W3C

- DRAFT -

WebID Incubator Group Teleconference

21 Nov 2011

See also: IRC log

Attendees

Present
+1.510.931.aaaa, scor, [IPcaller], +49.874.aabb, bergi_, +1.510.931.aacc, bblfish, [CTIC]
Regrets
Chair
SV_MEETING_CHAIR
Scribe
scor

Contents

<trackbot> Date: 21 November 2011

<Wikier> hi

<bblfish_> ah hi

<bblfish> mhh

<bblfish> perhaps I got disconnected

<bblfish> Zakim I am aacc

<bblfish> http://bblfish.net/tmp/2011/11/21/index-respec.html

<scribe> scribe: scor

bblfish: has been working on a new version of the spec

<bblfish> http://bblfish.net/tmp/2011/11/21/index-respec.html#authentication-sequence

in the bblfish branch that moment

<bblfish> it' is in the bblfish branch of mercurial

<bblfish> http://www.w3.org/2005/Incubator/webid/spec/#authentication-sequence

<bblfish> feedback ?

this new version incorporates a lot of Peter's Williams feedback

bergi_: the WebID verification step should be in the yellow box

bblfish: introduced the concept of "guard" which decides whether a WebID authentication is required

<Wikier> Zacim, I am +[CTIC]

<bblfish> http://bblfish.net/tmp/2011/11/21/index-respec.html#authentication-sequence

ACTION bergi_ to explain on the wiki how to request a client certificate after the TLS session has been started on Apache

<trackbot> Sorry, couldn't find user - bergi_

ACTION bergi to explain on the wiki how to request a client certificate after the TLS session has been started on Apache

<trackbot> Sorry, couldn't find user - bergi

ACTION bergie to explain on the wiki how to request a client certificate after the TLS session has been started on Apache

<trackbot> Sorry, couldn't find user - bergie

bergi_: what's you W3 username?

<bergi_> ACTION tbergwin to explain on the wiki how to request a client certificate after the TLS session has been started on Apache

<trackbot> Created ACTION-49 - Explain on the wiki how to request a client certificate after the TLS session has been started on Apache [on Thomas Bergwinkl - due 2011-11-28].

bblfish: kept the possibility to have multiple SAN in the processing steps

bergi_: having multiple WebIDs can improve security, for example by verifying all WebIDs for a "secure" authn mode
... because a hacker would need to hack all servers at the same time
... "high availability" mode would only require one WebID to be verifed

bblfish: there is a lot more research to be done on WebID related topics, but we should focus on the spec and get WebID going, more implementations etc

to show people the potential

bblfish: if we can move to a WG, we hope to get more security experts on board

<bblfish> we were discussing this http://www.w3.org/2005/Incubator/webid/track/issues/62

<bblfish> http://bblfish.net/tmp/2011/11/21/index-respec.html#verifying-the-webid-is-identified-by-that-public-key

bblfish: I think we need use xsd because it is standard and used in the wild. we should use that instead of our custom cert:hex

<domel> BTW, "65537"^^cert:int -> 65537 || "65537"^^xsd:int

bblfish: xsd allows to use SPARQL ASK queries, even though it does not look as nice

<bblfish> use XSD:hexBinary for modulus

<domel> +1

<bblfish> +1

<bergi_> +1

PROPOSAL: use XSD:hexBinary for modulus

<bblfish> the whole point of that would be to make the ASK query in the spec possible

+1

<bblfish> I'll put that to the list

RESOLUTION: use XSD:hexBinary for modulus

<bblfish> PROPOSAL: merge rsa into cert ontology

<domel> +1

+1

<bblfish> +1

<bergi_> +1

<Wikier> +1

<Wikier> hi scor

<bblfish> Wikier thinks diagram is much better :-)

<domel> I propose remove DSA key issue and other dependences from spec

<bblfish> RFC 5746

<bblfish> http://download.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#descPhase2

<bblfish> PROPOSAL: ask mailing list to vote on moving changes to main branch

ACTION scor to fix respec.js errors in the spec

<trackbot> Created ACTION-50 - Fix respec.js errors in the spec [on Stéphane Corlosquet - due 2011-11-28].

bblfish: will you take care of publishing the minutes?

<bblfish> bye

<bblfish> thanks all

<Wikier> bye

<bblfish> trackbot, end meeting

Summary of Action Items

[End of minutes]
Minutes formatted by David Booth's scribe.perl version 1.136 (CVS log)
$Date: 2011/11/21 16:01:56 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.136  of Date: 2011/05/12 12:01:43  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Found Scribe: scor
Inferring ScribeNick: scor

WARNING: No "Topic:" lines found.

Default Present: +1.510.931.aaaa, scor, [IPcaller], +49.874.aabb, bergi_, +1.510.931.aacc, bblfish, [CTIC]
Present: +1.510.931.aaaa scor [IPcaller] +49.874.aabb bergi_ +1.510.931.aacc bblfish [CTIC]

WARNING: No meeting chair found!
You should specify the meeting chair like this:
<dbooth> Chair: dbooth

Found Date: 21 Nov 2011
Guessing minutes URL: http://www.w3.org/2011/11/21-webid-minutes.html
People with action items: 

WARNING: Input appears to use implicit continuation lines.
You may need the "-implicitContinuations" option.


WARNING: No "Topic: ..." lines found!  
Resulting HTML may have an empty (invalid) <ol>...</ol>.

Explanation: "Topic: ..." lines are used to indicate the start of 
new discussion topics or agenda items, such as:
<dbooth> Topic: Review of Amy's report
[End of scribe.perl diagnostic output]