<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title></title>
</head>
<body text="#000000" bgcolor="#ffffff">
<br>
On 06/08/2010 11:30 PM, From Story Henry:<br>
<blockquote cite="mid:6CC5C76F-DE69-4EBB-94B9-61E3E0906E56@bblfish.net"
type="cite">
<pre wrap="">That's the trick of foaf+ssl: we do not rely on Certificate Authorities to vouch for the client. The certificates can be either self signed, or signed by some unknown CA.
The trick used is the same as the one used by OpenID. ( In fact OpenID inspired much of what is behind Web ID. ) The SSL connection lets the server know that the client has the private key of the public key sent in the X.509 certificate. Because the X.509 certificate also contains the Web ID (in the subject alternative name position), the server can do an HTTPS get on the WebID and if the public key matches there, Identity is proven.
</pre>
</blockquote>
<br>
In that case I don't see the benefit of using an SSL certificate at
all, OpenID seems to provide the same thing a bunch easier - or am I
mistaken? Obviously - and I know that - your opinion might be not
without bias, so you don't have to defend it. And probably neither is
mine...<br>
<br>
But if you can explain the benefit or the shortcoming of OpenID
compared to your idea?<br>
<br>
<div class="moz-signature">
<table cellpadding="0" cellspacing="0" border="0">
<tbody>
<tr>
<td colspan="2">Regards </td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td>Signer: </td>
<td>Eddy Nigg, COO/CTO</td>
</tr>
<tr>
<td> </td>
<td><a href="http://www.startcom.org">StartCom Ltd.</a></td>
</tr>
<tr>
<td>XMPP: </td>
<td><a href="xmpp:startcom@startcom.org">startcom@startcom.org</a></td>
</tr>
<tr>
<td>Blog: </td>
<td><a href="http://blog.startcom.org">Join the Revolution!</a></td>
</tr>
<tr>
<td>Twitter: </td>
<td><a href="http://twitter.com/eddy_nigg">Follow Me</a></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
</tbody>
</table>
</div>
<br>
</body>
</html>