X509Semantics

From WebID Wiki
Jump to: navigation, search

It can be very useful in discussion to have some clear mapping of an X509 Certificate to RDF. This page keeps track of the ongoing work in this project that was started with the Certificte Triplify Challenge

If we take the certificate from the spec we can map it to the following triples. (todo: take the triples from the cert in the spec)

Assuming we placed the Certificate on the web at some location ( referred to by <> in the RDF below ) we get

# a number of triples about the certiifcate itself
<> a cert:Certificate ;
  foaf:primaryTopic _:agent ;
  cert:issuer <http://example.com/ca#cert> ;
  cert:serialNumber 1 ;
  cert:notBefore "2012-01-01T14:00:00Z"^^xsd:dateTime ;
  cert:notAfter "2012-12-31T13:59:59Z"^^xsd:dateTime ;
  cert:extension [
		a cert:basicConstraints ;
		cert:extensionValue [
			cert:ca "false"^^xsd:boolean ;
			cert:pathLengthConstraint 0 ;
		] ;
	] ;
   cert:signatureAlgorithm cert:sha1WithRSAEncryption ;
   cert:signature "00010203040506070809...."^^xsd:hexBinary .

# a number of things that are said in the certificate

   _:agent cert:distinguishedName [
		a cert:DistinguishedName ;
		x520:countryName "GB" ;
		x520:localityName "London" ;
		x520:organizationName "British Broadcasting Corporation" ;
		x520:organizationalUnitName "Research and Development" ;
		x520:commonName "Test Certificate" ;	
      ] ;
           cert:key [ a cert:RSAPublicKey ;
		…
	     ] ;
            owl:sameAs <http://example.com/me#person> .
 

Were we to speak of the certificate we would need to make it more apparent who is saying what. We would distinguish data about the certificate, which is a document, and what that document says. This is because the signature is what tells us that the document creator asserts the contents of the document. It is not yet up to us - if we are skeptical - to believe the contents of the certificate.

<http://example.com/cert> a cert:Certificate ;
	cert:issuer <http://example.com/ca#cert> ;
	cert:serialNumber 1 ;
	cert:notBefore "2012-01-01T14:00:00Z"^^xsd:dateTime ;
	cert:notAfter "2012-12-31T13:59:59Z"^^xsd:dateTime ;
	cert:extension [
		a cert:basicConstraints ;
		cert:extensionValue [
			cert:ca "false"^^xsd:boolean ;
			cert:pathLengthConstraint 0 ;
		] ;
	] ;
	cert:signatureAlgorithm cert:sha1WithRSAEncryption ;
	cert:signature "00010203040506070809...."^^xsd:hexBinary .
       log:semantics {
          <> foaf:primaryTopic _:agent ;

          _:agent cert:distinguishedName [
		a cert:DistinguishedName ;
		x520:countryName "GB" ;
		x520:localityName "London" ;
		x520:organizationName "British Broadcasting Corporation" ;
		x520:organizationalUnitName "Research and Development" ;
		x520:commonName "Test Certificate" ;	
          ] ;
         cert:key [ a cert:RSAPublicKey ;
		…
  	   ] ;
         owl:sameAs <http://example.com/me#person> .
   }