See also: IRC log
<trackbot> Date: 21 November 2011
<Wikier> hi
<bblfish_> ah hi
<bblfish> mhh
<bblfish> perhaps I got disconnected
<bblfish> Zakim I am aacc
<bblfish> http://bblfish.net/tmp/2011/11/21/index-respec.html
<scribe> scribe: scor
bblfish: has been working on a new version of the spec
<bblfish> http://bblfish.net/tmp/2011/11/21/index-respec.html#authentication-sequence
in the bblfish branch that moment
<bblfish> it' is in the bblfish branch of mercurial
<bblfish> http://www.w3.org/2005/Incubator/webid/spec/#authentication-sequence
<bblfish> feedback ?
this new version incorporates a lot of Peter's Williams feedback
bergi_: the WebID verification step should be in the yellow box
bblfish: introduced the concept of "guard" which decides whether a WebID authentication is required
<Wikier> Zacim, I am +[CTIC]
<bblfish> http://bblfish.net/tmp/2011/11/21/index-respec.html#authentication-sequence
ACTION bergi_ to explain on the wiki how to request a client certificate after the TLS session has been started on Apache
<trackbot> Sorry, couldn't find user - bergi_
ACTION bergi to explain on the wiki how to request a client certificate after the TLS session has been started on Apache
<trackbot> Sorry, couldn't find user - bergi
ACTION bergie to explain on the wiki how to request a client certificate after the TLS session has been started on Apache
<trackbot> Sorry, couldn't find user - bergie
bergi_: what's you W3 username?
<bergi_> ACTION tbergwin to explain on the wiki how to request a client certificate after the TLS session has been started on Apache
<trackbot> Created ACTION-49 - Explain on the wiki how to request a client certificate after the TLS session has been started on Apache [on Thomas Bergwinkl - due 2011-11-28].
bblfish: kept the possibility to have multiple SAN in the processing steps
bergi_: having multiple WebIDs
can improve security, for example by verifying all WebIDs for a
"secure" authn mode
... because a hacker would need to hack all servers at the same
time
... "high availability" mode would only require one WebID to be
verifed
bblfish: there is a lot more research to be done on WebID related topics, but we should focus on the spec and get WebID going, more implementations etc
to show people the potential
bblfish: if we can move to a WG, we hope to get more security experts on board
<bblfish> we were discussing this http://www.w3.org/2005/Incubator/webid/track/issues/62
bblfish: I think we need use xsd because it is standard and used in the wild. we should use that instead of our custom cert:hex
<domel> BTW, "65537"^^cert:int -> 65537 || "65537"^^xsd:int
bblfish: xsd allows to use SPARQL ASK queries, even though it does not look as nice
<bblfish> use XSD:hexBinary for modulus
<domel> +1
<bblfish> +1
<bergi_> +1
PROPOSAL: use XSD:hexBinary for modulus
<bblfish> the whole point of that would be to make the ASK query in the spec possible
+1
<bblfish> I'll put that to the list
RESOLUTION: use XSD:hexBinary for modulus
<bblfish> PROPOSAL: merge rsa into cert ontology
<domel> +1
+1
<bblfish> +1
<bergi_> +1
<Wikier> +1
<Wikier> hi scor
<bblfish> Wikier thinks diagram is much better :-)
<domel> I propose remove DSA key issue and other dependences from spec
<bblfish> RFC 5746
<bblfish> http://download.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#descPhase2
<bblfish> PROPOSAL: ask mailing list to vote on moving changes to main branch
ACTION scor to fix respec.js errors in the spec
<trackbot> Created ACTION-50 - Fix respec.js errors in the spec [on Stéphane Corlosquet - due 2011-11-28].
bblfish: will you take care of publishing the minutes?
<bblfish> bye
<bblfish> thanks all
<Wikier> bye
<bblfish> trackbot, end meeting
This is scribe.perl Revision: 1.136 of Date: 2011/05/12 12:01:43 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) Found Scribe: scor Inferring ScribeNick: scor WARNING: No "Topic:" lines found. Default Present: +1.510.931.aaaa, scor, [IPcaller], +49.874.aabb, bergi_, +1.510.931.aacc, bblfish, [CTIC] Present: +1.510.931.aaaa scor [IPcaller] +49.874.aabb bergi_ +1.510.931.aacc bblfish [CTIC] WARNING: No meeting chair found! You should specify the meeting chair like this: <dbooth> Chair: dbooth Found Date: 21 Nov 2011 Guessing minutes URL: http://www.w3.org/2011/11/21-webid-minutes.html People with action items: WARNING: Input appears to use implicit continuation lines. You may need the "-implicitContinuations" option. WARNING: No "Topic: ..." lines found! Resulting HTML may have an empty (invalid) <ol>...</ol>. Explanation: "Topic: ..." lines are used to indicate the start of new discussion topics or agenda items, such as: <dbooth> Topic: Review of Amy's report[End of scribe.perl diagnostic output]