ISSUE-23: Authorized Representations and Dereferencing a WebID URI
Authorized Representations and Dereferencing a WebID URI
- State:
- RAISED
- Product:
- WebID-authn-TLS-spec
- Raised by:
- Nathan Rixham
- Opened on:
- 2011-02-01
- Description:
- A fundamental element of the WebID protocol, if not the purpose of the protocol, is to establish a URI which can be used as a name (identifier) for the Identifying Agent.
The authorized use of a WebID URI by an Identifying Agent is deemed (by the conceptual protocol) to be established by proving ownership of a token, and then verifying the presence of that token in a representation received by dereferencing the WebID URI.
The realization of this element is currently defined by the use of Public/Private Key pairs, the public key is used as a token, ownership of that token is confirmed by passing the public key in a certificate as part of the TLS authentication flow (where ownership of the corresponding private key is proven), when the WebID is dereferenced the presence of the public key in the representation is verified, and the authorized use of that WebID URI is established.
"WebID resource" is used in this case to refer to the agent which responds to dereferencing requests on the "WebID URI".
It is therefore vital that:
- the dereferencing process be well defined
- the "origin server" which will respond to a dereference request is authorized to do so
- the authenticity of the "representation" received by the act of dereferencing can be established
- it can be proven that the representation has not been tampered with (signing) - or - cannot be tampered with (by removing the possibility of intermediaries).
note: caching of responses should also be considered.
All of these points are not addressed by the current WebID protocol. - Related Actions Items:
- No related actions
- Related emails:
- Re: Formal WebID Teleconf Friday February 22 2013 15:00UTC (from henry.story@bblfish.net on 2013-02-26)
- Re: Formal WebID Teleconf Friday February 22 2013 15:00UTC (from henry.story@bblfish.net on 2013-02-22)
- Re: Formal WebID Teleconf Friday February 18 2013 15:00UTC (from andrei.sambra@gmail.com on 2013-02-18)
- Formal WebID Teleconf Friday February 22 2013 15:00UTC (from henry.story@bblfish.net on 2013-02-18)
- Re: Formal WebID Teleconf Friday February 18 2013 15:00UTC (from sergio.fernandez@salzburgresearch.at on 2013-02-18)
- Re: Formal WebID Teleconf Friday February 18 2013 15:00UTC (from henry.story@bblfish.net on 2013-02-18)
- Re: Formal WebID Teleconf Friday February 18 2013 15:00UTC (from andrei.sambra@gmail.com on 2013-02-18)
- Formal WebID Teleconf Friday February 18 2013 15:00UTC (from henry.story@bblfish.net on 2013-02-18)
- WebID-ISSUE-75 (dereferencing): dereferencing process must be well defined [WebID-conceptual-spec] (from sysbot+tracker@w3.org on 2013-02-18)
- RE: WebID-ISSUE-22: Key Pair Revocation / WebID reset [WebID Spec] (from home_pw@msn.com on 2011-02-01)
- Re: WebID-ISSUE-23: Authorized Representations and Dereferencing a WebID URI [WebID Spec] (from henry.story@bblfish.net on 2011-02-01)
- Re: WebID-ISSUE-24: Privacy issues from WebID URI dereferencing [WebID Spec] (from benjamin.heitmann@deri.org on 2011-02-01)
- Re: WebID-ISSUE-24: Privacy issues from WebID URI dereferencing [WebID Spec] (from scorlosquet@gmail.com on 2011-02-01)
- Re: WebID-ISSUE-22: Key Pair Revocation / WebID reset [WebID Spec] (from nathan@webr3.org on 2011-02-01)
- Re: Documenting implicit assumptions? (from nathan@webr3.org on 2011-02-01)
- WebID-ISSUE-24: Privacy issues from WebID URI dereferencing [WebID Spec] (from sysbot+tracker@w3.org on 2011-02-01)
- WebID-ISSUE-23: Authorized Representations and Dereferencing a WebID URI [WebID Spec] (from sysbot+tracker@w3.org on 2011-02-01)
Related notes:
added note about caching of responses
Nathan Rixham, 1 Feb 2011, 11:35:08Display change log