[messaging] Linked Identities (was: affirmations)

carmen r mail at whats-your.name
Sat Jan 24 20:17:00 PST 2015

> published a linked identity with file:///etc/hosts

https: is the preferred scheme for webID..
any MIME type that can describe the user using RDF is supported (text/html, text/turtle, JSONld)

doc  http://csarven.ca/
user http://csarven.ca/#i (object with ID inside HTML doc):

 <address about="http://csarven.ca/#i" typeof="foaf:Person" id="i" class="vcard author">
 <span property="cert:modulus" datatype="xsd:hexBinary" content="CAF6A78D16E80F9.."></span>
 <span property="cert:exponent" datatype="xsd:integer" content="65537"></span>

 that's RDFa (attributes in HTML). in a pure data-format:

 ~ curl https://deiu.rww.io/profile/card.n3

 public-key on webpage, private-key in-browser using client-certificate support built-in

 http://linkeddata.github.io/signup/ worked here to create a cert + import to firefox/chromium

, say you lose your phone, a hacker figures out there's a .p12 private-key file the browser will export..
if you're fast, login + change the modulus/exponent values to make the old cert useless, keeping your same user URI
if you run the server, you could do that even after an attacker minted a cert for the URI whose private-key you don't have

so it's proably best if you control the website. but rww.io and similar services are trying to make it easy. and maybe there'd be email-based 'key reset/recovery' features in some of them eventually

some servers which support this:

More information about the Messaging mailing list