrote:
>>
>>> Very cool.
>>>
>>> I did some work in encrypting FOAF files a few years back (well,
>>> hacked something together in a few hours).
>>> http://www.ecademy.com/node.php?id=4568
>>>
>>> I checked and it is still there:
>>> http://livz.org/encrypt/PrivateFoaf.aspx
>>>
>>> With the FOAF URL :
>>> http://www.ecademy.com/module.php?mod=network&op=foafrdf&uid=21584
>>> and searching for the name "Robert Sullivan" and a password
>>> "steven", you get my decrypted FOAF file.
>>>
>>> The limiting part of it all (to make it really easy) was the fact
>>> you needed an identity "Robert Sullivan" and a shared secret
>>> "steven" - this is why OpenID is so powerful. With an authenticated
>>> OpenID, you would be able to decrypt the FOAF file automatically.
>>>
>>> I figured at the time that some online identity (which didn't
>>> really exist) could easily be mapped to a corresponding public key,
>>> allowing you to encrypt parts of your FOAF files (or any other
>>> file) for specific users.
>>>
>>> I hadn't spent too much time on it but i'd sure like to see it move
>>> forward in some way.
>>>
>>> I know there has been other work put into this stuff as well:
>>> http://usefulinc.com/foaf/encryptingFoafFiles
>>>
>>> steven
>>> http://livz.org <http://livz.org/> <http://livz.org/>
>>>
>>>
>>>> To: general at openid.net; foaf-dev at lists.foaf-project.org
>>>> From: henry.story at bblfish.net
>>>> Date: Thu, 9 Aug 2007 18:31:57 +0200
>>>> Subject: [OpenID] cryptographics web of trust
>>>>
>>>> Hi, following some of the conversations I had on the openid
>>> forums, I
>>>> have read up about web security and used that new gained
>>> knowledge to
>>>> enhance my foaf file with a link to my public PGP key and used that
>>>> to sign my foaf file. Using this it is easy to see how one can
>>> create
>>>> a semantic cryptographic web of trust.
>>>>
>>>> http://blogs.sun.com/bblfish/entry/cryptographic_web_of_trust
>>>>
>>>> There is a lot more to add for sure, but this is a good starting
>>>> point. Great fun too.
>>>>
>>>> Henry Story
>>>> _______________________________________________
>>>> general mailing list
>>>> general at openid.net
>>>> http://openid.net/mailman/listinfo/general
>>>
>>>
>>> See what you're getting into...before you go there See it!
>>
>> _______________________________________________
>> general mailing list
>> general at openid.net
>> http://openid.net/mailman/listinfo/general
>>
>>
>>
>>
>> <samlp:Response Destination="http://localhost:9030/sp/ACS.saml2"
>> InResponseTo="_KrYhdmh3KExWfP5o0CAs7C9mfi"
>> IssueInstant="2007-08-11T05:45:26.614Z" ID="_JbuqXO6H-
>> BQIoeYwpd0NIE88d6" Version="2.0"
>> xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer
>> xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http:// <http:///>
>> www.acmemls.com/request-auth.jsp</saml:Issuer><ds:Signature
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>> <ds:SignedInfo>
>> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-
>> exc-c14n#"/>
>> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/
>> xmldsig#rsa-sha1"/>
>> <ds:Reference URI="#_JbuqXO6H-BQIoeYwpd0NIE88d6">
>> <ds:Transforms>
>> <ds:Transform Algorithm="http://www.w3.org/2000/09/
>> xmldsig#enveloped-signature"/>
>> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>> </ds:Transforms>
>> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>> <ds:DigestValue>TOs5pUtgy8p2wiQjXJuRfxa2224=</ds:DigestValue>
>> </ds:Reference>
>> </ds:SignedInfo>
>> <ds:SignatureValue>
>> ctUDU/+NwF7GwNPlGa184G8a5BfnIi1Nmzp8uKCZ93T8gDJVKRBbJDzhhnZ8EF2Y9G
>> +PpPvIWW7b
>> Oq/wmW8iYg==
>> </ds:SignatureValue>
>> </ds:Signature><samlp:Status><samlp:StatusCode
>> Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></
>> samlp:Status><saml:Assertion Version="2.0"
>> IssueInstant="2007-08-11T05:45:26.786Z"
>> ID="eK2qsvd9xzsmzN7Z_V8sb08fqO-"
>> xmlns:saml="urn:oasis:names:tc:SAML:
>> 2.0:assertion"><saml:Issuer>http://www.acmemls.com/request-
>> auth.jsp</saml:Issuer><saml:Subject><saml:NameID
>> Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">%0d%
>> 0a%3c!--+Processed+by+Id%3a+cwm.py%2cv+1.194+2007-08-06+16%3a13%3a56
>> +syosi+Exp+--%3e%0d%0a%3c!--+++++using+base+file%3a%2f%2f%2fUsers%
>> 2fhjs%2fDocuments%2fcard%2fcard.n3--%3e%0d%0a%0d%0a%0d%0a%3crdf%
>> 3aRDF+xmlns%3d%22http%3a%2f%2fxmlns.com%2ffoaf%2f0.1%2f%22%0d%0a+++
>> +xmlns%3aawol%3d%22http%3a%2f%2fbblfish.net%2fwork%2fatom-owl%
>> 2f2006-06-06%2f%23%22%0d%0a++++xmlns%3acontact%3d%22http%3a%2f%
>> 2fwww.w3.org%2f2000%2f10%2fswap%2fpim%2fcontact%23%22%0d%0a++++xmlns
>> %3afoaf%3d%22http%3a%2f%2fxmlns.com%2ffoaf%2f0.1%2f%22%0d%0a+++
>> +xmlns%3ageo%3d%22http%3a%2f%2fwww.w3.org%2f2003%2f01%2fgeo%
>> 2fwgs84_pos%23%22%0d%0a++++xmlns%3aiana%3d%22http%3a%2f%
>> 2fwww.iana.org%2fassignments%2frelation%2f%22%0d%0a++++xmlns%3ardf%
>> 3d%22http%3a%2f%2fwww.w3.org%2f1999%2f02%2f22-rdf-syntax-ns%23%22%0d
>> %0a++++xmlns%3ardfs%3d%22http%3a%2f%2fwww.w3.org%2f2000%2f01%2frdf-
>> schema%23%22%0d%0a++++xmlns%3awot%3d%22http%3a%2f%2fxmlns.com%2fwot%
>> 2f0.1%2f%22%3e%0d%0a%0d%0a++++%3cPersonalProfileDocument+rdf%3aabout
>> %3d%22http%3a%2f%2fbblfish.net%2fpeople%2fhenry%2fcard%22%3e%0d%0a++
>> ++++++%3ciana%3aalternate+rdf%3aresource%3d%22http%3a%2f%
>> 2fbblfish.net%2fpeople%2fhenry%2fcard.n3%22%2f%3e%0d%0a++++++++%
>> 3ciana%3aalternate+rdf%3aresource%3d%22http%3a%2f%2fbblfish.net%
>> 2fpeople%2fhenry%2fcard.rdf%22%2f%3e%0d%0a++++++++%3cmaker+rdf%
>> 3aresource%3d%22http%3a%2f%2fbblfish.net%2fpeople%2fhenry%2fcard%
>> 23me%22%2f%3e%0d%0a++++++++%3cprimaryTopic+rdf%3aresource%3d%22http%
>> 3a%2f%2fbblfish.net%2fpeople%2fhenry%2fcard%23me%22%2f%3e%0d%0a+++++
>> +++%3ctitle%3eHenry+Story's+FOAF+file%3c%2ftitle%3e%0d%0a++++%3c%
>> 2fPersonalProfileDocument%3e%0d%0a%0d%0a++++%3cPerson+rdf%3aabout%3d
>> %22http%3a%2f%2fbblfish.net%2fpeople%2fhenry%2fcard%23me%22%3e%0d%0a
>> ++++++++%3ccontact%3ahome+rdf%3aparseType%3d%22Resource%22%3e%0d%0a+
>> +++++++++++%3ccontact%3aaddress+rdf%3aparseType%3d%22Resource%22%3e%
>> 0d%0a++++++++++++++++%3ccontact%3acity%3eFontainebleau%3c%2fcontact%
>> 3acity%3e%0d%0a++++++++++++++++%3ccontact%3acountry%3eFrance%3c%
>> 2fcontact%3acountry%3e%0d%0a++++++++++++++++%3ccontact%3apostalCode%
>> 3e77300%3c%2fcontact%3apostalCode%3e%0d%0a++++++++++++++++%3ccontact
>> %3astreet%3e21+rue+Saint+Honore%3c%2fcontact%3astreet%3e%0d%0a++++++
>> ++++++%3c%2fcontact%3aaddress%3e%0d%0a++++++++++++%3cgeo%3alat%
>> 3e48.404532%3c%2fgeo%3alat%3e%0d%0a++++++++++++%3cgeo%3along%
>> 3e2.700448%3c%2fgeo%3along%3e%0d%0a++++++++%3c%2fcontact%3ahome%3e%
>> 0d%0a++++++++%3caimChatID%3eunbabelfish%3c%2faimChatID%3e%0d%0a+++++
>> +++%3cbirthday%3e07-29%3c%2fbirthday%3e%0d%0a++++++++%
>> 3ccurrentProject+rdf%3aresource%3d%22http%3a%2f%2fbblfish.net%2fwork
>> %2fatom-owl%2f2006-06-06%2f%22%2f%3e%0d%0a++++++++%3ccurrentProject
>> +rdf%3aresource%3d%22https%3a%2f%2fbloged.dev.java.net%2f%22%2f%3e%
>> 0d%0a++++++++%3ccurrentProject+rdf%3aresource%3d%22https%3a%2f%
>> 2fsommer.dev.java.net%2f%22%2f%3e%0d%0a++++++++%3cdepiction+rdf%
>> 3aresource%3d%22http%3a%2f%2ffarm1.static.flickr.com%2f164%
>> 2f373663745_1801c2dddf.jpg%3fv%3d0%22%2f%3e%0d%0a++++++++%
>> 3cfamily_name%3eStory%3c%2ffamily_name%3e%0d%0a++++++++%3cgender%
>> 3emale%3c%2fgender%3e%0d%0a++++++++%3cgivenname%3eHenry%3c%
>> 2fgivenname%3e%0d%0a++++++++%3chomepage+rdf%3aresource%3d%22http%3a%
>> 2f%2fbblfish.net%2f%22%2f%3e%0d%0a++++++++%3cknows+rdf%3aresource%3d
>> %22http%3a%2f%2fdanbri.org%2ffoaf.rdf%23danbri%22%2f%3e%0d%0a+++++++
>> +%3cknows+rdf%3aresource%3d%22http%3a%2f%2fdavelevy.info%2ffoaf.rdf%
>> 23me%22%2f%3e%0d%0a++++++++%3cknows+rdf%3aresource%3d%22http%3a%2f%
>> 2fpurl.org%2fcaptsolo%2fsemweb%2ffoaf-captsolo.rdf%23Uldis_Bojars%
>> 22%2f%3e%0d%0a++++++++%3cknows+rdf%3aresource%3d%22http%3a%2f%
>> 2ftorrez.us%2fwho%23elias%22%2f%3e%0d%0a++++++++%3cknows+rdf%
>> 3aresource%3d%22http%3a%2f%2fweb.mac.com%2fthegearons%2fpeople%
>> 2fPaulGearon%2ffoaf.rdf%23me%22%2f%3e%0d%0a++++++++%3cknows+rdf%
>> 3aresource%3d%22http%3a%2f%2fwww.w3.org%2fPeople%2fBerners-Lee%
>> 2fcard%23i%22%2f%3e%0d%0a++++++++%3cknows+rdf%3aresource%3d%22http%
>> 3a%2f%2fwww.w3.org%2fPeople%2fConnolly%2f%23me%22%2f%3e%0d%0a+++++++
>> +%3cknows+rdf%3aparseType%3d%22Resource%22%3e%0d%0a++++++++++++%
>> 3crdf%3atype+rdf%3aresource%3d%22http%3a%2f%2fxmlns.com%2ffoaf%
>> 2f0.1%2fPerson%22%2f%3e%0d%0a++++++++++++%3crdfs%3aseeAlso+rdf%
>> 3aresource%3d%22http%3a%2f%2fwww.webmink.net%2ffoaf.rdf%22%2f%3e%0d%
>> 0a++++++++++++%3cmbox_sha1sum%
>> 3eee513cd82fea84825b803a44228fd9b765baf6d5%3c%2fmbox_sha1sum%3e%0d%
>> 0a++++++++++++%3cname%3eSimon+Phipps%3c%2fname%3e%0d%0a++++++++%3c%
>> 2fknows%3e%0d%0a++++++++%3cknows+rdf%3aparseType%3d%22Resource%22%3e
>> %0d%0a++++++++++++%3crdf%3atype+rdf%3aresource%3d%22http%3a%2f%
>> 2fxmlns.com%2ffoaf%2f0.1%2fPerson%22%2f%3e%0d%0a++++++++++++%3crdfs%
>> 3aseeAlso+rdf%3aresource%3d%22http%3a%2f%2fdannyayers.com%2fme.rdf%
>> 22%2f%3e%0d%0a++++++++++++%3cname%3eDanny+Ayers%3c%2fname%3e%0d%0a++
>> ++++++%3c%2fknows%3e%0d%0a++++++++%3clogo+rdf%3aresource%3d%22%2fpix
>> %2fbfish.large.jpg%22%2f%3e%0d%0a++++++++%3cmbox+rdf%3aresource%3d%
>> 22mailto%3ahenry.story%40bblfish.net%22%2f%3e%0d%0a++++++++%3cmbox
>> +rdf%3aresource%3d%22mailto%3ahenry.story%40gmail.com%22%2f%3e%0d%0a
>> ++++++++%3cmbox+rdf%3aresource%3d%22mailto%3ahenry.story%40sun.com%
>> 22%2f%3e%0d%0a++++++++%3cname%3eHenry+J.+Story%3c%2fname%3e%0d%0a+++
>> +++++%3cnick%3ebblfish%3c%2fnick%3e%0d%0a++++++++%3copenid+rdf%
>> 3aresource%3d%22http%3a%2f%2fbblfish.videntity.org%2f%22%2f%3e%0d%0a
>> ++++++++%3copenid+rdf%3aresource%3d%22http%3a%2f%2fopenid.sun.com%
>> 2fbblfish%22%2f%3e%0d%0a++++++++%3cpastProject+rdf%3aresource%3d%
>> 22http%3a%2f%2fbabelfish.altavista.com%2f%22%2f%3e%0d%0a++++++++%
>> 3cphone+rdf%3aresource%3d%22tel%3a%2b1-510-931-5491%22%2f%3e%0d%0a++
>> ++++++%3cphone+rdf%3aresource%3d%22tel%3a%2b33-8-70-44-86-64%22%2f%
>> 3e%0d%0a++++++++%3cschoolHomepage+rdf%3aresource%3d%22http%3a%2f%
>> 2fwww.bbk.ac.uk%2fphil%2f%22%2f%3e%0d%0a++++++++%3cschoolHomepage
>> +rdf%3aresource%3d%22http%3a%2f%2fwww.doc.ic.ac.uk%2f%22%2f%3e%0d%0a
>> ++++++++%3cschoolHomepage+rdf%3aresource%3d%22http%3a%2f%
>> 2fwww.kcl.ac.uk%2fkis%2fschools%2fhums%2fphilosophy%2f%22%2f%3e%0d%
>> 0a++++++++%3ctitle%3eMr%3c%2ftitle%3e%0d%0a++++++++%3cweblog+rdf%
>> 3aresource%3d%22http%3a%2f%2fbblfish.net%2fblog%2f%22%2f%3e%0d%0a+++
>> +++++%3cweblog+rdf%3aresource%3d%22http%3a%2f%2fblogs.sun.com%
>> 2fbblfish%2f%22%2f%3e%0d%0a++++++++%3cweblog+rdf%3aresource%3d%
>> 22http%3a%2f%2fdel.icio.us%2fbblfish%22%2f%3e%0d%0a++++++++%
>> 3cworkplaceHomepage+rdf%3aresource%3d%22http%3a%2f%2fsun.com%22%2f%
>> 3e%0d%0a++++%3c%2fPerson%3e%0d%0a%0d%0a++++%3crdf%3aDescription+rdf%
>> 3aabout%3d%22http%3a%2f%2fbblfish.net%2fpeople%2fhenry%2fcard.n3%22%
>> 3e%0d%0a++++++++%3cawol%3atype%3etext%2frdf%2bn3%3c%2fawol%3atype%3e
>> %0d%0a++++++++%3cwot%3aassurance+rdf%3aresource%3d%22http%3a%2f%
>> 2fbblfish.net%2fpeople%2fhenry%2fcard.n3.asc%22%2f%3e%0d%0a++++%3c%
>> 2frdf%3aDescription%3e%0d%0a%0d%0a++++%3crdf%3aDescription+rdf%
>> 3aabout%3d%22http%3a%2f%2fbblfish.net%2fpeople%2fhenry%2fcard.rdf%
>> 22%3e%0d%0a++++++++%3cawol%3atype%3eapplication%2frdf%2bxml%3c%
>> 2fawol%3atype%3e%0d%0a++++++++%3cwot%3aassurance+rdf%3aresource%3d%
>> 22http%3a%2f%2fbblfish.net%2fpeople%2fhenry%2fcard.rdf.asc%22%2f%3e%
>> 0d%0a++++%3c%2frdf%3aDescription%3e%0d%0a%0d%0a++++%3crdf%
>> 3aDescription+rdf%3aabout%3d%22http%3a%2f%2fdanbri.org%2fdanbri-
>> pubkey.txt%22%3e%0d%0a++++++++%3cwot%3aassurance+rdf%3aresource%3d%
>> 22danbri.pubkey.asc.asc%22%2f%3e%0d%0a++++%3c%2frdf%3aDescription%3e
>> %0d%0a%0d%0a++++%3cPerson+rdf%3aabout%3d%22http%3a%2f%2fdanbri.org%
>> 2ffoaf.rdf%23danbri%22%3e%0d%0a++++++++%3cname%3eDan+Brickley%3c%
>> 2fname%3e%0d%0a++++%3c%2fPerson%3e%0d%0a%0d%0a++++%3cPerson+rdf%
>> 3aabout%3d%22http%3a%2f%2fdavelevy.info%2ffoaf.rdf%23me%22%3e%0d%0a+
>> +++++++%3cname%3eDave+Levy%3c%2fname%3e%0d%0a++++%3c%2fPerson%3e%0d%
>> 0a%0d%0a++++%3cPerson+rdf%3aabout%3d%22http%3a%2f%2fpurl.org%
>> 2fcaptsolo%2fsemweb%2ffoaf-captsolo.rdf%23Uldis_Bojars%22%3e%0d%0a++
>> ++++++%3cname%3eUldis+Bojars%3c%2fname%3e%0d%0a++++%3c%2fPerson%3e%
>> 0d%0a%0d%0a++++%3cPerson+rdf%3aabout%3d%22http%3a%2f%2ftorrez.us%
>> 2fwho%23elias%22%3e%0d%0a++++++++%3cname%3eElias+Torres%3c%2fname%3e
>> %0d%0a++++%3c%2fPerson%3e%0d%0a%0d%0a++++%3cPerson+rdf%3aabout%3d%
>> 22http%3a%2f%2fweb.mac.com%2fthegearons%2fpeople%2fPaulGearon%
>> 2ffoaf.rdf%23me%22%3e%0d%0a++++++++%3cname%3ePaul+Gearon%3c%2fname%
>> 3e%0d%0a++++%3c%2fPerson%3e%0d%0a%0d%0a++++%3cPerson+rdf%3aabout%3d%
>> 22http%3a%2f%2fwww.w3.org%2fPeople%2fBerners-Lee%2fcard%23i%22%3e%0d
>> %0a++++++++%3cname%3eTim+Berners+Lee%3c%2fname%3e%0d%0a++++%3c%
>> 2fPerson%3e%0d%0a%0d%0a++++%3cPerson+rdf%3aabout%3d%22http%3a%2f%
>> 2fwww.w3.org%2fPeople%2fConnolly%2f%23me%22%3e%0d%0a++++++++%3cname%
>> 3eDan+Connolly%3c%2fname%3e%0d%0a++++%3c%2fPerson%3e%0d%0a%0d%0a++++
>> %3crdf%3aDescription%3e%0d%0a++++++++%3crdf%3atype+rdf%3aresource%3d
>> %22http%3a%2f%2fxmlns.com%2fwot%2f0.1%2fPubKey%22%2f%3e%0d%0a+++++++
>> +%3cwot%3afingerprint%3eE5C6CDCC5C1401B6EB2BC5EAED0BF9DBC7DEAB05%3c%
>> 2fwot%3afingerprint%3e%0d%0a++++++++%3cwot%3ahex_id%3eC7DEAB05%3c%
>> 2fwot%3ahex_id%3e%0d%0a++++++++%3cwot%3aidentity+rdf%3aresource%3d%
>> 22http%3a%2f%2fbblfish.net%2fpeople%2fhenry%2fcard%23me%22%2f%3e%0d%
>> 0a++++++++%3cwot%3alength+rdf%3adatatype%3d%22http%3a%2f%
>> 2fwww.w3.org%2f2001%2fXMLSchema%23integer%22%3e1024%3c%2fwot%
>> 3alength%3e%0d%0a++++++++%3cwot%3apubkeyAddress+rdf%3aresource%3d%
>> 22http%3a%2f%2fbblfish.net%2fpeople%2fhenry%2fhenry.pubkey.asc%22%2f
>> %3e%0d%0a++++%3c%2frdf%3aDescription%3e%0d%0a%0d%0a++++%3crdf%
>> 3aDescription%3e%0d%0a++++++++%3crdf%3atype+rdf%3aresource%3d%22http
>> %3a%2f%2fxmlns.com%2fwot%2f0.1%2fPubkey%22%2f%3e%0d%0a++++++++%3cwot
>> %3ahex_id%3e9FC3D57E%3c%2fwot%3ahex_id%3e%0d%0a++++++++%3cwot%
>> 3aidentity+rdf%3aresource%3d%22http%3a%2f%2fwww.w3.org%2fPeople%
>> 2fBerners-Lee%2fcard%23i%22%2f%3e%0d%0a++++++++%3cwot%
>> 3apubkeyAddress+rdf%3aresource%3d%22timbl.pubkey.asc%22%2f%3e%0d%0a+
>> +++%3c%2frdf%3aDescription%3e%0d%0a%0d%0a++++%3crdf%3aDescription%3e
>> %0d%0a++++++++%3crdf%3atype+rdf%3aresource%3d%22http%3a%2f%
>> 2fxmlns.com%2fwot%2f0.1%2fPubKey%22%2f%3e%0d%0a++++++++%3cwot%
>> 3ahex_id%3eB573B63A%3c%2fwot%3ahex_id%3e%0d%0a++++++++%3cwot%
>> 3aidentity+rdf%3aresource%3d%22http%3a%2f%2fdanbri.org%2ffoaf.rdf%
>> 23danbri%22%2f%3e%0d%0a++++++++%3cwot%3apubkeyAddress+rdf%3aresource
>> %3d%22http%3a%2f%2fdanbri.org%2fdanbri-pubkey.txt%22%2f%3e%0d%0a++++
>> %3c%2frdf%3aDescription%3e%0d%0a%3c%2frdf%3aRDF%3e</
>> saml:NameID><saml:SubjectConfirmation
>> Method="urn:oasis:names:tc:SAML:
>> 2.0:cm:bearer"><saml:SubjectConfirmationData
>> InResponseTo="_KrYhdmh3KExWfP5o0CAs7C9mfi"
>> NotOnOrAfter="2007-08-11T05:50:26.833Z" Recipient="http://localhost:
>> 9030/sp/ACS.saml2"/></saml:SubjectConfirmation></
>> saml:Subject><saml:Conditions <http://localhost:9030/sp/ACS.saml2%
>> 22/%3E%3C/saml:SubjectConfirmation%3E%3C/saml:Subject%3E%
>> 3Csaml:Conditions> NotOnOrAfter="2007-08-11T05:50:26.817Z"
>> NotBefore="2007-08-11T05:40:26.817Z"><saml:AudienceRestriction><saml:
>> A
>> udience>http://www.acmemls.com/request-auth.jsp</saml:Audience></
>> saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement
>> AuthnInstant="2007-08-11T05:45:26.770Z"
>> SessionIndex="eK2qsvd9xzsmzN7Z_V8sb08fqO-"><saml:AuthnContext><saml:A
>> u
>> thnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</
>> saml:AuthnContextClassRef></saml:AuthnContext></
>> saml:AuthnStatement></saml:Assertion></samlp:Response>
>>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (Darwin)
>
> iD8DBQFGwLXS7Qv528feqwURAvf1AJ9b3mWBn+Dn+6eE3Gdxx5kUKGpbeQCfccTV
> ClZ6euUnZa9H3TSf273+99k=
> =eZ/+
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
More information about the general
mailing list