--- a/README	Mon Jul 19 13:33:07 2010 -0400
+++ b/README	Mon Jul 19 16:52:40 2010 -0400
@@ -22,13 +22,28 @@
 
 http://github.com/msporny/webid-spec
 
+Feedback
+--------
+
+Don't e-mail patches to the editors, don't send tweets, IMs, or e-mails. 
+Log bugs if you want to request changes to the spec, it is the only way 
+you can make sure that your input will be tracked and considered by 
+the group:
+
+http://github.com/msporny/webid-spec/issues
+
+When logging an issue, be very specific about the problem and the
+exact change and wording that you would like to suggest. The easier
+you make changing the spec, the more likely that your change will be
+placed into the specification.
+
 Contributing
 ------------
 
-To contribute to the specification:
+To directly contribute to the specification:
 
-1. You MUST modify the source code via github. Don't e-mail patches to the
-   editor.
+1. You MUST modify the 'index-respec.html' file via github - it is the
+   primary source document.
 2. You MUST agree to transferring the specification text to a governing
    specification body such as the IETF or W3C when the time comes to 
    transition the documents to an official specification. 

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/drafts/ED-webid-20100718/diff-20100711.html	Mon Jul 19 16:52:40 2010 -0400
@@ -0,0 +1,4224 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML+RDFa 1.0//EN' 'http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd'>
+<html dir="ltr" about="" property="dcterms:language" content="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:dcterms='http://purl.org/dc/terms/' xmlns:bibo='http://purl.org/ontology/bibo/' xmlns:foaf='http://xmlns.com/foaf/0.1/' xmlns:xsd='http://www.w3.org/2001/XMLSchema#'>
+<head>
+    <title>WebID 1.0</title>
+    <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
+    
+<!--  
+      === NOTA BENE ===
+      For the three scripts below, if your spec resides on dev.w3 you can check them
+      out in the same tree and use relative links so that they'll work offline,
+      -->
+
+<style type="text/css">
+code           { font-family: monospace; }
+
+span.hilite { color: red; /* font-weight: bold */ }
+
+li p           { margin-top: 0.3em;
+                 margin-bottom: 0.3em; }
+
+div.explanation { background-color: #ADD8E6;
+                   width: 80%;
+                   margin: 12px; padding: 8px; }
+div.explanation li { margin-top: 8px; }
+div.explanation dd { margin: 4px; }
+
+.adef { 
+	font-family: monospace; 
+	font-weight: bold; 
+    color: #ff4500 !important;
+}
+
+.aref { 
+	font-family: monospace; 
+	font-weight: bold; 
+    color: #ff4500 !important;
+}
+
+span.entity { color: red; }
+
+span.element { color: green; }
+</style>
+
+     
+
+<!--     <script src='/ReSpec.js/js/respec.js' class='remove'></script>  -->
+
+    
+  <link href="http://dev.w3.org/2009/dap/ReSpec.js/css/respec.css" rel="stylesheet" type="text/css" charset="utf-8" /><link href="http://www.w3.org/StyleSheets/TR/w3c-unofficial" rel="stylesheet" type="text/css" charset="utf-8" /><style type='text/css'>
+.diff-old-a {
+  font-size: smaller;
+  color: red;
+}
+
+.diff-new { background-color: yellow; }
+.diff-chg { background-color: lime; }
+.diff-new:before,
+.diff-new:after
+    { content: "\2191" }
+.diff-chg:before, .diff-chg:after
+    { content: "\2195" }
+.diff-old { text-decoration: line-through; background-color: #FBB; }
+.diff-old:before,
+.diff-old:after
+    { content: "\2193" }
+:focus { border: thin red solid}
+</style>
+</head>
+<body style="display: inherit; ">
+<div class="head">
+<p>
+</p>
+<h1 rel="dcterms:title" class="title" id="title">
+WebID
+1.0
+</h1>
+<h2 rel="bibo:subtitle" id="subtitle">
+Web
+Identification
+and
+Discovery
+</h2>
+<h2 property="dcterms:issued" datatype="xsd:dateTime" content="2010-07-18T14:10:06+0000" id="unofficial-draft-18-july-2010">
+Unofficial
+Draft
+<del class="diff-old">11
+</del>
+<ins class="diff-chg">18
+</ins>
+July
+2010
+</h2>
+<dl>
+<dt>
+Editor:
+</dt>
+<dd rel="bibo:editor">
+<span typeof="foaf:Person">
+<span property="foaf:name">
+Manu
+Sporny
+</span>,
+<a rel="foaf:workplaceHomepage" href="http://blog.digitalbazaar.com/">
+Digital
+Bazaar,
+Inc.
+</a>
+<a rel="foaf:mbox" href="mailto:msporny@digitalbazaar.com">
+msporny@digitalbazaar.com
+</a>
+</span>
+</dd>
+<dt>
+Authors:
+</dt>
+<dd>
+<span>
+<a content="Toby Inkster" href="http://tobyinkster.co.uk/">
+Toby
+Inkster
+</a>
+</span>
+</dd>
+<dd>
+<span>
+<a content="Henry Story" href="http://bblfish.net/">
+Henry
+Story
+</a>
+</span>
+</dd>
+<dd>
+<span>
+<a content="Bruno Harbulot" href="http://blog.distributedmatter.net/">
+<ins class="diff-new">Bruno
+Harbulot
+</ins></a></span></dd><dd><span><a content="Reto Bachmann-Gmür" href="http://www.facebook.com/farewellutopia"><ins class="diff-new">
+Reto
+Bachmann-Gmür
+</ins></a></span></dd>
+</dl>
+<p>
+<ins class="diff-new">This
+document
+is
+also
+available
+in
+this
+non-normative
+format:
+</ins><a href="diff-20100711.html"><ins class="diff-new">
+Diff
+from
+previous
+Editors
+Draft
+</ins></a>.</p>
+<p class="copyright">
+This
+document
+is
+licensed
+under
+a
+<a class="subfoot" href="http://creativecommons.org/licenses/by/3.0/" rel="license">
+Creative
+Commons
+Attribution
+3.0
+License
+</a>.
+</p>
+<hr>
+</hr>
+</div>
+<div id="abstract" class="introductory section" property="dcterms:abstract" datatype="" typeof="bibo:Chapter" about="#abstract">
+<h2>
+Abstract
+</h2>
+<p>
+<del class="diff-old">Identification
+</del>
+<ins class="diff-chg">Social
+networking,
+identity
+</ins>
+and
+privacy
+have
+been
+at
+the
+center
+of
+how
+we
+interact
+with
+<del class="diff-old">sites
+on
+</del>
+the
+<del class="diff-old">Web.
+</del>
+<ins class="diff-chg">Web
+in
+the
+last
+decade.
+</ins>
+The
+explosion
+of
+<del class="diff-old">Websites
+over
+the
+last
+decade
+and
+a
+half
+</del>
+<ins class="diff-chg">social
+networking
+sites
+</ins>
+has
+<ins class="diff-new">brought
+the
+world
+closer
+together
+as
+well
+as
+</ins>
+created
+<del class="diff-old">a
+point
+</del>
+<ins class="diff-chg">new
+points
+</ins>
+of
+pain
+<del class="diff-old">for
+anyone
+that
+uses
+</del>
+<ins class="diff-chg">regarding
+ease
+of
+use
+and
+</ins>
+the
+<del class="diff-old">Web
+on
+a
+regular
+basis.
+</del>
+<ins class="diff-chg">Web.
+</ins>
+Remembering
+login
+details,
+passwords,
+and
+sharing
+private
+information
+across
+the
+many
+websites
+<ins class="diff-new">and
+social
+groups
+</ins>
+that
+<del class="diff-old">people
+use
+on
+</del>
+<ins class="diff-chg">we
+are
+</ins>
+a
+<del class="diff-old">daily
+basis
+</del>
+<ins class="diff-chg">part
+of
+</ins>
+has
+become
+more
+difficult
+and
+complicated
+than
+necessary.
+<ins class="diff-new">The
+Social
+Web
+is
+designed
+to
+ensure
+that
+control
+of
+identity
+and
+privacy
+settings
+is
+always
+simple
+and
+under
+one's
+control.
+WebID
+is
+a
+key
+enabler
+of
+the
+Social
+Web.
+</ins>
+This
+specification
+outlines
+a
+simple
+universal
+identification
+mechanism
+that
+is
+distributed,
+openly
+extensible,
+improves
+privacy,
+security
+and
+control
+over
+how
+one
+can
+identify
+themselves
+and
+control
+access
+to
+their
+information
+on
+the
+Web.
+</p>
+<div typeof="bibo:Chapter" about="#how-to-read-this-document" class="section">
+<h3 id="how-to-read-this-document">
+How
+to
+Read
+this
+Document
+</h3>
+<p>
+There
+are
+a
+number
+of
+concepts
+that
+are
+covered
+in
+this
+document
+that
+the
+reader
+may
+want
+to
+be
+aware
+of
+before
+continuing.
+General
+knowledge
+of
+<a href="http://en.wikipedia.org/wiki/Public_key_cryptography">
+public
+key
+cryptography
+</a>
+<ins class="diff-new">and
+RDF
+[
+</ins><a class="bibref" rel="biblioentry" href="#bib-RDF-PRIMER"><ins class="diff-new">
+RDF-PRIMER
+</ins></a><ins class="diff-new">
+]
+and
+RDFa
+[
+</ins><a class="bibref" rel="biblioentry" href="#bib-RDFA-CORE"><ins class="diff-new">
+RDFA-CORE
+</ins></a><ins class="diff-new">
+]
+</ins>
+is
+necessary
+to
+understand
+how
+to
+implement
+this
+specification.
+WebID
+<del class="diff-old">also
+</del>
+uses
+<ins class="diff-new">a
+number
+of
+specific
+technologies
+like
+</ins>
+HTTP
+over
+TLS
+[
+<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">
+HTTP-TLS
+</a>
+],
+X.509
+certificates
+[
+<a class="bibref" rel="biblioentry" href="#bib-X509V3">
+X509V3
+</a>
+],
+<ins class="diff-new">RDF/XML
+[
+</ins><a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR"><ins class="diff-new">
+RDF-SYNTAX-GRAMMAR
+</ins></a><ins class="diff-new">
+]
+</ins>
+and
+<del class="diff-old">RDFa
+</del>
+<ins class="diff-chg">XHTML+RDFa
+</ins>
+[
+<del class="diff-old">RDFA-CORE
+</del>
+<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">
+<ins class="diff-chg">XHTML-RDFA
+</ins>
+</a>
+].
+</p>
+<p>
+A
+general
+<a href="#introduction">
+Introduction
+</a>
+is
+provided
+for
+all
+that
+would
+like
+to
+understand
+why
+this
+specification
+is
+necessary
+to
+simplify
+usage
+of
+the
+Web.
+</p>
+<p>
+The
+terms
+used
+throughout
+this
+specification
+are
+listed
+in
+the
+section
+titled
+<a href="#terminology">
+Terminology
+</a>.
+</p>
+<p>
+Developers
+that
+are
+interested
+in
+implementing
+this
+specification
+will
+be
+most
+interested
+in
+the
+sections
+titled
+<a href="#authentication-sequence">
+Authentication
+Sequence
+</a>
+and
+<a href="#authentication-sequence-details">
+Authentication
+Sequence
+Details
+</a>.
+</p>
+</div>
+</div>
+<div id="sotd" class="introductory section" typeof="bibo:Chapter" about="#sotd">
+<h2>
+Status
+of
+This
+Document
+</h2>
+<p>
+This
+document
+is
+merely
+a
+public
+working
+draft
+of
+a
+potential
+specification.
+It
+has
+no
+official
+standing
+of
+any
+kind
+and
+does
+not
+represent
+the
+support
+or
+consensus
+of
+any
+standards
+organisation.
+</p>
+The
+source
+code
+for
+this
+document
+is
+available
+via
+Github
+at
+the
+following
+URL:
+<a href="http://github.com/msporny/webid-spec">
+http://github.com/msporny/webid-spec
+</a>
+</div>
+<div id="toc" typeof="bibo:Chapter" about="#toc" class="section">
+<h2 class="introductory">
+Table
+of
+Contents
+</h2>
+<ul class="toc">
+<li class="tocline">
+<a href="#introduction" class="tocxref">
+<span class="secno">
+1.
+</span>
+Introduction
+</a>
+<ul class="toc">
+<li class="tocline">
+<a href="#motivation" class="tocxref">
+<span class="secno">
+1.1
+</span>
+Motivation
+</a>
+</li>
+<li class="tocline">
+<a href="#relation-to-openid" class="tocxref">
+<span class="secno">
+1.2
+</span>
+Relation
+to
+OpenID
+</a>
+</li>
+<li class="tocline">
+<a href="#relation-to-oauth" class="tocxref">
+<span class="secno">
+1.3
+</span>
+Relation
+to
+OAuth
+</a>
+</li>
+</ul>
+</li>
+<li class="tocline">
+<a href="#the-webid-protocol" class="tocxref">
+<span class="secno">
+2.
+</span>
+The
+WebID
+Protocol
+</a>
+<ul class="toc">
+<li class="tocline">
+<a href="#terminology" class="tocxref">
+<span class="secno">
+2.1
+</span>
+Terminology
+</a>
+</li>
+<li class="tocline">
+<a href="#authentication-sequence" class="tocxref">
+<span class="secno">
+2.2
+</span>
+Authentication
+Sequence
+</a>
+</li>
+<li class="tocline">
+<a href="#authentication-sequence-details" class="tocxref">
+<span class="secno">
+2.3
+</span>
+Authentication
+Sequence
+Details
+</a>
+<ul class="toc">
+<li class="tocline">
+<a href="#initiating-a-tls-connection" class="tocxref">
+<span class="secno">
+2.3.1
+</span>
+Initiating
+a
+TLS
+Connection
+</a>
+</li>
+<li class="tocline">
+<a href="#exchanging-the-identification-certificate" class="tocxref">
+<span class="secno">
+2.3.2
+</span>
+Exchanging
+the
+Identification
+Certificate
+</a>
+</li>
+<li class="tocline">
+<a href="#processing-the-webid-profile" class="tocxref">
+<span class="secno">
+2.3.3
+</span>
+Processing
+the
+WebID
+Profile
+</a>
+</li>
+<li class="tocline">
+<a href="#extracting-webid-url-details" class="tocxref">
+<span class="secno">
+2.3.4
+</span>
+Extracting
+<del class="diff-old">Identification
+</del>
+<ins class="diff-chg">WebID
+</ins>
+URL
+Details
+</a>
+</li>
+<li class="tocline">
+<a href="#determining-access-privileges" class="tocxref">
+<span class="secno">
+2.3.5
+</span>
+Determining
+Access
+Privileges
+</a>
+</li>
+</ul>
+</li>
+</ul>
+</li>
+<li class="tocline">
+<a href="#references" class="tocxref">
+<span class="secno">
+A.
+</span>
+References
+</a>
+<ul class="toc">
+<li class="tocline">
+<a href="#normative-references" class="tocxref">
+<span class="secno">
+A.1
+</span>
+Normative
+references
+</a>
+</li>
+<li class="tocline">
+<a href="#informative-references" class="tocxref">
+<span class="secno">
+A.2
+</span>
+Informative
+references
+</a>
+</li>
+</ul>
+</li>
+</ul>
+</div>
+<div class="informative section" id="introduction" typeof="bibo:Chapter" about="#introduction">
+<h2>
+<span class="secno">
+1.
+</span>
+Introduction
+</h2>
+<p>
+<em>
+This
+section
+is
+non-normative.
+</em>
+</p>
+<p>
+The
+WebID
+specification
+is
+designed
+to
+help
+alleviate
+the
+difficultly
+that
+remembering
+different
+logins,
+passwords
+and
+settings
+for
+websites
+has
+created.
+It
+is
+also
+designed
+to
+provide
+a
+universal
+and
+extensible
+mechanism
+to
+express
+public
+and
+private
+information
+about
+yourself.
+This
+section
+outlines
+the
+motivation
+behind
+the
+specification
+and
+the
+relationship
+to
+other
+similar
+specifications
+that
+are
+in
+active
+use
+today.
+</p>
+<div class="informative section" id="motivation" typeof="bibo:Chapter" about="#motivation">
+<h3>
+<span class="secno">
+1.1
+</span>
+Motivation
+</h3>
+<p>
+<em>
+This
+section
+is
+non-normative.
+</em>
+</p>
+<p>
+It
+is
+a
+fundamental
+design
+criteria
+of
+the
+Web
+to
+enable
+individuals
+and
+organizations
+to
+control
+how
+they
+interact
+with
+the
+rest
+of
+society.
+This
+includes
+how
+one
+expresses
+their
+identity,
+public
+information
+and
+personal
+details
+to
+social
+networks,
+Web
+sites
+and
+services.
+</p>
+<p>
+Semantic
+Web
+vocabularies
+such
+as
+Friend-of-a-Friend
+(FOAF)
+permit
+distributed
+hyperlinked
+social
+networks
+to
+exist.
+This
+vocabulary,
+along
+with
+other
+vocabularies,
+allow
+one
+to
+add
+information
+and
+services
+protection
+to
+distributed
+social
+networks.
+</p>
+<p>
+One
+major
+criticism
+of
+open
+networks
+is
+that
+they
+seem
+to
+have
+no
+way
+of
+protecting
+the
+personal
+information
+distributed
+on
+the
+web
+or
+limiting
+access
+to
+resources.
+Few
+people
+are
+willing
+to
+make
+all
+their
+personal
+information
+public,
+many
+would
+like
+large
+pieces
+to
+be
+protected,
+making
+it
+available
+only
+to
+a
+select
+group
+of
+agents.
+Giving
+access
+to
+information
+is
+very
+similar
+to
+giving
+access
+to
+services.
+There
+are
+many
+occasions
+when
+people
+would
+like
+services
+to
+only
+be
+accessible
+to
+members
+of
+a
+group,
+such
+as
+allowing
+only
+friends,
+family
+members,
+colleagues
+to
+post
+an
+article,
+photo
+or
+comment
+on
+a
+blog.
+How
+does
+one
+do
+this
+in
+a
+flexible
+way,
+without
+requiring
+a
+central
+point
+of
+access
+control?
+</p>
+<p>
+Using
+an
+process
+made
+popular
+by
+OpenID,
+we
+show
+how
+one
+can
+tie
+a
+User
+Agent
+to
+a
+URL
+by
+proving
+that
+one
+has
+write
+access
+to
+the
+URL.
+WebID
+is
+a
+simpler
+alternative
+to
+OpenID
+(fewer
+connections),
+that
+uses
+X.509
+certificates
+to
+tie
+a
+User
+Agent
+(Browser)
+to
+a
+Person
+identified
+via
+a
+URL.
+WebID
+also
+provides
+a
+few
+additional
+features
+to
+OpenID.
+These
+features
+include
+trust
+management,
+via
+digital
+signatures,
+and
+free-form
+extensibility
+via
+RDFa.
+By
+using
+the
+existing
+SSL
+certificate
+exchange
+mechanism,
+WebID
+integrates
+more
+smoothly
+with
+existing
+Web
+browsers,
+including
+browsers
+on
+mobile
+devices.
+WebID
+also
+permits
+automated
+session
+login
+in
+addition
+to
+interactive
+session
+login.
+Additionally,
+all
+data
+is
+encrypted
+and
+guaranteed
+to
+only
+be
+received
+by
+the
+person
+or
+organization
+that
+was
+intended
+to
+receive
+it.
+</p>
+</div>
+<div class="informative section" id="relation-to-openid" typeof="bibo:Chapter" about="#relation-to-openid">
+<h3>
+<span class="secno">
+1.2
+</span>
+Relation
+to
+OpenID
+</h3>
+<p>
+<em>
+This
+section
+is
+non-normative.
+</em>
+</p>
+<del class="diff-old">While
+some
+may
+say
+that
+OpenID
+</del>
+<p class="issue">
+<ins class="diff-chg">This
+section
+needs
+to
+be
+re-written.
+The
+flow
+</ins>
+and
+<del class="diff-old">WebID
+conflict,
+</del>
+<ins class="diff-chg">grammar
+leaves
+much
+to
+be
+desired.
+--
+manu
+</ins></p><p>
+WebID
+is
+<del class="diff-old">100%
+</del>
+compatible
+with
+<del class="diff-old">OpenID
+since
+both
+</del>
+<ins class="diff-chg">OpenID.
+Both
+protocols
+</ins>
+use
+a
+URL
+<del class="diff-old">for
+identification.
+</del>
+<ins class="diff-chg">that
+dereferences
+to
+a
+Personal
+Profile
+Document.
+This
+Personal
+Profile
+Document
+is
+where
+further
+information
+about
+an
+identity
+can
+be
+discovered.
+This
+mechanism
+is
+compatible
+with
+both
+WebID
+and
+OpenID.
+</ins>
+Therefore,
+WebID
+does
+not
+intend
+to
+replace
+OpenID,
+but
+can
+work
+beside
+OpenID
+<del class="diff-old">just
+as
+easily
+as
+providing
+a
+complete
+solution.
+</del>
+<ins class="diff-chg">by
+sharing
+the
+content
+in
+the
+Personal
+Profile
+Document.
+</ins></p><p>
+That
+said,
+there
+are
+a
+number
+of
+benefits
+that
+WebID
+achieves
+over
+OpenID:
+</p>
+<p>
+WebID
+gives
+people
+and
+other
+agents
+a
+<ins class="diff-new">WebID
+URL
+for
+identification.
+OpenID
+also
+provides
+a
+URL
+to
+a
+Personal
+Profile
+Document.
+However,
+in
+the
+case
+of
+WebID,
+one
+does
+not
+need
+to
+remember
+the
+URL
+since
+the
+User
+Agent
+remembers
+the
+URL
+on
+behalf
+of
+the
+person
+browsing.
+To
+log
+in
+on
+a
+WebID
+web
+site
+there
+is
+no
+need
+to
+enter
+any
+identifier
+like
+one
+has
+to
+do
+for
+OpenID.
+Just
+one
+click
+tells
+the
+browser
+to
+send
+the
+WebID
+URL.
+The
+person
+that
+is
+browsing
+does
+not
+need
+to
+remember
+either
+their
+WebID
+URL
+or
+the
+website
+password.
+The
+only
+password
+one
+may
+need
+to
+remember
+is
+the
+one
+that
+is
+used
+to
+access
+their
+collection
+of
+WebIDs
+in
+their
+browser,
+and
+that's
+only
+if
+they
+opt-in
+to
+password
+protect
+their
+WebIDs.
+</ins></p><p><ins class="diff-new">
+WebID
+gives
+people
+and
+other
+agents
+a
+</ins>
+Web
+ID
+URL
+for
+<del class="diff-old">identification,
+just
+like
+OpenId
+does.
+</del>
+<ins class="diff-chg">identification.
+OpenID
+also
+provides
+a
+URL
+to
+a
+Personal
+Profile
+Document.
+</ins>
+However,
+in
+the
+case
+of
+WebID,
+the
+user
+does
+not
+need
+to
+remember
+the
+URL,
+the
+browser
+or
+User
+Agent
+does.
+A
+login
+button
+on
+a
+WebID
+web
+site
+is
+just
+a
+button.
+No
+need
+to
+enter
+any
+identifier
+like
+one
+has
+to
+for
+OpenID.
+Just
+click
+the
+button.
+Your
+browser
+will
+then
+ask
+you
+what
+identity
+you
+wish
+to
+use.
+The
+person
+that
+is
+browsing
+does
+not
+need
+to
+remember
+either
+the
+WebID
+URL
+or
+the
+website
+password.
+The
+only
+password
+one
+needs
+to
+remember
+is
+the
+one
+that
+is
+used
+to
+access
+their
+collection
+of
+WebIDs
+in
+their
+browser.
+</p>
+<p>
+The
+WebID
+protocol
+requires
+just
+one
+direct
+network
+connection
+to
+establish
+identity
+via
+the
+client.
+The
+server
+requires
+one
+connection
+to
+the
+client
+and
+one
+connection
+to
+retrieve
+the
+WebID
+Profile
+if
+it
+does
+not
+have
+the
+credential
+information
+cached.
+Compare
+this
+to
+the
+much
+more
+complex
+OpenID
+sequence,
+which
+requires
+six
+connections
+by
+the
+client
+to
+establish
+a
+login.
+In
+a
+world
+of
+distributed
+data
+where
+each
+site
+can
+point
+to
+data
+on
+any
+other
+site,
+multiple
+connections
+become
+costly
+to
+manage.
+</p>
+<p>
+WebID
+builds
+on
+<ins class="diff-new">a
+number
+of
+</ins>
+well
+established
+Internet
+and
+Web
+standards;
+<a href="http://en.wikipedia.org/wiki/REST">
+REST
+</a>,
+RDF
+[
+<a class="bibref" rel="biblioentry" href="#bib-RDF-PRIMER">
+RDF-PRIMER
+</a>
+],
+RDFa
+[
+<a class="bibref" rel="biblioentry" href="#bib-RDFA-CORE">
+RDFA-CORE
+</a>
+],
+<ins class="diff-new">RDF/XML
+[
+</ins><a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR"><ins class="diff-new">
+RDF-SYNTAX-GRAMMAR
+</ins></a><ins class="diff-new">
+],
+</ins>
+TLS
+[
+<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">
+HTTP-TLS
+</a>
+],
+and
+X.509
+[
+<a class="bibref" rel="biblioentry" href="#bib-X509V3">
+X509V3
+</a>
+].
+By
+building
+on
+previous
+standards,
+it
+makes
+both
+explaining
+and
+implementing
+WebID
+easier
+on
+developers.
+</p>
+<p>
+Since
+WebID
+is
+RESTful,
+you
+can
+perform
+basic
+HTTP
+operations
+to
+<code>
+GET
+</code>
+your
+WebID,
+and
+if
+you
+needed
+update
+it,
+you
+can
+use
+HTTP
+<code>
+PUT
+</code>
+semantics.
+You
+can
+also
+create
+a
+WebID
+via
+<code>
+POST
+</code>.
+This
+is
+improved
+from
+the
+OpenID
+specification,
+which
+requires
+a
+new
+set
+of
+operations
+described
+in
+the
+OpenID
+Attribute
+Exchange
+specification.
+</p>
+<p>
+<ins class="diff-new">WebID
+is
+built
+on
+RDF
+and
+thus
+enables
+all
+of
+the
+advanced
+semantic
+web
+concepts
+that
+RDF
+enables.
+For
+example,
+a
+developer
+may
+perform
+machine
+reasoning
+with
+a
+WebID.
+One
+can
+construct
+machine-executable
+statements
+like
+"If
+this
+WebID
+claims
+to
+be
+a
+friend
+of
+one
+of
+our
+partner
+WebIDs
+that
+is
+trusted
+and
+the
+relationship
+is
+bi-directional,
+trust
+the
+WebID."
+While
+OpenID
+attempts
+to
+support
+this
+use
+case
+by
+mapping
+OpenID
+to
+RDF,
+it's
+far
+easier
+to
+do
+with
+WebID
+because
+WebID
+is
+natively
+RDF-aware.
+</ins></p><p>
+It
+is
+easy
+to
+extend
+a
+WebID
+with
+new
+attributes
+via
+RDF.
+The
+power
+of
+RDF
+<del class="diff-old">and
+RDFa
+</del>
+allows
+developers
+to
+add
+extensions
+to
+WebID
+by
+defining
+new
+vocabularies
+that
+they
+publish.
+There
+is
+no
+authorization
+process
+necessary
+and
+thus
+WebID
+allows
+for
+distributed
+innovation.
+Every
+WebID
+property
+is
+a
+URI,
+which
+when
+clicked,
+can
+give
+you
+yet
+more
+information
+about
+what
+the
+property
+means.
+A
+developer
+can
+create
+new
+usage
+classes
+by
+extending
+their
+vocabulary
+at
+will.
+A
+developer
+can
+add
+relationships
+to
+a
+WebID
+by
+simply
+adding
+more
+HTML
+to
+the
+developer's
+page.
+OpenID
+does
+not
+provide
+any
+type
+of
+distributed
+innovation
+akin
+to
+<del class="diff-old">RDF
+or
+RDFa.
+WebID
+is
+built
+on
+RDF
+and
+thus
+enables
+all
+of
+the
+advanced
+semantic
+web
+concepts
+that
+RDF
+enables.
+For
+example,
+a
+developer
+may
+perform
+machine
+reasoning
+with
+a
+WebID.
+One
+can
+construct
+machine-executable
+statements
+like
+"If
+this
+WebID
+claims
+to
+be
+a
+friend
+of
+one
+of
+our
+partner
+WebIDs
+that
+is
+trusted
+and
+the
+relationship
+is
+bi-directional,
+trust
+the
+WebID."
+While
+OpenID
+attempts
+to
+support
+this
+use
+case
+by
+mapping
+OpenID
+to
+RDF,
+it's
+far
+easier
+to
+do
+with
+WebID
+because
+WebID
+is
+natively
+RDF-aware.
+</del>
+<ins class="diff-chg">RDF.
+</ins>
+</p>
+<p>
+Implementing
+WebID
+is
+easier
+than
+OpenID
+because
+all
+of
+the
+basic
+technologies
+have
+been
+working
+and
+integrated
+into
+Web
+browsers
+for
+many
+years.
+There
+were
+already
+three
+interoperable
+implementations
+of
+WebID
+before
+this
+specification
+was
+written.
+</p>
+<p>
+WebID
+is
+truly
+decentralized
+-
+with
+WebID
+you
+get
+a
+web
+of
+trust.
+OpenID
+only
+supports
+the
+Web
+of
+Trust
+model
+if
+you
+indirectly
+trust
+the
+OpenID
+provider.
+In
+other
+words
+-
+OpenID
+is
+not
+truly
+decentralized.
+In
+OpenID
+you
+must
+trust
+OpenID
+providers.
+With
+WebID
+you
+only
+have
+to
+trust
+the
+people
+and
+the
+organizations
+with
+which
+you
+are
+communicating.
+In
+other
+words,
+you
+don't
+have
+to
+ask
+anyone
+whether
+or
+not
+you
+can
+trust
+your
+friends.
+You
+can
+query
+people
+that
+you
+trust
+directly
+to
+see
+if
+someone
+is
+trustworthy
+or
+not.
+There
+is
+no
+need
+for
+a
+central
+WebID
+authority.
+</p>
+<p>
+WebID
+is
+fully
+distributed,
+anyone
+can
+setup
+a
+WebID
+by
+placing
+a
+single
+file
+on
+a
+web
+server
+of
+their
+choosing.
+There
+is
+no
+need
+for
+a
+special
+OpenID-like
+provider
+service.
+The
+only
+thing
+anyone
+that
+wants
+a
+WebID
+needs
+is
+a
+web
+account
+where
+you
+can
+post
+your
+WebID
+file,
+ideally
+on
+your
+own
+domain
+name.
+You
+can
+also
+use
+a
+WebID
+hosting
+provider,
+but
+it's
+not
+necessary
+for
+WebID
+to
+work.
+While
+it
+is
+possible
+to
+run
+an
+OpenID
+server,
+other
+OpenID
+applications
+may
+not
+trust
+you
+and
+thus
+you
+won't
+be
+able
+to
+fully
+utilize
+your
+private
+OpenID
+credentials.
+The
+reason
+that
+there
+are
+a
+few
+large
+OpenID
+providers
+and
+very
+few
+small
+OpenID
+providers
+is
+because
+of
+this
+trust
+design
+issue
+related
+to
+OpenID.
+</p>
+<p>
+WebID
+does
+not
+require
+HTTP
+redirects.
+Redirects
+are
+<del class="diff-old">are
+</del>
+problematic
+on
+many
+cell
+phones,
+because
+telecoms
+heavily
+rely
+on
+proxys,
+which
+selectively
+block
+redirects.
+</p>
+<p>
+A
+WebID
+provider
+is
+100%
+compatible
+with
+an
+OpenID
+provider
+and
+thus
+can
+inter-operate
+with
+OpenID-powered
+networks.
+</p>
+</div>
+<div class="informative section" id="relation-to-oauth" typeof="bibo:Chapter" about="#relation-to-oauth">
+<h3>
+<span class="secno">
+1.3
+</span>
+Relation
+to
+OAuth
+</h3>
+<p>
+<em>
+This
+section
+is
+non-normative.
+</em>
+</p>
+<p>
+OAuth
+and
+WebID
+are
+mutually
+beneficial
+when
+used
+together.
+WebID
+can
+be
+used
+to
+provide
+RSA
+parameters
+to
+the
+RSA-SHA1
+signature
+method
+required
+by
+OAuth
+1.0.
+WebID
+can
+also
+be
+used
+to
+establish
+the
+consumer_key
+and
+HTTPS
+connection
+that
+will
+be
+used
+to
+transmit
+OAuth
+Tokens
+in
+OAuth
+2.0.
+</p>
+</div>
+</div>
+<div class="normative section" id="the-webid-protocol" typeof="bibo:Chapter" about="#the-webid-protocol">
+<h2>
+<span class="secno">
+2.
+</span>
+The
+WebID
+Protocol
+</h2>
+<div class="normative section" id="terminology" typeof="bibo:Chapter" about="#terminology">
+<h3>
+<span class="secno">
+2.1
+</span>
+Terminology
+</h3>
+<dl>
+<dt>
+<dfn title="Verification_Agent" id="dfn-verification_agent">
+Verification
+Agent
+</dfn>
+</dt>
+<dd>
+Performs
+authentication
+on
+provided
+WebID
+credentials
+and
+determines
+if
+an
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
+Identification
+Agent
+</a>
+can
+have
+access
+to
+a
+particular
+resource.
+A
+<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
+Verification
+Agent
+</a>
+is
+typically
+a
+Web
+server,
+but
+may
+also
+be
+a
+peer
+on
+a
+peer-to-peer
+network.
+</dd>
+<dt>
+<dfn title="Identification_Agent" id="dfn-identification_agent">
+Identification
+Agent
+</dfn>
+</dt>
+<dd>
+Provides
+identification
+credentials
+to
+a
+Verification
+Agent.
+The
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
+Identification
+Agent
+</a>
+is
+typically
+also
+a
+User
+Agent.
+</dd>
+<dt>
+<dfn title="Identification_Certificate" id="dfn-identification_certificate">
+Identification
+Certificate
+</dfn>
+</dt>
+<dd>
+An
+X.509
+[
+<a class="bibref" rel="biblioentry" href="#bib-X509V3">
+X509V3
+</a>
+]
+Certificate
+that
+<em class="rfc2119" title="must">
+must
+</em>
+contain
+<del class="diff-old">the
+</del>
+<ins class="diff-chg">a
+</ins>
+<code>
+Subject
+Alternative
+Name
+</code>
+<del class="diff-old">field
+pointing
+to
+</del>
+<ins class="diff-chg">extension
+with
+a
+URI
+entry.
+The
+URI
+</ins><em class="rfc2119" title="should"><ins class="diff-chg">
+should
+</ins></em><ins class="diff-chg">
+be
+a
+URL,
+and
+</ins><em class="rfc2119" title="should not"><ins class="diff-chg">
+should
+not
+</ins></em><ins class="diff-chg">
+be
+</ins>
+a
+<ins class="diff-new">URN.
+The
+</ins>
+URL
+<del class="diff-old">that
+is
+</del>
+<ins class="diff-chg">identifies
+the
+</ins><a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent"><ins class="diff-chg">
+Identification
+Agent
+</ins></a>.<ins class="diff-chg">
+The
+URL
+</ins><em class="rfc2119" title="must"><ins class="diff-chg">
+must
+</ins></em><ins class="diff-chg">
+be
+</ins>
+dereference-able
+and
+<del class="diff-old">results
+</del>
+<ins class="diff-chg">result
+</ins>
+in
+a
+document
+containing
+RDF
+data.
+For
+<del class="diff-old">example
+</del>
+<ins class="diff-chg">example,
+</ins>
+the
+certificate
+would
+contain
+<code>
+http://example.org/webid#public
+</code>,
+known
+as
+a
+<a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">
+WebID
+URL
+</a>,
+as
+the
+<code>
+Subject
+Alternative
+Name
+</code>:
+<code><pre>
+X509v3 extensions:
+   ...
+   X509v3 Subject Alternative Name:
+      URI:http://example.org/webid#public
+</pre>
+</code>
+</dd>
+<dt>
+<dfn title="WebID_URL" id="dfn-webid_url">
+WebID
+URL
+</dfn>
+</dt>
+<dd>
+A
+URL
+specified
+<del class="diff-old">in
+</del>
+<ins class="diff-chg">via
+</ins>
+the
+<code>
+Subject
+Alternative
+Name
+</code>
+<del class="diff-old">field
+</del>
+<ins class="diff-chg">extension
+</ins>
+of
+the
+<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">
+Identification
+Certificate
+</a>
+that
+identifies
+<ins class="diff-new">an
+</ins><a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent"><ins class="diff-new">
+Identification
+Agent
+</ins></a>.</dd><dt><dfn title="public_key" id="dfn-public_key"><ins class="diff-new">
+public
+key
+</ins></dfn></dt><dd><ins class="diff-new">
+A
+widely
+distributed
+crytographic
+key
+that
+can
+be
+used
+to
+verify
+digital
+signatures
+and
+encrypt
+data
+between
+</ins>
+a
+<del class="diff-old">WebID
+Profile
+</del>
+<ins class="diff-chg">sender
+and
+a
+receiver.
+A
+public
+key
+is
+always
+included
+in
+an
+</ins><a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate"><ins class="diff-chg">
+Identification
+Certificate
+</ins>
+</a>
+<del class="diff-old">document.
+</del>
+</dd>
+<dt>
+<dfn title="WebID_Profile" id="dfn-webid_profile">
+WebID
+Profile
+</dfn>
+</dt>
+<dd>
+A
+structured
+document
+that
+contains
+identification
+credentials
+for
+the
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
+Identification
+Agent
+</a>
+expressed
+using
+the
+Resource
+Description
+Framework
+[
+<a class="bibref" rel="biblioentry" href="#bib-RDF-CONCEPTS">
+RDF-CONCEPTS
+</a>
+].
+<del class="diff-old">The
+</del>
+<ins class="diff-chg">Either
+the
+</ins>
+XHTML+RDFa
+1.1
+[
+<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">
+XHTML-RDFA
+</a>
+]
+serialization
+format
+<ins class="diff-new">or
+the
+RDF/XML
+[
+</ins><a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR"><ins class="diff-new">
+RDF-SYNTAX-GRAMMAR
+</ins></a><ins class="diff-new">
+]
+serialization
+format
+</ins>
+<em class="rfc2119" title="must">
+must
+</em>
+be
+supported
+by
+the
+mechanism,
+e.g.
+a
+Web
+Service,
+providing
+the
+WebID
+Profile
+document.
+Alternate
+RDF
+serialization
+formats,
+such
+as
+N3
+[
+<a class="bibref" rel="biblioentry" href="#bib-N3">
+N3
+</a>
+<del class="diff-old">],
+</del>
+<ins class="diff-chg">]
+or
+</ins>
+Turtle
+[
+<a class="bibref" rel="biblioentry" href="#bib-TURTLE">
+TURTLE
+</a>
+],
+<del class="diff-old">or
+RDF/XML
+[
+RDF-SYNTAX-GRAMMAR
+]
+</del>
+<em class="rfc2119" title="may">
+may
+</em>
+be
+supported
+by
+the
+mechanism
+providing
+the
+WebID
+Profile
+document.
+</dd>
+</dl>
+<p class="issue">
+<ins class="diff-new">Whether
+or
+not
+RDF/XML,
+XHTML+RDFa
+1.1,
+both
+or
+neither
+serialization
+of
+RDF
+should
+be
+required
+serialization
+formats
+in
+the
+specification
+is
+currently
+under
+heavy
+debate.
+</ins></p>
+</div>
+<div class="normative section" id="authentication-sequence" typeof="bibo:Chapter" about="#authentication-sequence">
+<h3>
+<span class="secno">
+2.2
+</span>
+Authentication
+Sequence
+</h3>
+<p>
+The
+following
+steps
+are
+executed
+by
+Verification
+Agents
+and
+Identification
+Agents
+to
+determine
+if
+access
+should
+be
+granted
+to
+a
+particular
+resource.
+</p>
+<ol>
+<li>
+The
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
+Identification
+Agent
+</a>
+attempts
+to
+access
+a
+resource
+using
+HTTP
+over
+TLS
+[
+<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">
+HTTP-TLS
+</a>
+]
+via
+the
+<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
+Verification
+Agent
+</a>.
+</li>
+<li>
+The
+<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
+Verification
+Agent
+</a>
+<em class="rfc2119" title="must">
+must
+</em>
+request
+the
+<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">
+Identification
+Certificate
+</a>
+of
+the
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
+Identification
+Agent
+</a>
+as
+a
+part
+of
+the
+TLS
+client-cerificate
+retrieval
+protocol.
+</li>
+<li>
+The
+<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
+Verification
+Agent
+</a>
+<em class="rfc2119" title="must">
+must
+</em>
+extract
+the
+<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
+<ins class="diff-new">public
+key
+</ins></a><ins class="diff-new">
+and
+the
+</ins>
+<a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">
+WebID
+URL
+</a>
+contained
+in
+the
+<code>
+Subject
+Alternative
+Name
+</code>
+<del class="diff-old">field
+</del>
+<ins class="diff-chg">extension
+</ins>
+of
+the
+<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">
+Identification
+Certificate
+</a>.
+</li>
+<li>
+The
+<del class="diff-old">WebID
+Profile
+document
+must
+be
+dereferenced
+and
+all
+triples
+pertaining
+to
+the
+</del>
+<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
+public
+key
+</a>
+<ins class="diff-new">information
+</ins>
+associated
+with
+the
+<a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">
+WebID
+URL
+</a>
+<em class="rfc2119" title="must">
+must
+</em>
+be
+<del class="diff-old">extracted.
+The
+remote
+document
+triples
+</del>
+<ins class="diff-chg">verified
+by
+the
+</ins><a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent"><ins class="diff-chg">
+Verification
+Agent
+</ins></a>.<ins class="diff-chg">
+This
+</ins>
+<em class="rfc2119" title="must">
+must
+</em>
+be
+<del class="diff-old">queried
+for
+information
+about
+</del>
+<ins class="diff-chg">performed
+by
+validating
+</ins>
+the
+<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
+public
+key
+</a>
+<ins class="diff-new">associated
+with
+the
+</ins><a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url"><ins class="diff-new">
+WebID
+URL
+</ins></a>.<ins class="diff-new">
+This
+process
+</ins><em class="rfc2119" title="should"><ins class="diff-new">
+should
+</ins></em><ins class="diff-new">
+occur
+either
+by
+dereferencing
+the
+</ins><a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url"><ins class="diff-new">
+WebID
+URL
+</ins></a><ins class="diff-new">
+and
+extracting
+RDF
+data
+from
+the
+resulting
+document,
+or
+by
+utilizing
+a
+cached
+version
+of
+the
+RDF
+data
+</ins>
+contained
+in
+the
+<del class="diff-old">Identification
+Certificate
+</del>
+<ins class="diff-chg">document
+or
+other
+data
+source
+that
+is
+up-to-date
+and
+trusted
+by
+the
+</ins><a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent"><ins class="diff-chg">
+Verification
+Agent
+</ins></a>.<ins class="diff-chg">
+The
+processing
+and
+extraction
+mechanism
+is
+further
+detailed
+in
+the
+sections
+titled
+</ins><a href="#processing-the-webid-profile"><ins class="diff-chg">
+Processing
+the
+WebID
+Profile
+</ins></a><ins class="diff-chg">
+and
+</ins><a href="#extracting-webid-url-details"><ins class="diff-chg">
+Extracting
+WebID
+URL
+Details
+</ins>
+</a>.
+</li>
+<li>
+If
+the
+<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
+public
+key
+</a>
+in
+the
+<del class="diff-old">certificate
+</del>
+<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">
+<ins class="diff-chg">Identification
+Certificate
+</ins></a>
+is
+found
+in
+the
+list
+of
+<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
+public
+<del class="diff-old">keys
+</del>
+<ins class="diff-chg">key
+</ins></a><ins class="diff-chg">
+s
+</ins>
+associated
+with
+the
+<a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">
+WebID
+URL
+</a>,
+the
+<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
+Verification
+Agent
+</a>
+<em class="rfc2119" title="must">
+must
+</em>
+assume
+that
+the
+client
+has
+write
+access
+to
+the
+<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">
+WebID
+Profile
+</a>
+and
+therefore
+owns
+the
+document.
+</li>
+<li>
+<del class="diff-old">At
+this
+point,
+</del>
+<ins class="diff-chg">If
+</ins>
+the
+<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
+Verification
+Agent
+</a>
+has
+verified
+that
+the
+<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">
+WebID
+Profile
+</a>
+is
+owned
+by
+the
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
+Identification
+Agent
+<del class="diff-old">.
+The
+</del>
+</a>,
+<ins class="diff-chg">the
+</ins>
+<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
+Verification
+Agent
+</a>
+<em class="rfc2119" title="must">
+must
+</em>
+use
+the
+<del class="diff-old">now
+</del>
+verified
+<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
+public
+key
+</a>
+contained
+in
+the
+<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">
+Identification
+Certificate
+</a>
+for
+all
+TLS-based
+communication
+with
+the
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
+Identification
+Agent
+</a>.
+</li>
+</ol>
+<p>
+The
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
+Identification
+Agent
+</a>
+<em class="rfc2119" title="may">
+may
+</em>
+re-establish
+a
+different
+identity
+at
+any
+time
+by
+executing
+all
+of
+the
+steps
+in
+the
+Authentication
+Sequence
+again.
+Additional
+algorithms,
+detailed
+in
+the
+next
+section,
+<em class="rfc2119" title="may">
+may
+</em>
+be
+performed
+to
+determine
+if
+the
+<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
+Verification
+Agent
+</a>
+can
+access
+a
+particular
+resource
+after
+the
+last
+step
+of
+the
+Authentication
+Sequence
+has
+been
+completed.
+</p>
+</div>
+<div class="normative section" id="authentication-sequence-details" typeof="bibo:Chapter" about="#authentication-sequence-details">
+<h3>
+<span class="secno">
+2.3
+</span>
+Authentication
+Sequence
+Details
+</h3>
+<p>
+This
+section
+covers
+details
+about
+each
+step
+in
+the
+authentication
+process.
+</p>
+<div class="normative section" id="initiating-a-tls-connection" typeof="bibo:Chapter" about="#initiating-a-tls-connection">
+<h4>
+<span class="secno">
+2.3.1
+</span>
+Initiating
+a
+TLS
+Connection
+</h4>
+<p class="issue">
+This
+section
+will
+detail
+how
+the
+TLS
+connection
+process
+is
+started
+and
+used
+by
+WebID
+to
+create
+a
+secure
+channel
+between
+the
+Identification
+Agent
+and
+the
+Verification
+Agent.
+</p>
+</div>
+<div class="normative section" id="exchanging-the-identification-certificate" typeof="bibo:Chapter" about="#exchanging-the-identification-certificate">
+<h4>
+<span class="secno">
+2.3.2
+</span>
+Exchanging
+the
+Identification
+Certificate
+</h4>
+<p class="issue">
+This
+section
+will
+detail
+how
+the
+certificate
+is
+selected
+and
+sent
+to
+the
+Verification
+Agent.
+</p>
+</div>
+<div class="normative section" id="processing-the-webid-profile" typeof="bibo:Chapter" about="#processing-the-webid-profile">
+<h4>
+<span class="secno">
+2.3.3
+</span>
+Processing
+the
+WebID
+Profile
+</h4>
+<p>
+A
+<ins class="diff-new">Verification
+Agent
+</ins><em class="rfc2119" title="must"><ins class="diff-new">
+must
+</ins></em><ins class="diff-new">
+be
+able
+to
+process
+documents
+in
+RDF/XML
+[
+</ins><a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR"><ins class="diff-new">
+RDF-SYNTAX-GRAMMAR
+</ins></a><ins class="diff-new">
+]
+and
+XHTML+RDFa
+[
+</ins><a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA"><ins class="diff-new">
+XHTML-RDFA
+</ins></a><ins class="diff-new">
+].
+A
+</ins>
+server
+responding
+to
+a
+WebID
+Profile
+request
+<em class="rfc2119" title="should">
+<ins class="diff-new">should
+</ins></em><ins class="diff-new">
+support
+HTTP
+content
+negotiation.
+The
+server
+</ins>
+<em class="rfc2119" title="must">
+must
+</em>
+<del class="diff-old">support
+returning
+an
+XHTML+RDFa
+[
+XHTML-RDFA
+]
+document
+with
+either
+</del>
+<ins class="diff-chg">return
+</ins>
+a
+<ins class="diff-new">representation
+in
+RDF/XML
+for
+media
+type
+</ins><code><ins class="diff-new">
+application/rdf+xml
+</ins></code>.<ins class="diff-new">
+The
+server
+</ins><em class="rfc2119" title="must"><ins class="diff-new">
+must
+</ins></em><ins class="diff-new">
+return
+a
+representation
+in
+XHTML+RDFa
+for
+media
+type
+</ins>
+<code>
+text/html
+</code>
+or
+<ins class="diff-new">media
+type
+</ins>
+<code>
+application/xhtml+xml
+<del class="diff-old">MIMEtype.
+A
+server
+</del>
+</code>.
+<a class="tref" title="Verification_Agents">
+<ins class="diff-chg">Verification
+Agents
+</ins></a><ins class="diff-chg">
+and
+</ins><a class="tref" title="Identification_Agents"><ins class="diff-chg">
+Identification
+Agents
+</ins></a>
+<em class="rfc2119" title="may">
+may
+</em>
+support
+<ins class="diff-new">any
+other
+RDF
+format
+via
+</ins>
+HTTP
+content
+<del class="diff-old">negotiation
+and
+return
+a
+document
+that
+conforms
+to
+N3
+[
+N3
+],
+Turtle
+[
+TURTLE
+],
+or
+RDF/XML
+[
+RDF-SYNTAX-GRAMMAR
+].
+</del>
+<ins class="diff-chg">negotiation.
+</ins>
+</p>
+<p class="issue">
+This
+section
+will
+explain
+how
+a
+Verification
+Agent
+extracts
+semantic
+data
+describing
+the
+identification
+credentials
+from
+a
+WebID
+Profile.
+</p>
+</div>
+<div class="normative section" id="extracting-webid-url-details" typeof="bibo:Chapter" about="#extracting-webid-url-details">
+<h4>
+<span class="secno">
+2.3.4
+</span>
+Extracting
+<del class="diff-old">Identification
+</del>
+<ins class="diff-chg">WebID
+</ins>
+URL
+Details
+</h4>
+<p>
+The
+<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
+Verification
+Agent
+</a>
+may
+use
+a
+number
+of
+different
+methods
+to
+extract
+the
+<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
+public
+key
+</a>
+information
+from
+the
+<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">
+WebID
+Profile
+</a>.
+</p>
+The
+following
+SPARQL
+query
+outlines
+one
+way
+in
+which
+the
+<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
+public
+key
+</a>
+could
+be
+extracted
+from
+the
+<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">
+WebID
+Profile
+</a>:
+<code><pre>
+PREFIX cert: &lt;http://www.w3.org/ns/auth/cert#&gt;
+PREFIX rsa: &lt;http://www.w3.org/ns/auth/rsa#&gt;
+SELECT ?modulus ?exp
+WHERE {
+   ?key cert:identity &lt;http://example.org/webid#public&gt;;
+      a rsa:RSAPublicKey;
+      rsa:modulus [ cert:hex ?modulus; ];
+      rsa:public_exponent [ cert:decimal ?exp ] .
+}
+</pre>
+</code>
+<p class="issue">
+This
+section
+still
+needs
+more
+information.
+</p>
+</div>
+<div class="normative section" id="determining-access-privileges" typeof="bibo:Chapter" about="#determining-access-privileges">
+<h4>
+<span class="secno">
+2.3.5
+</span>
+Determining
+Access
+Privileges
+</h4>
+<p class="issue">
+This
+section
+will
+explain
+how
+a
+Verification
+Agent
+may
+use
+the
+information
+discovered
+via
+a
+WebID
+URL
+to
+determine
+if
+one
+should
+be
+able
+to
+access
+a
+particular
+resource.
+It
+will
+explain
+how
+a
+Verification
+Agent
+can
+use
+links
+to
+other
+RDFa
+documents
+to
+build
+knowledge
+about
+the
+given
+WebID.
+</p>
+</div>
+</div>
+<div id="appendix" typeof="bibo:Chapter" about="#appendix" class="section">
+<div class="informative section" id="history" typeof="bibo:Chapter" about="#history">
+<h4>
+Change
+History
+</h4>
+<p>
+<em>
+This
+section
+is
+non-normative.
+</em>
+</p>
+<p>
+2010-07-11
+Initial
+version.
+</p>
+</div>
+<div class="informative section" id="acknowledgements" typeof="bibo:Chapter" about="#acknowledgements">
+<h4>
+Acknowledgments
+</h4>
+<p>
+<em>
+This
+section
+is
+non-normative.
+</em>
+</p>
+<p>
+The
+following
+people
+have
+been
+instrumental
+in
+providing
+thoughts,
+feedback,
+reviews,
+criticism
+and
+input
+in
+the
+creation
+of
+this
+specification:
+</p>
+<ul>
+<li>
+Melvin
+Carvalho
+</li>
+<li>
+Bruno
+Harbulot
+</li>
+<li>
+Toby
+Inkster
+</li>
+<li>
+Ian
+Jacobi
+</li>
+<li>
+Jeff
+Sayre
+</li>
+<li>
+Henry
+Story
+</li>
+</ul>
+</div>
+</div>
+</div>
+<div id="references" class="appendix section" typeof="bibo:Chapter" about="#references">
+<h2>
+<span class="secno">
+A.
+</span>
+References
+</h2>
+<div id="normative-references" typeof="bibo:Chapter" about="#normative-references" class="section">
+<h3>
+<span class="secno">
+A.1
+</span>
+Normative
+references
+</h3>
+<dl class="bibliography" about="">
+<dt id="bib-HTTP-TLS">
+[HTTP-TLS]
+</dt>
+<dd rel="dcterms:requires">
+E.
+Rescorla.
+<a href="http://www.ietf.org/rfc/rfc2818.txt">
+<cite>
+HTTP
+Over
+TLS.
+</cite>
+</a>
+May
+2000.
+Internet
+RFC
+2818.
+URL:
+<a href="http://www.ietf.org/rfc/rfc2818.txt">
+http://www.ietf.org/rfc/rfc2818.txt
+</a>
+</dd>
+<dt id="bib-N3">
+[N3]
+</dt>
+<dd rel="dcterms:requires">
+Tim
+Berners-Lee;
+Dan
+Connolly.
+<a href="http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/">
+<cite>
+Notation3
+(N3):
+A
+readable
+RDF
+syntax.
+</cite>
+</a>
+14
+January
+2008.
+W3C
+Team
+Submission.
+URL:
+<a href="http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/">
+http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/
+</a>
+</dd>
+<dt id="bib-RDF-PRIMER">
+<ins class="diff-new">[RDF-PRIMER]
+</ins></dt><dd rel="dcterms:requires"><ins class="diff-new">
+Frank
+Manola;
+Eric
+Miller.
+</ins><a href="http://www.w3.org/TR/2004/REC-rdf-primer-20040210/"><cite><ins class="diff-new">
+RDF
+Primer.
+</ins></cite></a><ins class="diff-new">
+10
+February
+2004.
+W3C
+Recommendation.
+URL:
+</ins><a href="http://www.w3.org/TR/2004/REC-rdf-primer-20040210/"><ins class="diff-new">
+http://www.w3.org/TR/2004/REC-rdf-primer-20040210/
+</ins></a></dd>
+<dt id="bib-RDF-SYNTAX-GRAMMAR">
+[RDF-SYNTAX-GRAMMAR]
+</dt>
+<dd rel="dcterms:requires">
+Dave
+Beckett.
+<a href="http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210">
+<cite>
+RDF/XML
+Syntax
+Specification
+(Revised).
+</cite>
+</a>
+10
+February
+2004.
+W3C
+Recommendation.
+URL:
+<a href="http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210">
+http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210
+</a>
+</dd>
+<dt id="bib-RDFA-CORE">
+[RDFA-CORE]
+</dt>
+<dd rel="dcterms:requires">
+Shane
+McCarron;
+et
+al.
+<a href="http://www.w3.org/TR/2010/WD-rdfa-core-20100422">
+<cite>
+RDFa
+Core
+1.1:
+Syntax
+and
+processing
+rules
+for
+embedding
+RDF
+through
+attributes.
+</cite>
+</a>
+22
+April
+2010.
+W3C
+Working
+Draft.
+URL:
+<a href="http://www.w3.org/TR/2010/WD-rdfa-core-20100422">
+http://www.w3.org/TR/2010/WD-rdfa-core-20100422
+</a>
+</dd>
+<dt id="bib-TURTLE">
+[TURTLE]
+</dt>
+<dd rel="dcterms:requires">
+David
+Beckett,
+Tim
+Berners-Lee.
+<a href="http://www.w3.org/TeamSubmission/turtle/">
+Turtle:
+Terse
+RDF
+Triple
+Language
+</a>
+January
+2008.
+W3C
+Team
+Submission.
+URL:
+<a href="http://www.w3.org/TeamSubmission/turtle/">
+http://www.w3.org/TeamSubmission/turtle/
+</a>
+</dd>
+<dt id="bib-X509V3">
+[X509V3]
+</dt>
+<dd rel="dcterms:requires">
+<cite>
+ITU-T
+Recommendation
+X.509
+version
+3
+(1997).
+"Information
+Technology
+-
+Open
+Systems
+Interconnection
+-
+The
+Directory
+Authentication
+Framework"
+ISO/IEC
+9594-8:1997
+</cite>.
+</dd>
+<dt id="bib-XHTML-RDFA">
+[XHTML-RDFA]
+</dt>
+<dd rel="dcterms:requires">
+Shane
+McCarron;
+et.
+al.
+<a href="http://www.w3.org/TR/2010/WD-xhtml-rdfa-20100422">
+<cite>
+XHTML+RDFa
+1.1.
+</cite>
+</a>
+22
+April
+2010.
+W3C
+Working
+Draft.
+URL:
+<a href="http://www.w3.org/TR/2010/WD-xhtml-rdfa-20100422">
+http://www.w3.org/TR/WD-xhtml-rdfa-20100422
+</a>
+</dd>
+</dl>
+</div>
+<div id="informative-references" typeof="bibo:Chapter" about="#informative-references" class="section">
+<h3>
+<span class="secno">
+A.2
+</span>
+Informative
+references
+</h3>
+<dl class="bibliography" about="">
+<dt id="bib-RDF-CONCEPTS">
+[RDF-CONCEPTS]
+</dt>
+<dd rel="dcterms:references">
+Graham
+Klyne;
+Jeremy
+J.
+Carroll.
+<a href="http://www.w3.org/TR/2004/REC-rdf-concepts-20040210">
+<cite>
+Resource
+Description
+Framework
+(RDF):
+Concepts
+and
+Abstract
+Syntax.
+</cite>
+</a>
+10
+February
+2004.
+W3C
+Recommendation.
+URL:
+<a href="http://www.w3.org/TR/2004/REC-rdf-concepts-20040210">
+http://www.w3.org/TR/2004/REC-rdf-concepts-20040210
+<del class="diff-old">[RDF-PRIMER]
+Frank
+Manola;
+Eric
+Miller.
+RDF
+Primer.
+10
+February
+2004.
+W3C
+Recommendation.
+URL:
+http://www.w3.org/TR/2004/REC-rdf-primer-20040210/
+</del>
+</a>
+</dd>
+</dl>
+</div>
+</div>
+</body>
+</html>