[messaging] Linked Identities (was: affirmations)
carmen r
mail at whats-your.name
Sat Jan 24 20:17:00 PST 2015
> published a linked identity with file:///etc/hosts
https: is the preferred scheme for webID..
any MIME type that can describe the user using RDF is supported (text/html, text/turtle, JSONld)
doc http://csarven.ca/
user http://csarven.ca/#i (object with ID inside HTML doc):
<address about="http://csarven.ca/#i" typeof="foaf:Person" id="i" class="vcard author">
<span property="cert:modulus" datatype="xsd:hexBinary" content="CAF6A78D16E80F9.."></span>
<span property="cert:exponent" datatype="xsd:integer" content="65537"></span>
that's RDFa (attributes in HTML). in a pure data-format:
~ curl https://deiu.rww.io/profile/card.n3
public-key on webpage, private-key in-browser using client-certificate support built-in
http://linkeddata.github.io/signup/ worked here to create a cert + import to firefox/chromium
, say you lose your phone, a hacker figures out there's a .p12 private-key file the browser will export..
if you're fast, login + change the modulus/exponent values to make the old cert useless, keeping your same user URI
if you run the server, you could do that even after an attacker minted a cert for the URI whose private-key you don't have
so it's proably best if you control the website. but rww.io and similar services are trying to make it easy. and maybe there'd be email-based 'key reset/recovery' features in some of them eventually
some servers which support this:
https://github.com/linkeddata/gold
https://github.com/linkeddata/node-ldp-httpd
https://github.com/hallwaykid/pw
https://github.com/read-write-web/rww-play
More information about the Messaging
mailing list