12 Feb
2010
12 Feb
'10
10:44 a.m.
On 12 Feb 2010, at 05:10, Niels Mayer wrote:
I needed some more background on this, as it turned
out I was about to ask a
stupid question about who signs the certs, but that is basically answered
here:
http://blogs.sun.com/bblfish/entry/foaf_ssl_pki_and_the (foaf+ssl, pki and
the duck-rabbit)
Exactly. One could give access rights on parts of the wiki with rules such as
<http://xwiki.org/OSSGTP/> can only be edited by members of the
<http://www.ossgtp.org/members/#ossgtp> group and their friends.
So at <http://www.ossgtp.org/> there would be a foaf:Document describing the current
members, which could be updated periodically. Xwiki.org would get that document every so
often (or it could be pinged on changes).
One can imagine a lot of different scenarios....
Whereas PKI is used for hierarchical trust, we
use it to build a web of
trust. Where X509 certs built up a lot on the Distinguished Name hierarchy,
we nearly ignore it. Where X509 tried to place information in the
certificate, we place it outside at the name location. Even though SSL can
request client certificates in the browser, nobody does this, yet we build
on this little known feature. Self signed client certificates, which would
not have made sense in traditional PKI infrastructure, because they proove
nearly nothing about the client, is what we build everything on....
Ok, this is beginning to make sense. PGP via the web browser, using browser
mechanisms to install SSL client certificates. Looking for more background,
I found these:
http://blogs.sun.com/bblfish/entry/foaf_ssl_adding_security_to
foaf+ssl: adding security to open distributed social networks
http://blogs.sun.com/bblfish/entry/more_on_authorization_in_foaf
foaf+ssl: creating a web of trust without key signing parties
http://blogs.sun.com/bblfish/entry/building_secure_and_distributed_social
Building Secure, Open and Distributed Social Network Applications
...
I think it would be very useful to integrate FOAFiness with Xwiki's access
control: e.g. allow FOAFs passed document links in your wiki to
conditionally register/login and view/comment the given link/document.
Nonregistered users would be given access based on space-rights (if space
not publicly viewable, then access denied). By conditionally register/login,
I mean that you could place access control rules on how far you might want
to allow any private document to "spread" in a foaf network. E.g. some
documents would only be accessible by first-level friends, etc. Is something like the above part of the "use
case" for Foaf+SSL in Xwiki??
Those are use cases for foaf+ssl, and I think XWiki is an Operating System, with aim to
replace emacs, so yes you can do whatever you want ;-)
Henry
Niels
http://nielsmayer.com
_______________________________________________
devs mailing list
devs(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs