foaf+ssl was: XAuth critiques
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Tue Jun 8 21:31:03 UTC 2010
On 06/08/2010 11:30 PM, From Story Henry:
> That's the trick of foaf+ssl: we do not rely on Certificate Authorities to vouch for the client. The certificates can be either self signed, or signed by some unknown CA.
>
> The trick used is the same as the one used by OpenID. ( In fact OpenID inspired much of what is behind Web ID. ) The SSL connection lets the server know that the client has the private key of the public key sent in the X.509 certificate. Because the X.509 certificate also contains the Web ID (in the subject alternative name position), the server can do an HTTPS get on the WebID and if the public key matches there, Identity is proven.
>
In that case I don't see the benefit of using an SSL certificate at all,
OpenID seems to provide the same thing a bunch easier - or am I
mistaken? Obviously - and I know that - your opinion might be not
without bias, so you don't have to defend it. And probably neither is
mine...
But if you can explain the benefit or the shortcoming of OpenID compared
to your idea?
Regards
Signer: Eddy Nigg, COO/CTO
StartCom Ltd. <http://www.startcom.org>
XMPP: startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: Join the Revolution! <http://blog.startcom.org>
Twitter: Follow Me <http://twitter.com/eddy_nigg>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20100609/ed3caf62/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6846 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20100609/ed3caf62/attachment.bin>
More information about the specs
mailing list