ISSUE-2: Explore the role of Issuer Alternative Names in WebIDs

IAN

Explore the role of Issuer Alternative Names in WebIDs

State:
RAISED
Product:
WebID-authn-TLS-spec
Raised by:
Henry Story
Opened on:
2011-01-27
Description:
Explore the role of Issuer Alternative Names in WebIDs. Issuer Alternative Names (IAN) are part of the same extension of X.509 as Subject Alternative Names (SAN) which is what we are currently using, as per spec, to identify the user via preferrably and https WebID.

So what can we do if we have a WebID for an IAN?

Does having a WebID for an issuer on a server certificate other than a DNS name make sense? [1]

Each idea will once explained clearly, require a proof that it really does do what we initially hope
it could do.

What is seems relatively clear is that the WebID protocol could be used to verify the Identity of the Issuer, assuming he has signed the certificate, in a very similar manner to the verification of the Subject.

[1] for some insights see the RFC draft pointed out to us by Nathan
http://tools.ietf.org/html/draft-saintandre-tls-server-id-check-14
summarised by Jan Wildeboer
http://lists.w3.org/Archives/Public/public-xg-webid/2011Jan/0063.html
Related Actions Items:
No related actions
Related emails:
  1. Re: future of Identity on the Web (from henry.story@bblfish.net on 2011-10-26)
  2. Re: future of Identity on the Web (from hhalpin@w3.org on 2011-10-26)
  3. Re: future of Identity on the Web (from henry.story@bblfish.net on 2011-10-26)
  4. Re: future of Identity on the Web (from henry.story@bblfish.net on 2011-10-26)
  5. Re: future of Identity on the Web (from henry.story@bblfish.net on 2011-10-25)
  6. RE: Turning every Web Server into a CA (from home_pw@msn.com on 2011-02-04)
  7. Re: Turning every Web Server into a CA (from henry.story@bblfish.net on 2011-02-04)
  8. Re: Turning every Web Server into a CA (from henry.story@bblfish.net on 2011-02-04)
  9. Turning every Web Server into a CA (from henry.story@bblfish.net on 2011-02-03)
  10. working with the world, as it adapts to changes in the role of DNS (from home_pw@msn.com on 2011-02-03)
  11. WebID-ISSUE-2 (bblfish): Explore the role of Issuer Alternative Names in WebIDs (from sysbot+tracker@w3.org on 2011-01-27)

Related notes:

One should consider looking at how the BrowserId folk go around publishing the server certificate, as that could be used as a lookup for the Issuer Alternative name.

Henry Story, 25 Oct 2011, 21:32:16

Display change log ATOM feed

Henry Story <Henry.Story@bblfish.net>, Chair, Dominique Hazaƫl-Massieux <dom@w3.org>, Staff Contact
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: 2.html,v 1.1 2019/12/03 13:24:56 carcone Exp $