<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<title>Re: [OpenID] cryptographics web of trust</title>
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin-top:12.0pt;
margin-right:48.0pt;
margin-bottom:12.0pt;
margin-left:24.0pt;
font-size:10.5pt;
font-family:"Courier New";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:"Courier New";}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:1833835854;
mso-list-type:hybrid;
mso-list-template-ids:1945504950 -196546376 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Calibri","sans-serif";
mso-fareast-font-family:Calibri;
mso-bidi-font-family:"Times New Roman";}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>What a fun road this has been to travel! <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>If I hadn’t mouthed off about #fragments, I would never
have got to see so much fun stuff! <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>I can see an interaction of (a) RDF/FOAF’s rigorous handling
of URI-based identity (b) openid’s classical use case of
webSSO/registrationwizard, and (c) https/certs profiled for URIs. That
intersection is full of possibilities for a secure SemWeb.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Don’t spent more than 2 minutes! What follows is only
partially organized.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>-------------------<o:p></o:p></span></p>
<p><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Most
if not all of my own questions in </span><a
href="http://yorkporc.spaces.live.com/blog/cns!5061D4609325B60!228.entry">http://yorkporc.spaces.live.com/blog/cns!5061D4609325B60!228.entry</a>
<span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>seem
to be answered by thinking just a little more along the lines of <a
href="http://www.w3.org/TR/rdf-sparql-query/#restrictInQuery">http://www.w3.org/TR/rdf-sparql-query/#restrictInQuery</a>
(once you substitute foaf:openid for foaf:mbox)<o:p></o:p></span></p>
<p style='margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>
</span></span></span><![endif]><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>We know that such a query can be stored in an Agent’s PPD
in some term, encoded in an http URL’s querystring <o:p></o:p></span></p>
<p style='margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>
</span></span></span><![endif]><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>We know that the PPD can be extended by anyone, declaring a custom
class containing several “terms” of type “virtual function”<o:p></o:p></span></p>
<p style='margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>
</span></span></span><![endif]><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>An OpenID namespace extension (e.g. sreg) can have as its
defining URI a live URL pointer to the RDF class definition, allowing an openid
protocol engine to reflect and generically enforce the associated schema(s) of message
extensions<o:p></o:p></span></p>
<p style='margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>
</span></span></span><![endif]><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>The virtual function names can serve as the wire-form names used
for openid named extension fields (ns.sreg.firstname)<o:p></o:p></span></p>
<p style='margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>
</span></span></span><![endif]><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>If the PPD class has such a vfn name that actually has a
function value, at run time the protocol engine can be calling it enforce one
or other runtime access control model … at a per-attribute granularity <o:p></o:p></span></p>
<p style='margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>
</span></span></span><![endif]><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>The access control function can be leveraging XACML’s PAPs,
PEPs, PDPs, etc<o:p></o:p></span></p>
<p><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>But
I also see how the same query addresses your wot ideas (where you endorse a
friends key by storing a copy on your server – for others to recover and now
rely on henry’s confidence level …in that key’s authenticity)<o:p></o:p></span></p>
<p style='margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>
</span></span></span><![endif]><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>That query shows how, when recovering nicknames, one get to
distinguish the source of a nickname, and control whether one uses the master
or slave copy. One can treat wot:pubkeyAddress similarly.<o:p></o:p></span></p>
<p style='margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>
</span></span></span><![endif]><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Reversing the logic, presumably a publicly usable encoded-SPARQL
query stored in Henrys card can be executed by anyone against the card (where
the card is also its own SPARQL Agent endpoint) …and it will recover
Henry’s endorsed copy of his friend’s pubkeys<o:p></o:p></span></p>
<p style='margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>
</span></span></span><![endif]><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>If the entire interaction is over SSL, with Henry’s Apache
server as the https responder, the SPARQL resultset in rdf+xml will be an
assertion that is authenticated by the bearer channel (SSL record layer
assurances)<o:p></o:p></span></p>
<p><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I
just wish one could make SPARQL recursive!<o:p></o:p></span></p>
<p style='margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>
</span></span></span><![endif]><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>It would be fun if, as in my hackedup version of the <a
href="http://www.w3.org/TR/rdf-sparql-query/#restrictInQuery">query</a>, one could
somehow within the query language substitute ?ppd into the named graph set,
recursing/iterating to perform tree/web walking until one hits some nominated
target openid/PPDURI: e.g. </span><span lang=EN style='font-size:10.5pt;
font-family:"Courier New";color:black'>http://example.org/foaf/bobFoaf</span><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p></o:p></span></p>
<div style='mso-element:para-border-div;border:solid #8888AA 1.0pt;padding:
0in 0in 0in 0in;background:#F7F8FF;margin-left:.25in;margin-right:48.0pt'>
<p class=MsoListParagraph style='mso-margin-top-alt:12.0pt;margin-right:0in;
margin-bottom:12.0pt;margin-left:.25in;text-indent:-.25in;mso-list:l0 level1 lfo1;
background:#F7F8FF;border:none;padding:0in'><![if !supportLists]><span lang=EN
style='font-size:10.5pt;font-family:"Calibri","sans-serif";color:black'><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>
</span></span></span><![endif]><span lang=EN style='font-size:10.5pt;
font-family:"Courier New";color:black'>SELECT ?openid ?pkaorig ?pkacopy ?ppd<o:p></o:p></span></p>
<p class=MsoListParagraph style='mso-margin-top-alt:12.0pt;margin-right:0in;
margin-bottom:12.0pt;margin-left:.25in;text-indent:-.25in;mso-list:l0 level1 lfo1;
background:#F7F8FF;border:none;padding:0in'><![if !supportLists]><span lang=EN
style='font-size:10.5pt;font-family:"Calibri","sans-serif";color:black'><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>
</span></span></span><![endif]><span lang=EN style='font-size:10.5pt;
font-family:"Courier New";color:black'>FROM NAMED
<http://example.org/foaf/aliceFoaf><o:p></o:p></span></p>
<p class=MsoListParagraph style='mso-margin-top-alt:12.0pt;margin-right:0in;
margin-bottom:12.0pt;margin-left:.25in;text-indent:-.25in;mso-list:l0 level1 lfo1;
background:#F7F8FF;border:none;padding:0in'><![if !supportLists]><span lang=EN
style='font-size:10.5pt;font-family:"Calibri","sans-serif";color:black'><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>
</span></span></span><![endif]><span lang=EN style='font-size:10.5pt;
font-family:"Courier New";color:black'>FROM NAMED
<http://example.org/foaf/bobFoaf><o:p></o:p></span></p>
<p class=MsoListParagraph style='mso-margin-top-alt:12.0pt;margin-right:0in;
margin-bottom:12.0pt;margin-left:.25in;text-indent:-.25in;mso-list:l0 level1 lfo1;
background:#F7F8FF;border:none;padding:0in'><![if !supportLists]><span lang=EN
style='font-size:10.5pt;font-family:"Calibri","sans-serif";color:black'><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>
</span></span></span><![endif]><span lang=EN style='font-size:10.5pt;
font-family:"Courier New";color:black'>“ FROM NAMED ?ppd “<o:p></o:p></span></p>
<p class=MsoListParagraph style='mso-margin-top-alt:12.0pt;margin-right:0in;
margin-bottom:12.0pt;margin-left:.25in;text-indent:-.25in;mso-list:l0 level1 lfo1;
background:#F7F8FF;border:none;padding:0in'><![if !supportLists]><span lang=EN
style='font-size:10.5pt;font-family:"Calibri","sans-serif";color:black'><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>
</span></span></span><![endif]><span lang=EN style='font-size:10.5pt;
font-family:"Courier New";color:black'>WHERE<o:p></o:p></span></p>
<p class=MsoListParagraph style='mso-margin-top-alt:12.0pt;margin-right:0in;
margin-bottom:12.0pt;margin-left:.25in;text-indent:-.25in;mso-list:l0 level1 lfo1;
background:#F7F8FF;border:none;padding:0in'><![if !supportLists]><span lang=EN
style='font-size:10.5pt;font-family:"Calibri","sans-serif";color:black'><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>
</span></span></span><![endif]><span lang=EN style='font-size:10.5pt;
font-family:"Courier New";color:black'>{<o:p></o:p></span></p>
<p class=MsoListParagraph style='mso-margin-top-alt:12.0pt;margin-right:0in;
margin-bottom:12.0pt;margin-left:.25in;text-indent:-.25in;mso-list:l0 level1 lfo1;
background:#F7F8FF;border:none;padding:0in'><![if !supportLists]><span lang=EN
style='font-size:10.5pt;font-family:"Calibri","sans-serif";color:black'><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>
</span></span></span><![endif]><span lang=EN style='font-size:10.5pt;
font-family:"Courier New";color:black'> GRAPH data:aliceFoaf<o:p></o:p></span></p>
<p class=MsoListParagraph style='mso-margin-top-alt:12.0pt;margin-right:0in;
margin-bottom:12.0pt;margin-left:.25in;text-indent:-.25in;mso-list:l0 level1 lfo1;
background:#F7F8FF;border:none;padding:0in'><![if !supportLists]><span lang=EN
style='font-size:10.5pt;font-family:"Calibri","sans-serif";color:black'><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>
</span></span></span><![endif]><span lang=EN style='font-size:10.5pt;
font-family:"Courier New";color:black'> {<o:p></o:p></span></p>
<p class=MsoListParagraph style='mso-margin-top-alt:12.0pt;margin-right:0in;
margin-bottom:12.0pt;margin-left:.25in;text-indent:-.25in;mso-list:l0 level1 lfo1;
background:#F7F8FF;border:none;padding:0in'><![if !supportLists]><span lang=EN
style='font-size:10.5pt;font-family:"Calibri","sans-serif";color:black'><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>
</span></span></span><![endif]><span lang=EN style='font-size:10.5pt;
font-family:"Courier New";color:black'> ?alice foaf:made
#me ;<o:p></o:p></span></p>
<p class=MsoListParagraph style='mso-margin-top-alt:12.0pt;margin-right:0in;
margin-bottom:12.0pt;margin-left:.25in;text-indent:-.25in;mso-list:l0 level1 lfo1;
background:#F7F8FF;border:none;padding:0in'><![if !supportLists]><span lang=EN
style='font-size:10.5pt;font-family:"Calibri","sans-serif";color:black'><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>
</span></span></span><![endif]><span lang=EN style='font-size:10.5pt;
font-family:"Courier New";color:black'> foaf:knows
?whom .<o:p></o:p></span></p>
<p class=MsoListParagraph style='mso-margin-top-alt:12.0pt;margin-right:0in;
margin-bottom:12.0pt;margin-left:.25in;text-indent:-.25in;mso-list:l0 level1 lfo1;
background:#F7F8FF;border:none;padding:0in'><![if !supportLists]><span lang=EN
style='font-size:10.5pt;font-family:"Calibri","sans-serif";color:black'><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>
</span></span></span><![endif]><span lang=EN style='font-size:10.5pt;
font-family:"Courier New";color:black'> ?whom
foaf:openid ?openid ;<o:p></o:p></span></p>
<p class=MsoListParagraph style='mso-margin-top-alt:12.0pt;margin-right:0in;
margin-bottom:12.0pt;margin-left:.25in;text-indent:-.25in;mso-list:l0 level1 lfo1;
background:#F7F8FF;border:none;padding:0in'><![if !supportLists]><span lang=EN
style='font-size:10.5pt;font-family:"Calibri","sans-serif";color:black'><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>
</span></span></span><![endif]><span lang=EN style='font-size:10.5pt;
font-family:"Courier New";color:black'> wot:pubKeyAddress
?pkacopy ;<o:p></o:p></span></p>
<p class=MsoListParagraph style='mso-margin-top-alt:12.0pt;margin-right:0in;
margin-bottom:12.0pt;margin-left:.25in;text-indent:-.25in;mso-list:l0 level1 lfo1;
background:#F7F8FF;border:none;padding:0in'><![if !supportLists]><span lang=EN
style='font-size:10.5pt;font-family:"Calibri","sans-serif";color:black'><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>
</span></span></span><![endif]><span lang=EN style='font-size:10.5pt;
font-family:"Courier New";color:black'> rdfs:seeAlso
?ppd .<o:p></o:p></span></p>
<p class=MsoListParagraph style='mso-margin-top-alt:12.0pt;margin-right:0in;
margin-bottom:12.0pt;margin-left:.25in;text-indent:-.25in;mso-list:l0 level1 lfo1;
background:#F7F8FF;border:none;padding:0in'><![if !supportLists]><span lang=EN
style='font-size:10.5pt;font-family:"Calibri","sans-serif";color:black'><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>
</span></span></span><![endif]><span lang=EN style='font-size:10.5pt;
font-family:"Courier New";color:black'> ?ppd a
foaf:PersonalProfileDocument .<o:p></o:p></span></p>
<p class=MsoListParagraph style='mso-margin-top-alt:12.0pt;margin-right:0in;
margin-bottom:12.0pt;margin-left:.25in;text-indent:-.25in;mso-list:l0 level1 lfo1;
background:#F7F8FF;border:none;padding:0in'><![if !supportLists]><span lang=EN
style='font-size:10.5pt;font-family:"Calibri","sans-serif";color:black'><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>
</span></span></span><![endif]><span lang=EN style='font-size:10.5pt;
font-family:"Courier New";color:black'> } .<o:p></o:p></span></p>
<p class=MsoListParagraph style='mso-margin-top-alt:12.0pt;margin-right:0in;
margin-bottom:12.0pt;margin-left:.25in;text-indent:-.25in;mso-list:l0 level1 lfo1;
background:#F7F8FF;border:none;padding:0in'><![if !supportLists]><span lang=EN
style='font-size:10.5pt;font-family:"Calibri","sans-serif";color:black'><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>
</span></span></span><![endif]><span lang=EN style='font-size:10.5pt;
font-family:"Courier New";color:black'> GRAPH ?ppd<o:p></o:p></span></p>
<p class=MsoListParagraph style='mso-margin-top-alt:12.0pt;margin-right:0in;
margin-bottom:12.0pt;margin-left:.25in;text-indent:-.25in;mso-list:l0 level1 lfo1;
background:#F7F8FF;border:none;padding:0in'><![if !supportLists]><span lang=EN
style='font-size:10.5pt;font-family:"Calibri","sans-serif";color:black'><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>
</span></span></span><![endif]><span lang=EN style='font-size:10.5pt;
font-family:"Courier New";color:black'> {<o:p></o:p></span></p>
<p class=MsoListParagraph style='mso-margin-top-alt:12.0pt;margin-right:0in;
margin-bottom:12.0pt;margin-left:.25in;text-indent:-.25in;mso-list:l0 level1 lfo1;
background:#F7F8FF;border:none;padding:0in'><![if !supportLists]><span lang=EN
style='font-size:10.5pt;font-family:"Calibri","sans-serif";color:black'><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>
</span></span></span><![endif]><span lang=EN style='font-size:10.5pt;
font-family:"Courier New";color:black'> ?w
foaf:openid ?openid;<o:p></o:p></span></p>
<p class=MsoListParagraph style='mso-margin-top-alt:12.0pt;margin-right:0in;
margin-bottom:12.0pt;margin-left:.25in;text-indent:-.25in;mso-list:l0 level1 lfo1;
background:#F7F8FF;border:none;padding:0in'><![if !supportLists]><span lang=EN
style='font-size:10.5pt;font-family:"Calibri","sans-serif";color:black'><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>
</span></span></span><![endif]><span lang=EN style='font-size:10.5pt;
font-family:"Courier New";color:black'> wot:pubKeyAddress
?pkaorig<o:p></o:p></span></p>
<p class=MsoListParagraph style='mso-margin-top-alt:12.0pt;margin-right:0in;
margin-bottom:12.0pt;margin-left:.25in;text-indent:-.25in;mso-list:l0 level1 lfo1;
background:#F7F8FF;border:none;padding:0in'><![if !supportLists]><span lang=EN
style='font-size:10.5pt;font-family:"Calibri","sans-serif";color:black'><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>
</span></span></span><![endif]><span lang=EN style='font-size:10.5pt;
font-family:"Courier New";color:black'> }<o:p></o:p></span></p>
<p class=MsoListParagraph style='mso-margin-top-alt:12.0pt;margin-right:0in;
margin-bottom:12.0pt;margin-left:.25in;text-indent:-.25in;mso-list:l0 level1 lfo1;
background:#F7F8FF;border:none;padding:0in'><![if !supportLists]><span lang=EN
style='font-size:10.5pt;font-family:"Calibri","sans-serif";color:black'><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>
</span></span></span><![endif]><span lang=EN style='font-size:10.5pt;
font-family:"Courier New";color:black'>}<o:p></o:p></span></p>
</div>
<p style='margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>
</span></span></span><![endif]><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><a
href="http://www.intellidimension.com/default.rsp?topic=/pages/rdfgateway/dev-guide/package/db.rsp">http://www.intellidimension.com/default.rsp?topic=/pages/rdfgateway/dev-guide/package/db.rsp</a>
shows how to make some templated queries that are kind of what I’m after -
using that vendors proprietary (but excellent) approach.<o:p></o:p></span></p>
<p style='margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>
</span></span></span><![endif]><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>If we are setting standards, presumably we would need to be
making SPARQL templates – that to do the same kind of thing. <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>If we want to be really RDFish, an OpenID extension (that is
defined in an OWL class) can have a named attribute that is populated by the consumer.
The consumer can put the encoded SPARQL query into the checkid request, in the
form of SPARQL’s HTTP-binding URL.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>
</span></span></span><![endif]><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>From the class, the receiving engine can know this is a query
rather than a normal URI ref – and request have some SPARQL server that
it chooses to perform the given query when satisfying the AX request.<o:p></o:p></span></p>
<p class=MsoListParagraph><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>
</span></span></span><![endif]><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>E.g. openid.ns.peterextension.queryme = #?query=<URLencoded
SPARQL query>&named-graph=<targetURI><o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>The nice thing about all of this, is it all applies to SAML2
just as it applies to OpenID. If, per offline conversations, one just makes the
SAML entityID into a live HTTP URL rather than a URN, and the SSL certs use the
URI nameform option I had ISO add to X.509, there can be significant interplay
between the SAML and OpenID worlds. They will both be pure URI/IRI identity
schemes, over https – where the https certs bound to the entityIDs are also
named using the same URI name form and URI value.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>It will be cute to have an IDP issue a signed SAML assertion,
bearing an encoded SPQRQL query that instructs the relying party how to actually
validate the assertion signature–providing the custom query that will
allow that RP to efficiently compute the list of wot:sigEvents that chain
the RP pubkey back to the IDP signing key - allowing the RP to rely on
the assertion’s signature!<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'> <o:p></o:p></span></p>
<div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Peter Williams <br>
<b>Sent:</b> Sunday, September 23, 2007 10:49 AM<br>
<b>To:</b> Story Henry<br>
<b>Cc:</b> OpenID General<br>
<b>Subject:</b> RE: [OpenID] cryptographics web of trust<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p>Microsoft tools may be consumer friendly, but they sure make it really hard
work to have folks render on their end what it is that I actually edit in a
simple document editor! Their handling of URLs on cut&paste into a web
email client just seems bizarre!<o:p></o:p></p>
<p>I posted my last email to <a
href="http://yorkporc.spaces.live.com/blog/cns!5061D4609325B60!228.entry">http://yorkporc.spaces.live.com/blog/cns!5061D4609325B60!228.entry</a>.
<o:p></o:p></p>
<p>It seems to render fine there, at least when using IE7. <o:p></o:p></p>
<p>It may be easier to read there.<o:p></o:p></p>
<p> <o:p></o:p></p>
</div>
</div>
</body>
</html>