merged into default branch for publication
authorHenry Story <henry.story@bblfish.net>
Wed, 23 Nov 2011 20:53:38 +0100
changeset 210 2f757bc57056
parent 191 3e8b27e22344 (current diff)
parent 209 45e06d74e19d (diff)
child 211 5407c4ddc111
merged into default branch for publication
--- a/ontologies/build.sh	Fri Nov 18 20:05:15 2011 +0100
+++ b/ontologies/build.sh	Wed Nov 23 20:53:38 2011 +0100
@@ -3,10 +3,10 @@
 specgen/specgen6.py --ontofile=cert.rdf --prefix=cert --indir=. --outdir=. --ns=http://www.w3.org/ns/auth/cert#
 mv _tmp_spec.html cert.html
 
-cwm rsa.n3 -rdf > rsa.rdf
-cp rdfa/template_rsa.html template.html
-specgen/specgen6.py --ontofile=rsa.rdf --prefix=rsa --indir=. --outdir=. --ns=http://www.w3.org/ns/auth/rsa#
-mv _tmp_spec.html rsa.html
+#cwm rsa.n3 -rdf > rsa.rdf
+#cp rdfa/template_rsa.html template.html
+#specgen/specgen6.py --ontofile=rsa.rdf --prefix=rsa --indir=. --outdir=. --ns=http://www.w3.org/ns/auth/rsa#
+#mv _tmp_spec.html rsa.html
 
 
 
--- a/ontologies/cert.html	Fri Nov 18 20:05:15 2011 +0100
+++ b/ontologies/cert.html	Wed Nov 23 20:53:38 2011 +0100
@@ -77,10 +77,12 @@
  
  
 <div class="azlist">
-<p>Classes: | <a href="#Certificate">Certificate</a> |  <a href="#PGPCertificate">PGPCertificate</a> |  <a href="#PrivateKey">PrivateKey</a> |  <a href="#PublicKey">PublicKey</a> |  <a href="#Signature">Signature</a> |  <a href="#X509Certificate">X509Certificate</a> | 
-</p>
-<p>Properties: | <a href="#decimal">decimal</a> |  <a href="#hex">hex</a> |  <a href="#identity">identity</a> |  <a href="#key">key</a> | 
-</p>
+<p><span style="font-weight: bold;">Classes:</span> <a href="#Certificate">Certificate</a> | <a href="#PGPCertificate">PGPCertificate</a> | <a href="#PrivateKey">PrivateKey</a> | <a href="#PublicKey">PublicKey</a> | <a href="#RSAKey">RSAKey</a> | <a href="#RSAPublicKey">RSAPublicKey</a> | <a href="#Signature">Signature</a> | <a href="#X509Certificate">X509Certificate</a> </p> 
+
+<p><span style="font-weight: bold;">Properties:</span> <a href="#exponent">exponent</a> | <a href="#identity">identity</a> | <a href="#key">key</a> | <a href="#modulus">modulus</a> | <a href="#privateExponent">privateExponent</a> </p> 
+
+<p><span style="font-weight: bold;">Datatypes:</span> <a href="#hex">hex</a> </p>
+
 </div>
 
 <div style="clear: left;"></div>
@@ -103,38 +105,23 @@
 </div>
 
 <h2 id="sec-example">Examples</h2>
-<pre> @prefix cert: &lt;http://www.w3.org/ns/auth/cert#&gt; .
- @prefix rsa: &lt;http://www.w3.org/ns/auth/rsa#&gt; .
+<pre class="example" style="word-wrap: break-word; white-space: pre-wrap;">
+ @prefix : &lt;http://www.w3.org/ns/auth/cert#&gt; .
+ @prefix xsd: &lt;http://www.w3.org/2001/XMLSchema#&gt; .
  @prefix foaf: &lt;http://xmlns.com/foaf/0.1/&gt; .
- @prefix : &lt;https://joe.example/profile#&gt; .
+ @prefix bob: &lt;https://bob.example/profile#&gt; .
+ @prefix rdfs: &lt;http://www.w3.org/1999/02/22-rdf-syntax-ns#&gt; .
 
- :me a foaf:Person;
-     foaf:name "Joe" .
-     cert:key [ a rsa:RSAPublicKey;
-                rsa:modulus """
-            00:cb:24:ed:85:d6:4d:79:4b:69:c7:01:c1:86:ac:
-            c0:59:50:1e:85:60:00:f6:61:c9:32:04:d8:38:0e:
-            07:19:1c:5c:8b:36:8d:2a:c3:2a:42:8a:cb:97:03:
-            98:66:43:68:dc:2a:86:73:20:22:0f:75:5e:99:ca:
-            2e:ec:da:e6:2e:8d:15:fb:58:e1:b7:6a:e5:9c:b7:
-            ac:e8:83:83:94:d5:9e:72:50:b4:49:17:6e:51:a4:
-            94:95:1a:1c:36:6c:62:17:d8:76:8d:68:2d:de:78:
-            dd:4d:55:e6:13:f8:83:9c:f2:75:d4:c8:40:37:43:
-            e7:86:26:01:f3:c4:9a:63:66:e1:2b:b8:f4:98:26:
-            2c:3c:77:de:19:bc:e4:0b:32:f8:9a:e6:2c:37:80:
-            f5:b6:27:5b:e3:37:e2:b3:15:3a:e2:ba:72:a9:97:
-            5a:e7:1a:b7:24:64:94:97:06:6b:66:0f:cf:77:4b:
-            75:43:d9:80:95:2d:2e:85:86:20:0e:da:41:58:b0:
-            14:e7:54:65:d9:1e:cf:93:ef:c7:ac:17:0c:11:fc:
-            72:46:fc:6d:ed:79:c3:77:80:00:0a:c4:e0:79:f6:
-            71:fd:4f:20:7a:d7:70:80:9e:0e:2d:7b:0e:f5:49:
-            3b:ef:e7:35:44:d8:e1:be:3d:dd:b5:24:55:c6:13:
-            91:a1"""^^cert:hex;
-                rsa:public_exponent "65537"^^cert:int ] .
+ bob:me a foaf:Person;
+   foaf:name "Bob";
+   :key [ a :RSAPublicKey;
+     rdfs:label "made on 23 November 2011 on my laptop";
+     :modulus "00cb24ed85d64d794b69c701c186acc059501e856000f661c93204d8380e07191c5c8b368d2ac32a428acb970398664368dc2a867320220f755e99ca2eecdae62e8d15fb58e1b76ae59cb7ace8838394d59e7250b449176e51a494951a1c366c6217d8768d682dde78dd4d55e613f8839cf275d4c8403743e7862601f3c49a6366e12bb8f498262c3c77de19bce40b32f89ae62c3780f5b6275be337e2b3153ae2ba72a9975ae71ab724649497066b660fcf774b7543d980952d2e8586200eda4158b014e75465d91ecf93efc7ac170c11fc7246fc6ded79c37780000ac4e079f671fd4f207ad770809e0e2d7b0ef5493befe73544d8e1be3dddb52455c61391a1"^^xsd:hexBinary;
+     :exponent 65537 ;
+    ] .
 </pre>
 
 <h2 id="sec-crossref">Cross-reference for Cert classes and properties</h2>
-
 <p>The <em>Cert Ontology</em> introduces the following classes and properties. There is a link at the 
 top of this document to the RDF/XML and RDF/N3 versions.</p>
 
@@ -143,10 +130,12 @@
 
 <!-- this is the a-z listing -->
 <div class="azlist">
-<p>Classes: | <a href="#Certificate">Certificate</a> |  <a href="#PGPCertificate">PGPCertificate</a> |  <a href="#PrivateKey">PrivateKey</a> |  <a href="#PublicKey">PublicKey</a> |  <a href="#Signature">Signature</a> |  <a href="#X509Certificate">X509Certificate</a> | 
-</p>
-<p>Properties: | <a href="#decimal">decimal</a> |  <a href="#hex">hex</a> |  <a href="#identity">identity</a> |  <a href="#key">key</a> | 
-</p>
+<p><span style="font-weight: bold;">Classes:</span> <a href="#Certificate">Certificate</a> | <a href="#PGPCertificate">PGPCertificate</a> | <a href="#PrivateKey">PrivateKey</a> | <a href="#PublicKey">PublicKey</a> | <a href="#RSAKey">RSAKey</a> | <a href="#RSAPublicKey">RSAPublicKey</a> | <a href="#Signature">Signature</a> | <a href="#X509Certificate">X509Certificate</a> </p> 
+
+<p><span style="font-weight: bold;">Properties:</span> <a href="#exponent">exponent</a> | <a href="#identity">identity</a> | <a href="#key">key</a> | <a href="#modulus">modulus</a> | <a href="#privateExponent">privateExponent</a> </p> 
+
+<p><span style="font-weight: bold;">Datatypes:</span> <a href="#hex">hex</a> </p>
+
 </div>
 
 <!-- and this is the bulk of the vocab descriptions -->
@@ -223,13 +212,68 @@
  <dd><a href="#key">cert:key</a></dd> <dt>Sub class of</dt>
  
   
- <dd><span rel="rdfs:subClassOf" href="http://www.w3.org/ns/auth/cert#Key"><a href="http://www.w3.org/ns/auth/cert#Key">cert:Key</a></span></dd> <dt>OWL Class</dt>
+ <dd><span rel="rdfs:subClassOf" href="http://www.w3.org/ns/auth/cert#Key"><a href="http://www.w3.org/ns/auth/cert#Key">cert:Key</a></span></dd> <dt>Has sub class</dt>
+ 
+  
+ <dd><a href="#RSAPublicKey">cert:RSAPublicKey</a>
+</dd><dt>OWL Class</dt>
  
  
   			</dl>
   			
   			<p style="float: right; font-size: small;">[<a href="#PublicKey">#</a>] <!-- PublicKey --> [<a href="#glance">back to top</a>]</p>
   			<br/>
+  			</div><div class="specterm" id="RSAKey" about="http://www.w3.org/ns/auth/cert#RSAKey" typeof="owl:Class">
+  			<h4>Class: cert:RSAKey</h4> 
+  			<em property="rdfs:label" >RSA Key</em> - <span property="rdfs:comment" >
+    The union of the public and private components of an RSAKey.
+    Usually those pieces are not kept together
+    </span> <br />
+			<dl>
+  			<dt>Status:</dt>
+  			<dd property="vs:term_status" >unstable</dd>
+  			<dt>Properties include:</dt>
+ 
+  
+ <dd><a href="#modulus">cert:modulus</a></dd>
+  			<dt>Sub class of</dt>
+ 
+  
+ <dd><span rel="rdfs:subClassOf" href="http://www.w3.org/ns/auth/cert#Key"><a href="http://www.w3.org/ns/auth/cert#Key">cert:Key</a></span></dd> <dt>Has sub class</dt>
+ 
+  
+ <dd><a href="#RSAPublicKey">cert:RSAPublicKey</a>
+</dd><dt>OWL Class</dt>
+ 
+ 
+  			</dl>
+  			
+  			<p style="float: right; font-size: small;">[<a href="#RSAKey">#</a>] <!-- RSAKey --> [<a href="#glance">back to top</a>]</p>
+  			<br/>
+  			</div><div class="specterm" id="RSAPublicKey" about="http://www.w3.org/ns/auth/cert#RSAPublicKey" typeof="owl:Class">
+  			<h4>Class: cert:RSAPublicKey</h4> 
+  			<em property="rdfs:label" >RSA Public Key</em> - <span property="rdfs:comment" >
+    The RSA public key.  Padded message m are encrypted by applying the function
+      modulus(power(m,exponent),modulus)
+    </span> <br />
+			<dl>
+  			<dt>Status:</dt>
+  			<dd property="vs:term_status" >unstable</dd>
+  			<dt>Properties include:</dt>
+ 
+  
+ <dd><a href="#exponent">cert:exponent</a></dd>
+  			<dt>Sub class of</dt>
+ 
+  
+ <dd><span rel="rdfs:subClassOf" href="http://www.w3.org/ns/auth/cert#RSAKey"><a href="#RSAKey">cert:RSAKey</a></span></dd> 
+ <dd><span rel="rdfs:subClassOf" href="http://www.w3.org/ns/auth/cert#PublicKey"><a href="#PublicKey">cert:PublicKey</a></span></dd><dt>OWL Class</dt>
+ 
+ 
+  			</dl>
+  			
+  			<p style="float: right; font-size: small;">[<a href="#RSAPublicKey">#</a>] <!-- RSAPublicKey --> [<a href="#glance">back to top</a>]</p>
+  			<br/>
   			</div><div class="specterm" id="Signature" about="http://www.w3.org/ns/auth/cert#Signature" typeof="owl:Class">
   			<h4>Class: cert:Signature</h4> 
   			<em property="rdfs:label" >Signature</em> - <span property="rdfs:comment" >the class of signtatures</span> <br />
@@ -282,8 +326,157 @@
   			</div><h3>Properties</h3>
  
 
-<div class="specterm" id="hex" about="http://www.w3.org/ns/auth/cert#hex" typeof="owl:InverseFunctionalProperty">
-  			<h4>Property: cert:hex</h4> 
+<div class="specterm" id="exponent" about="http://www.w3.org/ns/auth/cert#exponent" typeof="owl:DatatypeProperty">
+  			<h4>Property: cert:exponent</h4> 
+  			<em property="rdfs:label" >exponent</em> - <span property="rdfs:comment" >
+       The exponent used to encrypt the message. Number chosen between
+       1 and the totient(p*q). Often named 'e' .
+    </span> <br />
+			<dl>
+  			<dt>Status:</dt>
+  			<dd property="vs:term_status" >unstable</dd>
+  			<dt>Domain:</dt>
+ 
+  
+ <dd><span rel="rdfs:domain" href="http://www.w3.org/ns/auth/cert#RSAPublicKey"><a href="#RSAPublicKey">cert:RSAPublicKey</a></span>
+</dd>
+  			<dt>Range:</dt>
+ 
+  <dd><span rel="rdfs:range" href="http://www.w3.org/2001/XMLSchema#nonNegativeInteger"><a href="http://www.w3.org/2001/XMLSchema#nonNegativeInteger">xsd:nonNegativeInteger</a></span>
+</dd><dt>Datatype Property</dt>
+ 
+ 
+  			</dl>
+  			
+  			<p style="float: right; font-size: small;">[<a href="#exponent">#</a>] <!-- exponent --> [<a href="#glance">back to top</a>]</p>
+  			<br/>
+  			</div><div class="specterm" id="key" about="http://www.w3.org/ns/auth/cert#key" typeof="owl:ObjectProperty">
+  			<h4>Property: cert:key</h4> 
+  			<em property="rdfs:label" >key</em> - <span property="rdfs:comment" >relates an agent to a key - most often the public key.</span> <br />
+			<dl>
+  			<dt>Status:</dt>
+  			<dd property="vs:term_status" >unstable</dd>
+  			<dt>Domain:</dt>
+ 
+  <dd><span rel="rdfs:domain" href="http://xmlns.com/foaf/0.1/Agent"><a href="http://xmlns.com/foaf/0.1/Agent">foaf:Agent</a></span>
+</dd>
+  			<dt>Range:</dt>
+ 
+  
+ <dd><span rel="rdfs:range" href="http://www.w3.org/ns/auth/cert#PublicKey"><a href="#PublicKey">cert:PublicKey</a></span>
+</dd><dt>Inverse property of</dt>
+ 
+  <dd><span rel="owl:inverseOf" href="http://www.w3.org/ns/auth/cert#identity"><a href="#identity">cert:identity</a></span></dd><dt>Has inverse property</dt>
+ 
+  <dd><a href="#identity">cert:identity</a>
+</dd><dt>RDF Property</dt>
+ 
+ <dd><span rel="rdf:type" href="http://www.w3.org/1999/02/22-rdf-syntax-ns#Property"></span></dd> <dt>Object Property</dt>
+ 
+ 
+  			</dl>
+  			
+  			<p style="float: right; font-size: small;">[<a href="#key">#</a>] <!-- key --> [<a href="#glance">back to top</a>]</p>
+  			<br/>
+  			</div><div class="specterm" id="modulus" about="http://www.w3.org/ns/auth/cert#modulus" typeof="owl:DatatypeProperty">
+  			<h4>Property: cert:modulus</h4> 
+  			<em property="rdfs:label" >modulus</em> - <span property="rdfs:comment" >    
+   <p>The modulus of an RSA public and private key. 
+   Or the modulus of a DSA Key.
+   The modulus is encoded as a hex binary. The binary is the same as the one encoded in the 
+  <a href="http://www.w3.org/TR/xmldsig-core/#sec-CryptoBinary">XML DSIG CryptoBinary</a>
+  </p>
+  <blockquote>
+   This specification defines the ds:CryptoBinary simple type for representing arbitrary-length integers (e.g. "bignums") in XML as octet strings. The integer value is first converted to a "big endian" bitstring. The bitstring is then padded with leading zero bits so that the total number of bits == 0 mod 8 (so that there are an integral number of octets). If the bitstring contains entire leading octets that are zero, these are removed (so the high-order octet is always non-zero).
+  </blockquote>
+ <p>The only difference is that the octet string is then encoded using either xsd:base64Binary or xsd:hexBinary. Currently for all usages of this relation, the xsd:hexBinary datatype should be used until the SPARQL working group specifies specifies in its <a href="http://www.w3.org/TR/sparql11-entailment/#DEntRegime">D-Entailment</a> that those two types are equivalent.</p>
+ <p>It would have been better had there been a hexInteger datatype that was standard and supported by all tools.</p>
+   </span> <br />
+			<dl>
+  			<dt>Status:</dt>
+  			<dd property="vs:term_status" >unstable</dd>
+  			<dt>Domain:</dt>
+ 
+  
+ <dd><span rel="rdfs:domain" href="http://www.w3.org/ns/auth/cert#RSAKey"><a href="#RSAKey">cert:RSAKey</a></span>
+</dd>
+  			<dt>Range:</dt>
+ 
+  <dd><span rel="rdfs:range" href="http://www.w3.org/2001/XMLSchema#base64Binary"><a href="http://www.w3.org/2001/XMLSchema#base64Binary">xsd:base64Binary</a></span>
+</dd> <dd><span rel="rdfs:range" href="http://www.w3.org/2001/XMLSchema#hexBinary"><a href="http://www.w3.org/2001/XMLSchema#hexBinary">xsd:hexBinary</a></span>
+</dd><dt>Datatype Property</dt>
+ 
+ 
+  			</dl>
+  			
+  			<p style="float: right; font-size: small;">[<a href="#modulus">#</a>] <!-- modulus --> [<a href="#glance">back to top</a>]</p>
+  			<br/>
+  			</div><div class="specterm" id="privateExponent" about="http://www.w3.org/ns/auth/cert#privateExponent" typeof="owl:DatatypeProperty">
+  			<h4>Property: cert:privateExponent</h4> 
+  			<em property="rdfs:label" >private</em> - <span property="rdfs:comment" >
+       The exponent used to decrypt the message
+       calculated as 
+          public_exponent*private_exponent = 1 modulo totient(p*q)
+       The private exponent is often named 'd'
+    </span> <br />
+			<dl>
+  			<dt>Status:</dt>
+  			<dd property="vs:term_status" >unstable</dd>
+  			<dt>Domain:</dt>
+ 
+  <dd><span rel="rdfs:domain" href="http://www.w3.org/ns/auth/cert#RSAPrivateKey"><a href="http://www.w3.org/ns/auth/cert#RSAPrivateKey">cert:RSAPrivateKey</a></span>
+</dd>
+  			<dt>Range:</dt>
+ 
+  <dd><span rel="rdfs:range" href="http://www.w3.org/2001/XMLSchema#nonNegativeInteger"><a href="http://www.w3.org/2001/XMLSchema#nonNegativeInteger">xsd:nonNegativeInteger</a></span>
+</dd><dt>Datatype Property</dt>
+ 
+ 
+  			</dl>
+  			
+  			<p style="float: right; font-size: small;">[<a href="#privateExponent">#</a>] <!-- privateExponent --> [<a href="#glance">back to top</a>]</p>
+  			<br/>
+  			</div>
+<div class="specterm" id="identity" about="http://www.w3.org/ns/auth/cert#identity" typeof="owl:ObjectProperty">
+  			<h4>Property: cert:identity</h4> 
+  			<em property="rdfs:label" >identity</em> - <span property="rdfs:comment" >
+    the identity of the public key. This is the entity that knows the private key and 
+    so can decrypt messages encrypted with the public key, or encrypt messages that can 
+    be decrypted with the public key. 
+    </span> <br />
+			<dl>
+  			<dt>Status:</dt>
+  			<dd property="vs:term_status" >archaic</dd>
+  			<dt>Domain:</dt>
+ 
+  
+ <dd><span rel="rdfs:domain" href="http://www.w3.org/ns/auth/cert#PublicKey"><a href="#PublicKey">cert:PublicKey</a></span>
+</dd>
+  			<dt>Inverse property of</dt>
+ 
+  <dd><span rel="owl:inverseOf" href="http://www.w3.org/ns/auth/cert#key"><a href="#key">cert:key</a></span></dd><dt>Has inverse property</dt>
+ 
+  <dd><a href="#key">cert:key</a>
+</dd><dt>RDF Property</dt>
+ 
+ <dd><span rel="rdf:type" href="http://www.w3.org/1999/02/22-rdf-syntax-ns#Property"></span></dd> <dt>Object Property</dt>
+ 
+ <dt>Editorial Note</dt>
+ 
+ <dd property="skos:editorialNote">
+         It turns out that this relation is unintuitive to write out and to name.
+         One should instead use cert:key
+    </dd>
+  			</dl>
+  			
+  			<p style="float: right; font-size: small;">[<a href="#identity">#</a>] <!-- identity --> [<a href="#glance">back to top</a>]</p>
+  			<br/>
+  			</div><h3>Datatypes</h3>
+ 
+
+
+<div class="specterm" id="hex" about="http://www.w3.org/ns/auth/cert#hex" typeof="http://www.w3.org/2000/01/rdf-schema#Datatype">
+  			<h4>Datatype: cert:hex</h4> 
   			<em property="rdfs:label" >hexadecimal</em> - <span property="rdfs:comment" ><span xmlns="http://www.w3.org/1999/xhtml"><p>
    An encoding of a positive integer (from 0 to infinity) as a hexadecimal string that makes it easy to read and/or fun to present on the web.</p>
    <p>The purpose of this way of representing hexadecimals is to enable users to copy and paste hexadecimal notations as shown by most browsers, keychains or tools such as opensso, into their rdf representation of choice.  There are a wide variety of ways in which such strings can be presented. One finds the following:</p>
@@ -325,133 +518,23 @@
         </span> <br />
 			<dl>
   			<dt>Status:</dt>
-  			<dd property="vs:term_status" >unstable</dd>
-  			<dt>Domain:</dt>
- 
-  <dd><span rel="rdfs:domain" href="http://www.w3.org/2001/XMLSchema#nonNegativeInteger"><a href="http://www.w3.org/2001/XMLSchema#nonNegativeInteger">xsd:nonNegativeInteger</a></span>
-</dd>
-  			<dt>Range:</dt>
- 
-  <dd><span rel="rdfs:range" href="http://www.w3.org/2001/XMLSchema#string"><a href="http://www.w3.org/2001/XMLSchema#string">xsd:string</a></span>
-</dd><dt>Datatype Property</dt>
- 
- <dd><span rel="rdf:type" href="http://www.w3.org/2002/07/owl#DatatypeProperty"></span></dd><dt>Inverse Functional Property</dt>
- 
- <dt>Editorial Note</dt>
- 
- <dd property="skos:editorialNote"><span xmlns="http://www.w3.org/1999/xhtml"><p> 
+  			<dd property="vs:term_status" >archaic</dd>
+  			
+  			<dt> Equivalent Class: </dt> 
+ <dd> <a href="#nonNegativeInteger">xsd:nonNegativeInteger</a> </dd><dt> Editorial Note: </dt> 
+ <dd> <span xmlns="http://www.w3.org/1999/xhtml"><p> 
      This relation should slowly be transited to just being a datatype.</p>
      <p>Being a datatype and a property is legal as explained here
   <a href="http://lists.w3.org/Archives/Public/semantic-web/2010Mar/0037.html">on the semantic web mailing list in March 2010</a>. 
  But it may be somewhat confusing, especially if it goes against a pattern - still to be set - by the xsd datatypes as the follow up email makes clear. </p></span>
-   </dd>
+    </dd>
   			</dl>
   			
   			<p style="float: right; font-size: small;">[<a href="#hex">#</a>] <!-- hex --> [<a href="#glance">back to top</a>]</p>
   			<br/>
-  			</div><div class="specterm" id="key" about="http://www.w3.org/ns/auth/cert#key" typeof="rdf:Property">
-  			<h4>Property: cert:key</h4> 
-  			<em property="rdfs:label" >key</em> - <span property="rdfs:comment" >relates an agent to a key - most often the public key.</span> <br />
-			<dl>
-  			<dt>Status:</dt>
-  			<dd property="vs:term_status" >unstable</dd>
-  			<dt>Domain:</dt>
- 
-  <dd><span rel="rdfs:domain" href="http://xmlns.com/foaf/0.1/Agent"><a href="http://xmlns.com/foaf/0.1/Agent">foaf:Agent</a></span>
-</dd>
-  			<dt>Range:</dt>
- 
-  
- <dd><span rel="rdfs:range" href="http://www.w3.org/ns/auth/cert#PublicKey"><a href="#PublicKey">cert:PublicKey</a></span>
-</dd><dt>Inverse property of</dt>
- 
-  <dd><span rel="owl:inverseOf" href="http://www.w3.org/ns/auth/cert#identity"><a href="#identity">cert:identity</a></span></dd><dt>Has inverse property</dt>
- 
-  <dd><a href="#identity">cert:identity</a>
-</dd><dt>RDF Property</dt>
- 
-  <dt>Object Property</dt>
- 
- <dd><span rel="rdf:type" href="http://www.w3.org/2002/07/owl#ObjectProperty"></span></dd>
-  			</dl>
-  			
-  			<p style="float: right; font-size: small;">[<a href="#key">#</a>] <!-- key --> [<a href="#glance">back to top</a>]</p>
-  			<br/>
   			</div>
-<div class="specterm" id="decimal" about="http://www.w3.org/ns/auth/cert#decimal" typeof="owl:InverseFunctionalProperty">
-  			<h4>Property: cert:decimal</h4> 
-  			<em property="rdfs:label" >decimal</em> - <span property="rdfs:comment" >
-      An encoding of an integer in base 10 notation. Use cert:int instead.
-    </span> <br />
-			<dl>
-  			<dt>Status:</dt>
-  			<dd property="vs:term_status" >archaic</dd>
-  			<dt>Domain:</dt>
- 
-  <dd><span rel="rdfs:domain" href="http://www.w3.org/2001/XMLSchema#nonNegativeInteger"><a href="http://www.w3.org/2001/XMLSchema#nonNegativeInteger">xsd:nonNegativeInteger</a></span>
-</dd>
-  			<dt>Range:</dt>
- 
-  <dd><span rel="rdfs:range" href="http://www.w3.org/2001/XMLSchema#string"><a href="http://www.w3.org/2001/XMLSchema#string">xsd:string</a></span>
-</dd><dt>Datatype Property</dt>
- 
- <dd><span rel="rdf:type" href="http://www.w3.org/2002/07/owl#DatatypeProperty"></span></dd><dt>Inverse Functional Property</dt>
- 
- <dt>Editorial Note</dt>
- 
- <dd property="skos:editorialNote">
-      The name for this relation is not good. Even though Decimal is clearly defined as numbers in base 10 notation ( conf http://en.wikipedia.org/wiki/Decimal ), it is most often understood as refering to numbers with decimal fractions, which in cryptgraphic integer arithmetic do not turn up. 
-    Instead one should use cert:int
-    The following is necessarily true.
-    <pre>
-    [] :decimal "10" ;
-       owl:sameAs "10"^^xsd:integer .
-    </pre>
-   This was used like this
-   <pre>
-   [] a rsa:RSAPublicKey;
-     rsa:exponent [ cert:decimal "105 " ]
-   </pre>
-   </dd>
-  			</dl>
-  			
-  			<p style="float: right; font-size: small;">[<a href="#decimal">#</a>] <!-- decimal --> [<a href="#glance">back to top</a>]</p>
-  			<br/>
-  			</div><div class="specterm" id="identity" about="http://www.w3.org/ns/auth/cert#identity" typeof="rdf:Property">
-  			<h4>Property: cert:identity</h4> 
-  			<em property="rdfs:label" >identity</em> - <span property="rdfs:comment" >
-    the identity of the public key. This is the entity that knows the private key and 
-    so can decrypt messages encrypted with the public key, or encrypt messages that can 
-    be decrypted with the public key. 
-    </span> <br />
-			<dl>
-  			<dt>Status:</dt>
-  			<dd property="vs:term_status" >archaic</dd>
-  			<dt>Domain:</dt>
- 
-  
- <dd><span rel="rdfs:domain" href="http://www.w3.org/ns/auth/cert#PublicKey"><a href="#PublicKey">cert:PublicKey</a></span>
-</dd>
-  			<dt>Inverse property of</dt>
- 
-  <dd><span rel="owl:inverseOf" href="http://www.w3.org/ns/auth/cert#key"><a href="#key">cert:key</a></span></dd><dt>Has inverse property</dt>
- 
-  <dd><a href="#key">cert:key</a>
-</dd><dt>RDF Property</dt>
- 
-  <dt>Object Property</dt>
- 
- <dd><span rel="rdf:type" href="http://www.w3.org/2002/07/owl#ObjectProperty"></span></dd><dt>Editorial Note</dt>
- 
- <dd property="skos:editorialNote">
-         It turns out that this relation is unintuitive to write out and to name.
-         One should instead use cert:key
-    </dd>
-  			</dl>
-  			
-  			<p style="float: right; font-size: small;">[<a href="#identity">#</a>] <!-- identity --> [<a href="#glance">back to top</a>]</p>
-  			<br/>
-  			</div>
+
+
 
 
 
--- a/ontologies/cert.n3	Fri Nov 18 20:05:15 2011 +0100
+++ b/ontologies/cert.n3	Wed Nov 23 20:53:38 2011 +0100
@@ -44,7 +44,6 @@
        by two numbers.
      - also create html version of the spec by using this as a template.
      - should comments such as this be in html?
-     - add more todos
    """@en.
 
 :Certificate a owl:Class;
@@ -105,13 +104,10 @@
 #    rdfs:domain :PrivateKey;
 #    rdfs:range :PublicKey .  
 
-:hex a owl:DatatypeProperty, rdfs:Datatype,
-      owl:InverseFunctionalProperty;
+:hex a rdfs:Datatype;
    rdfs:label "hexadecimal"@en;  
    rdfs:seeAlso <http://en.wikipedia.org/wiki/Hexadecimal>;
    owl:equivalentClass xsd:nonNegativeInteger;
-   rdfs:domain xsd:nonNegativeInteger;
-   rdfs:range xsd:string;
    skos:editorialNote """<span xmlns="http://www.w3.org/1999/xhtml"><p> 
      This relation should slowly be transited to just being a datatype.</p>
      <p>Being a datatype and a property is legal as explained here
@@ -156,45 +152,7 @@
      rsa:public_exponent "e1 dc d5 ..."^^cert:hex .
  </pre> 
    </span>"""^^rdf:XMLLiteral;
-  vs:term_status "unstable" .
-
-:decimal a owl:DatatypeProperty,
-           owl:InverseFunctionalProperty;
-   vs:term_status "archaic";
-   rdfs:label "decimal"@en;
-   rdfs:domain xsd:nonNegativeInteger;
-   rdfs:range xsd:string; 
-   skos:editorialNote """
-      The name for this relation is not good. Even though Decimal is clearly defined as numbers in base 10 notation ( conf http://en.wikipedia.org/wiki/Decimal ), it is most often understood as refering to numbers with decimal fractions, which in cryptgraphic integer arithmetic do not turn up. 
-    Instead one should use cert:int
-    The following is necessarily true.
-    <pre>
-    [] :decimal "10" ;
-       owl:sameAs "10"^^xsd:integer .
-    </pre>
-   This was used like this
-   <pre>
-   [] a rsa:RSAPublicKey;
-     rsa:exponent [ cert:decimal "105 " ]
-   </pre>
-   """@en;
-   rdfs:comment """
-      An encoding of an integer in base 10 notation. Use cert:int instead.
-    """@en.
-
-:int a rdfs:Datatype;
-   vs:term_status "unstable";
-   rdfs:label "int"@en;
-   owl:equivalentClass xsd:nonNegativeInteger;
-   skos:editorialNote """
-      We may decide to make it easier to write integers than what xsd:integer provides, if needed.
-      It is arguable that this is needed at all.
-   """@en;
-   rdfs:comment """
-      A positive integer in base 10 notation.
-      xsd:nonNegativeInteger could be used, but is a bit long to write, and may be too strictly defined. 
-      This is here to provice a pair with cert:hex, to avoid needing to import a new namespace, and to give a bit more flexibility in the future. It is more flexible writing than xsd:int, as it allows white space.
-   """@en .
+  vs:term_status "archaic" .
 
 :identity a rdf:Property, owl:ObjectProperty;
     vs:term_status "archaic";
@@ -219,3 +177,63 @@
     rdfs:domain foaf:Agent;
     rdfs:range :Key, :PublicKey .
 
+:RSAKey a owl:Class;
+    rdfs:label "RSA Key"@en;
+    rdfs:subClassOf :Key;
+    vs:term_status "unstable";
+    rdfs:comment """
+    The union of the public and private components of an RSAKey.
+    Usually those pieces are not kept together
+    """@en.
+     
+:RSAPublicKey a owl:Class;
+    rdfs:label "RSA Public Key"@en;
+    rdfs:subClassOf :PublicKey, :RSAKey;
+    vs:term_status "unstable";
+    rdfs:seeAlso <http://en.wikipedia.org/wiki/RSA>;
+    rdfs:comment """
+    The RSA public key.  Padded message m are encrypted by applying the function
+      modulus(power(m,exponent),modulus)
+    """@en .
+
+:modulus a owl:DatatypeProperty;
+   rdfs:label "modulus"@en;
+   vs:term_status "unstable";
+   rdfs:comment """    
+   <p>The modulus of an RSA public and private key. 
+   Or the modulus of a DSA Key.
+   The modulus is encoded as a hex binary. The binary is the same as the one encoded in the 
+  <a href="http://www.w3.org/TR/xmldsig-core/#sec-CryptoBinary">XML DSIG CryptoBinary</a>
+  </p>
+  <blockquote>
+   This specification defines the ds:CryptoBinary simple type for representing arbitrary-length integers (e.g. "bignums") in XML as octet strings. The integer value is first converted to a "big endian" bitstring. The bitstring is then padded with leading zero bits so that the total number of bits == 0 mod 8 (so that there are an integral number of octets). If the bitstring contains entire leading octets that are zero, these are removed (so the high-order octet is always non-zero).
+  </blockquote>
+ <p>The only difference is that the octet string is then encoded using either xsd:base64Binary or xsd:hexBinary. Currently for all usages of this relation, the xsd:hexBinary datatype should be used until the SPARQL working group specifies specifies in its <a href="http://www.w3.org/TR/sparql11-entailment/#DEntRegime">D-Entailment</a> that those two types are equivalent.</p>
+ <p>It would have been better had there been a hexInteger datatype that was standard and supported by all tools.</p>
+   """@en;
+   rdfs:domain :RSAKey, :DSAKey;
+   rdfs:range xsd:hexBinary, xsd:base64Binary .
+
+:exponent a owl:DatatypeProperty;
+   rdfs:label "exponent"@en;
+   vs:term_status "unstable";
+   rdfs:comment """
+       The exponent used to encrypt the message. Number chosen between
+       1 and the totient(p*q). Often named 'e' .
+    """@en;
+   rdfs:domain :RSAPublicKey;
+   rdfs:range xsd:nonNegativeInteger .
+
+:privateExponent a owl:DatatypeProperty ;
+    rdfs:label "private"@en;
+    vs:term_status "unstable";
+    rdfs:comment """
+       The exponent used to decrypt the message
+       calculated as 
+          public_exponent*private_exponent = 1 modulo totient(p*q)
+       The private exponent is often named 'd'
+    """@en;
+   rdfs:domain :RSAPrivateKey;
+   rdfs:range xsd:nonNegativeInteger .
+
+
--- a/ontologies/rdfa/cert.html	Fri Nov 18 20:05:15 2011 +0100
+++ b/ontologies/rdfa/cert.html	Wed Nov 23 20:53:38 2011 +0100
@@ -6,7 +6,6 @@
 xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#"
 xmlns:owl="http://www.w3.org/2002/07/owl#"
 xmlns:dc="http://purl.org/dc/terms/"
-xmlns:rsa="http://www.w3.org/ns/auth/rsa#"
 xmlns:cert="http://www.w3.org/ns/auth/cert#"
 xmlns:foaf="http://xmlns.com/foaf/0.1/"
 xmlns:xsd="http://www.w3.org/2001/XMLSchema#"
@@ -105,37 +104,20 @@
 </div>
 
 <h2 id="sec-example">Examples</h2>
-<pre> @prefix cert: &lt;http://www.w3.org/ns/auth/cert#&gt; .
- @prefix rsa: &lt;http://www.w3.org/ns/auth/rsa#&gt; .
+<pre class="example" style="word-wrap: break-word; white-space: pre-wrap;">
+ @prefix : &lt;http://www.w3.org/ns/auth/cert#&gt; .
+ @prefix xsd: &lt;http://www.w3.org/2001/XMLSchema#&gt; .
  @prefix foaf: &lt;http://xmlns.com/foaf/0.1/&gt; .
- @prefix : &lt;https://joe.example/profile#&gt; .
-
- :me a foaf:Person;
-     foaf:name "Joe" .
+ @prefix bob: &lt;https://bob.example/profile#&gt; .
+ @prefix rdfs: &lt;http://www.w3.org/1999/02/22-rdf-syntax-ns#&gt; .
 
- [] a rsa:RSAPublicKey;
-    rsa:modulus """
-      00:cb:24:ed:85:d6:4d:79:4b:69:c7:01:c1:86:ac:
-      c0:59:50:1e:85:60:00:f6:61:c9:32:04:d8:38:0e:
-      07:19:1c:5c:8b:36:8d:2a:c3:2a:42:8a:cb:97:03:
-      98:66:43:68:dc:2a:86:73:20:22:0f:75:5e:99:ca:
-      2e:ec:da:e6:2e:8d:15:fb:58:e1:b7:6a:e5:9c:b7:
-      ac:e8:83:83:94:d5:9e:72:50:b4:49:17:6e:51:a4:
-      94:95:1a:1c:36:6c:62:17:d8:76:8d:68:2d:de:78:
-      dd:4d:55:e6:13:f8:83:9c:f2:75:d4:c8:40:37:43:
-      e7:86:26:01:f3:c4:9a:63:66:e1:2b:b8:f4:98:26:
-      2c:3c:77:de:19:bc:e4:0b:32:f8:9a:e6:2c:37:80:
-      f5:b6:27:5b:e3:37:e2:b3:15:3a:e2:ba:72:a9:97:
-      5a:e7:1a:b7:24:64:94:97:06:6b:66:0f:cf:77:4b:
-      75:43:d9:80:95:2d:2e:85:86:20:0e:da:41:58:b0:
-      14:e7:54:65:d9:1e:cf:93:ef:c7:ac:17:0c:11:fc:
-      72:46:fc:6d:ed:79:c3:77:80:00:0a:c4:e0:79:f6:
-      71:fd:4f:20:7a:d7:70:80:9e:0e:2d:7b:0e:f5:49:
-      3b:ef:e7:35:44:d8:e1:be:3d:dd:b5:24:55:c6:13:
-      91:a1
-    """^^cert:hex;
-    rsa:public_exponent "65537"^^cert:int;
-    cert:identity :me .
+ bob:me a foaf:Person;
+   foaf:name "Bob";
+   :key [ a :RSAPublicKey;
+     rdfs:label "made on 23 November 2011 on my laptop";
+     :modulus "00cb24ed85d64d794b69c701c186acc059501e856000f661c93204d8380e07191c5c8b368d2ac32a428acb970398664368dc2a867320220f755e99ca2eecdae62e8d15fb58e1b76ae59cb7ace8838394d59e7250b449176e51a494951a1c366c6217d8768d682dde78dd4d55e613f8839cf275d4c8403743e7862601f3c49a6366e12bb8f498262c3c77de19bce40b32f89ae62c3780f5b6275be337e2b3153ae2ba72a9975ae71ab724649497066b660fcf774b7543d980952d2e8586200eda4158b014e75465d91ecf93efc7ac170c11fc7246fc6ded79c37780000ac4e079f671fd4f207ad770809e0e2d7b0ef5493befe73544d8e1be3dddb52455c61391a1"^^xsd:hexBinary;
+     :exponent 65537 ;
+    ] .
 </pre>
 
 <h2 id="sec-crossref">Cross-reference for Cert classes and properties</h2>
--- a/ontologies/rdfa/template_cert.html	Fri Nov 18 20:05:15 2011 +0100
+++ b/ontologies/rdfa/template_cert.html	Wed Nov 23 20:53:38 2011 +0100
@@ -98,38 +98,23 @@
 </div>
 
 <h2 id="sec-example">Examples</h2>
-<pre> @prefix cert: &lt;http://www.w3.org/ns/auth/cert#&gt; .
- @prefix rsa: &lt;http://www.w3.org/ns/auth/rsa#&gt; .
+<pre class="example" style="word-wrap: break-word; white-space: pre-wrap;">
+ @prefix : &lt;http://www.w3.org/ns/auth/cert#&gt; .
+ @prefix xsd: &lt;http://www.w3.org/2001/XMLSchema#&gt; .
  @prefix foaf: &lt;http://xmlns.com/foaf/0.1/&gt; .
- @prefix : &lt;https://joe.example/profile#&gt; .
+ @prefix bob: &lt;https://bob.example/profile#&gt; .
+ @prefix rdfs: &lt;http://www.w3.org/1999/02/22-rdf-syntax-ns#&gt; .
 
- :me a foaf:Person;
-     foaf:name "Joe" .
-     cert:key [ a rsa:RSAPublicKey;
-                rsa:modulus """
-            00:cb:24:ed:85:d6:4d:79:4b:69:c7:01:c1:86:ac:
-            c0:59:50:1e:85:60:00:f6:61:c9:32:04:d8:38:0e:
-            07:19:1c:5c:8b:36:8d:2a:c3:2a:42:8a:cb:97:03:
-            98:66:43:68:dc:2a:86:73:20:22:0f:75:5e:99:ca:
-            2e:ec:da:e6:2e:8d:15:fb:58:e1:b7:6a:e5:9c:b7:
-            ac:e8:83:83:94:d5:9e:72:50:b4:49:17:6e:51:a4:
-            94:95:1a:1c:36:6c:62:17:d8:76:8d:68:2d:de:78:
-            dd:4d:55:e6:13:f8:83:9c:f2:75:d4:c8:40:37:43:
-            e7:86:26:01:f3:c4:9a:63:66:e1:2b:b8:f4:98:26:
-            2c:3c:77:de:19:bc:e4:0b:32:f8:9a:e6:2c:37:80:
-            f5:b6:27:5b:e3:37:e2:b3:15:3a:e2:ba:72:a9:97:
-            5a:e7:1a:b7:24:64:94:97:06:6b:66:0f:cf:77:4b:
-            75:43:d9:80:95:2d:2e:85:86:20:0e:da:41:58:b0:
-            14:e7:54:65:d9:1e:cf:93:ef:c7:ac:17:0c:11:fc:
-            72:46:fc:6d:ed:79:c3:77:80:00:0a:c4:e0:79:f6:
-            71:fd:4f:20:7a:d7:70:80:9e:0e:2d:7b:0e:f5:49:
-            3b:ef:e7:35:44:d8:e1:be:3d:dd:b5:24:55:c6:13:
-            91:a1"""^^cert:hex;
-                rsa:public_exponent "65537"^^cert:int ] .
+ bob:me a foaf:Person;
+   foaf:name "Bob";
+   :key [ a :RSAPublicKey;
+     rdfs:label "made on 23 November 2011 on my laptop";
+     :modulus "00cb24ed85d64d794b69c701c186acc059501e856000f661c93204d8380e07191c5c8b368d2ac32a428acb970398664368dc2a867320220f755e99ca2eecdae62e8d15fb58e1b76ae59cb7ace8838394d59e7250b449176e51a494951a1c366c6217d8768d682dde78dd4d55e613f8839cf275d4c8403743e7862601f3c49a6366e12bb8f498262c3c77de19bce40b32f89ae62c3780f5b6275be337e2b3153ae2ba72a9975ae71ab724649497066b660fcf774b7543d980952d2e8586200eda4158b014e75465d91ecf93efc7ac170c11fc7246fc6ded79c37780000ac4e079f671fd4f207ad770809e0e2d7b0ef5493befe73544d8e1be3dddb52455c61391a1"^^xsd:hexBinary;
+     :exponent 65537 ;
+    ] .
 </pre>
 
 <h2 id="sec-crossref">Cross-reference for Cert classes and properties</h2>
-
 <p>The <em>Cert Ontology</em> introduces the following classes and properties. There is a link at the 
 top of this document to the RDF/XML and RDF/N3 versions.</p>
 
--- a/ontologies/specgen/libvocab.py	Fri Nov 18 20:05:15 2011 +0100
+++ b/ontologies/specgen/libvocab.py	Wed Nov 23 20:53:38 2011 +0100
@@ -1,24 +1,24 @@
 #!/usr/bin/env python
 
-# modifications and improvements: Sergio Fernández, October 2011
-#		+ owl:equivalentClass
-#		+ skos:editorialNote
-#		+ rdfs:Datatype
-#		+ fixed curies generation
-#		+ general markup improvements 
+# modifications and improvements: Sergio Fernandez, October 2011
+# + owl:equivalentClass
+# + skos:editorialNote
+# + rdfs:Datatype
+# + fixed curies generation
+# + general markup improvements 
 #
-#	Copyright 2011 W3C WebID XG <http://www.w3.org/2005/Incubator/webid/>
+#Copyright 2011 W3C WebID XG <http://www.w3.org/2005/Incubator/webid/>
 #
 #
 # modifications and extensions: Bob Ferris, July 2010
-#		+ multiple property and class types 
-#		+ muttiple restrictions modelling
-#		+ rdfs:label, rdfs:comment
-#		+ classes and properties from other namespaces
-#		+ inverse properties (explicit and anonymous)
-#		+ sub properties
+#+ multiple property and class types 
+#+ muttiple restrictions modelling
+#+ rdfs:label, rdfs:comment
+#+ classes and properties from other namespaces
+#+ inverse properties (explicit and anonymous)
+#+ sub properties
 #
-#	Copyright 2010 Bob Ferris <http://smiy.wordpress.com/author/zazi0815/>
+#Copyright 2010 Bob Ferris <http://smiy.wordpress.com/author/zazi0815/>
 #
 #
 # total rewrite. --danbri
--- a/ontologies/specgen/specgen6.py	Fri Nov 18 20:05:15 2011 +0100
+++ b/ontologies/specgen/specgen6.py	Wed Nov 23 20:53:38 2011 +0100
@@ -50,7 +50,6 @@
 # THE SOFTWARE.
 
 
-
 import libvocab
 from libvocab import Vocab, VocabReport
 from libvocab import Term
Binary file spec/img/WebIDSequence-friendly.graffle has changed
Binary file spec/img/WebIDSequence-friendly.jpg has changed
--- a/spec/img/WebIdGraph.graffle	Fri Nov 18 20:05:15 2011 +0100
+++ b/spec/img/WebIdGraph.graffle	Wed Nov 23 20:53:38 2011 +0100
@@ -7,14 +7,14 @@
 	<key>ApplicationVersion</key>
 	<array>
 		<string>com.omnigroup.OmniGrafflePro</string>
-		<string>138.30.0.155892</string>
+		<string>138.33.0.157554</string>
 	</array>
 	<key>AutoAdjust</key>
 	<true/>
 	<key>BackgroundGraphic</key>
 	<dict>
 		<key>Bounds</key>
-		<string>{{0, 0}, {559.28003, 782.89001}}</string>
+		<string>{{0, 0}, {1118.5601, 1565.78}}</string>
 		<key>Class</key>
 		<string>SolidGraphic</string>
 		<key>ID</key>
@@ -46,12 +46,12 @@
 	<key>DisplayScale</key>
 	<string>1.000 cm = 1.000 cm</string>
 	<key>GraphDocumentVersion</key>
-	<integer>6</integer>
+	<integer>8</integer>
 	<key>GraphicsList</key>
 	<array>
 		<dict>
 			<key>Bounds</key>
-			<string>{{192.59, 185.38699}, {57, 24}}</string>
+			<string>{{346.66711, 187.70908}, {77, 24}}</string>
 			<key>Class</key>
 			<string>ShapedGraphic</string>
 			<key>FitText</key>
@@ -71,11 +71,381 @@
 				<real>12</real>
 			</dict>
 			<key>ID</key>
-			<integer>54</integer>
+			<integer>222</integer>
 			<key>Line</key>
 			<dict>
 				<key>ID</key>
-				<integer>52</integer>
+				<integer>223</integer>
+				<key>Position</key>
+				<real>0.63233482837677002</real>
+				<key>RotationType</key>
+				<integer>0</integer>
+			</dict>
+			<key>Shape</key>
+			<string>Rectangle</string>
+			<key>Style</key>
+			<dict>
+				<key>shadow</key>
+				<dict>
+					<key>Draws</key>
+					<string>NO</string>
+				</dict>
+				<key>stroke</key>
+				<dict>
+					<key>Color</key>
+					<dict>
+						<key>b</key>
+						<string>0.882653</string>
+						<key>g</key>
+						<string>0.568663</string>
+						<key>r</key>
+						<string>0.427855</string>
+					</dict>
+					<key>Width</key>
+					<real>0.0</real>
+				</dict>
+			</dict>
+			<key>Text</key>
+			<dict>
+				<key>Text</key>
+				<string>{\rtf1\ansi\ansicpg1252\cocoartf1138\cocoasubrtf230
+{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
+{\colortbl;\red255\green255\blue255;\red102\green102\blue102;}
+\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\pardirnatural\qc
+
+\f0\fs24 \cf2 rdfs:seeAlso}</string>
+			</dict>
+			<key>Wrap</key>
+			<string>NO</string>
+		</dict>
+		<dict>
+			<key>Class</key>
+			<string>LineGraphic</string>
+			<key>Head</key>
+			<dict>
+				<key>ID</key>
+				<integer>183</integer>
+			</dict>
+			<key>ID</key>
+			<integer>223</integer>
+			<key>Points</key>
+			<array>
+				<string>{188.44882, 274.11398}</string>
+				<string>{241.83673, 230.69337}</string>
+				<string>{389.79593, 197.95918}</string>
+				<string>{489.79346, 131.63588}</string>
+			</array>
+			<key>Style</key>
+			<dict>
+				<key>stroke</key>
+				<dict>
+					<key>Color</key>
+					<dict>
+						<key>b</key>
+						<string>0.882653</string>
+						<key>g</key>
+						<string>0.568663</string>
+						<key>r</key>
+						<string>0.427855</string>
+					</dict>
+					<key>HeadArrow</key>
+					<string>FilledArrow</string>
+					<key>LineType</key>
+					<integer>1</integer>
+					<key>TailArrow</key>
+					<string>0</string>
+				</dict>
+			</dict>
+			<key>Tail</key>
+			<dict>
+				<key>ID</key>
+				<integer>220</integer>
+			</dict>
+		</dict>
+		<dict>
+			<key>Bounds</key>
+			<string>{{604.94452, 351.21362}, {68, 24}}</string>
+			<key>Class</key>
+			<string>ShapedGraphic</string>
+			<key>FitText</key>
+			<string>YES</string>
+			<key>Flow</key>
+			<string>Resize</string>
+			<key>FontInfo</key>
+			<dict>
+				<key>Color</key>
+				<dict>
+					<key>w</key>
+					<string>0</string>
+				</dict>
+				<key>Font</key>
+				<string>Helvetica</string>
+				<key>Size</key>
+				<real>12</real>
+			</dict>
+			<key>ID</key>
+			<integer>67</integer>
+			<key>Line</key>
+			<dict>
+				<key>ID</key>
+				<integer>66</integer>
+				<key>Position</key>
+				<real>0.48328354954719543</real>
+				<key>RotationType</key>
+				<integer>0</integer>
+			</dict>
+			<key>Shape</key>
+			<string>Rectangle</string>
+			<key>Style</key>
+			<dict>
+				<key>shadow</key>
+				<dict>
+					<key>Draws</key>
+					<string>NO</string>
+				</dict>
+				<key>stroke</key>
+				<dict>
+					<key>Draws</key>
+					<string>NO</string>
+				</dict>
+			</dict>
+			<key>Text</key>
+			<dict>
+				<key>Text</key>
+				<string>{\rtf1\ansi\ansicpg1252\cocoartf1138\cocoasubrtf230
+{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
+{\colortbl;\red255\green255\blue255;\red102\green102\blue102;}
+\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\pardirnatural\qc
+
+\f0\fs24 \cf2 foaf:knows}</string>
+			</dict>
+			<key>Wrap</key>
+			<string>NO</string>
+		</dict>
+		<dict>
+			<key>Class</key>
+			<string>LineGraphic</string>
+			<key>Head</key>
+			<dict>
+				<key>ID</key>
+				<integer>79</integer>
+			</dict>
+			<key>ID</key>
+			<integer>66</integer>
+			<key>Points</key>
+			<array>
+				<string>{284.55527, 343.2338}</string>
+				<string>{479.83661, 358.30566}</string>
+				<string>{737.99969, 355.24445}</string>
+				<string>{760.44867, 270.55054}</string>
+				<string>{912.49969, 257.69336}</string>
+			</array>
+			<key>Style</key>
+			<dict>
+				<key>stroke</key>
+				<dict>
+					<key>Color</key>
+					<dict>
+						<key>b</key>
+						<string>0.882653</string>
+						<key>g</key>
+						<string>0.568663</string>
+						<key>r</key>
+						<string>0.427855</string>
+					</dict>
+					<key>HeadArrow</key>
+					<string>FilledArrow</string>
+					<key>LineType</key>
+					<integer>1</integer>
+					<key>TailArrow</key>
+					<string>FilledArrow</string>
+				</dict>
+			</dict>
+			<key>Tail</key>
+			<dict>
+				<key>ID</key>
+				<integer>212</integer>
+			</dict>
+		</dict>
+		<dict>
+			<key>Bounds</key>
+			<string>{{191.39993, 376.06491}, {59, 24}}</string>
+			<key>Class</key>
+			<string>ShapedGraphic</string>
+			<key>FitText</key>
+			<string>YES</string>
+			<key>Flow</key>
+			<string>Resize</string>
+			<key>FontInfo</key>
+			<dict>
+				<key>Color</key>
+				<dict>
+					<key>w</key>
+					<string>0</string>
+				</dict>
+				<key>Font</key>
+				<string>Helvetica</string>
+				<key>Size</key>
+				<real>12</real>
+			</dict>
+			<key>ID</key>
+			<integer>185</integer>
+			<key>Line</key>
+			<dict>
+				<key>ID</key>
+				<integer>187</integer>
+				<key>Position</key>
+				<real>0.37898451089859009</real>
+				<key>RotationType</key>
+				<integer>0</integer>
+			</dict>
+			<key>Shape</key>
+			<string>Rectangle</string>
+			<key>Style</key>
+			<dict>
+				<key>shadow</key>
+				<dict>
+					<key>Draws</key>
+					<string>NO</string>
+				</dict>
+				<key>stroke</key>
+				<dict>
+					<key>Draws</key>
+					<string>NO</string>
+				</dict>
+			</dict>
+			<key>Text</key>
+			<dict>
+				<key>Text</key>
+				<string>{\rtf1\ansi\ansicpg1252\cocoartf1138\cocoasubrtf230
+{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
+{\colortbl;\red255\green255\blue255;\red102\green102\blue102;}
+\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\pardirnatural\qc
+
+\f0\fs24 \cf2 rdfs:label}</string>
+			</dict>
+			<key>Wrap</key>
+			<string>NO</string>
+		</dict>
+		<dict>
+			<key>Bounds</key>
+			<string>{{352.08893, 399.43097}, {240.81635, 24}}</string>
+			<key>Class</key>
+			<string>ShapedGraphic</string>
+			<key>ID</key>
+			<integer>186</integer>
+			<key>Magnets</key>
+			<array>
+				<string>{0, 1}</string>
+				<string>{0, -1}</string>
+				<string>{1, 0}</string>
+				<string>{-1, 0}</string>
+				<string>{1, 1}</string>
+				<string>{1, -1}</string>
+				<string>{-1, 1}</string>
+				<string>{-1, -1}</string>
+			</array>
+			<key>Shape</key>
+			<string>Rectangle</string>
+			<key>Style</key>
+			<dict>
+				<key>stroke</key>
+				<dict>
+					<key>Color</key>
+					<dict>
+						<key>b</key>
+						<string>0.8</string>
+						<key>g</key>
+						<string>0.8</string>
+						<key>r</key>
+						<string>0.8</string>
+					</dict>
+				</dict>
+			</dict>
+			<key>Text</key>
+			<dict>
+				<key>Text</key>
+				<string>{\rtf1\ansi\ansicpg1252\cocoartf1138\cocoasubrtf230
+{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
+{\colortbl;\red255\green255\blue255;\red102\green102\blue102;}
+\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\pardirnatural\qc
+
+\f0\fs24 \cf2 Made on 23 November on Laptop}</string>
+			</dict>
+		</dict>
+		<dict>
+			<key>Class</key>
+			<string>LineGraphic</string>
+			<key>Head</key>
+			<dict>
+				<key>ID</key>
+				<integer>186</integer>
+				<key>Info</key>
+				<integer>4</integer>
+			</dict>
+			<key>ID</key>
+			<integer>187</integer>
+			<key>Points</key>
+			<array>
+				<string>{154.75557, 442.23395}</string>
+				<string>{215.10188, 391.16278}</string>
+				<string>{270.20398, 378.91788}</string>
+				<string>{351.62424, 411.24646}</string>
+			</array>
+			<key>Style</key>
+			<dict>
+				<key>stroke</key>
+				<dict>
+					<key>Color</key>
+					<dict>
+						<key>b</key>
+						<string>0.8</string>
+						<key>g</key>
+						<string>0.8</string>
+						<key>r</key>
+						<string>0.8</string>
+					</dict>
+					<key>HeadArrow</key>
+					<string>FilledArrow</string>
+					<key>LineType</key>
+					<integer>1</integer>
+					<key>TailArrow</key>
+					<string>0</string>
+				</dict>
+			</dict>
+			<key>Tail</key>
+			<dict>
+				<key>ID</key>
+				<integer>209</integer>
+			</dict>
+		</dict>
+		<dict>
+			<key>Bounds</key>
+			<string>{{265.03873, 281.08032}, {57, 24}}</string>
+			<key>Class</key>
+			<string>ShapedGraphic</string>
+			<key>FitText</key>
+			<string>YES</string>
+			<key>Flow</key>
+			<string>Resize</string>
+			<key>FontInfo</key>
+			<dict>
+				<key>Color</key>
+				<dict>
+					<key>w</key>
+					<string>0</string>
+				</dict>
+				<key>Font</key>
+				<string>Helvetica</string>
+				<key>Size</key>
+				<real>12</real>
+			</dict>
+			<key>ID</key>
+			<integer>188</integer>
+			<key>Line</key>
+			<dict>
+				<key>ID</key>
+				<integer>190</integer>
 				<key>Position</key>
 				<real>0.48328354954719543</real>
 				<key>RotationType</key>
@@ -111,11 +481,11 @@
 		</dict>
 		<dict>
 			<key>Bounds</key>
-			<string>{{331.633, 207}, {144, 24}}</string>
+			<string>{{404.08191, 302.69342}, {144, 24}}</string>
 			<key>Class</key>
 			<string>ShapedGraphic</string>
 			<key>ID</key>
-			<integer>53</integer>
+			<integer>189</integer>
 			<key>Magnets</key>
 			<array>
 				<string>{0, 1}</string>
@@ -136,11 +506,11 @@
 					<key>Color</key>
 					<dict>
 						<key>b</key>
-						<string>0.8</string>
+						<string>0.882653</string>
 						<key>g</key>
-						<string>0.8</string>
+						<string>0.568663</string>
 						<key>r</key>
-						<string>0.8</string>
+						<string>0.427855</string>
 					</dict>
 					<key>CornerRadius</key>
 					<real>4</real>
@@ -154,7 +524,7 @@
 {\colortbl;\red255\green255\blue255;\red102\green102\blue102;}
 \pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\pardirnatural\qc
 
-\f0\fs24 \cf2 http://joe.example/blog}</string>
+\f0\fs24 \cf2 http://bob.example/blog}</string>
 			</dict>
 		</dict>
 		<dict>
@@ -163,18 +533,18 @@
 			<key>Head</key>
 			<dict>
 				<key>ID</key>
-				<integer>53</integer>
+				<integer>189</integer>
 				<key>Info</key>
 				<integer>4</integer>
 			</dict>
 			<key>ID</key>
-			<integer>52</integer>
+			<integer>190</integer>
 			<key>Points</key>
 			<array>
-				<string>{116, 194.97501}</string>
-				<string>{195, 193}</string>
-				<string>{287, 213}</string>
-				<string>{331.633, 219}</string>
+				<string>{188.44882, 290.66837}</string>
+				<string>{267.44891, 288.69342}</string>
+				<string>{359.44891, 308.69342}</string>
+				<string>{404.08191, 314.69342}</string>
 			</array>
 			<key>Style</key>
 			<dict>
@@ -183,11 +553,11 @@
 					<key>Color</key>
 					<dict>
 						<key>b</key>
-						<string>0.8</string>
+						<string>0.882653</string>
 						<key>g</key>
-						<string>0.8</string>
+						<string>0.568663</string>
 						<key>r</key>
-						<string>0.8</string>
+						<string>0.427855</string>
 					</dict>
 					<key>HeadArrow</key>
 					<string>FilledArrow</string>
@@ -200,74 +570,165 @@
 			<key>Tail</key>
 			<dict>
 				<key>ID</key>
-				<integer>30</integer>
+				<integer>220</integer>
 			</dict>
 		</dict>
 		<dict>
-			<key>Bounds</key>
-			<string>{{471, 395}, {57, 18}}</string>
 			<key>Class</key>
-			<string>ShapedGraphic</string>
-			<key>ID</key>
-			<integer>51</integer>
-			<key>Magnets</key>
+			<string>Group</string>
+			<key>Graphics</key>
 			<array>
-				<string>{0, 1}</string>
-				<string>{0, -1}</string>
-				<string>{1, 0}</string>
-				<string>{-1, 0}</string>
-				<string>{1, 1}</string>
-				<string>{1, -1}</string>
-				<string>{-1, 1}</string>
-				<string>{-1, -1}</string>
-			</array>
-			<key>Shape</key>
-			<string>Rectangle</string>
-			<key>Text</key>
-			<dict>
-				<key>Text</key>
-				<string>{\rtf1\ansi\ansicpg1252\cocoartf1138\cocoasubrtf230
+				<dict>
+					<key>Bounds</key>
+					<string>{{466.11105, 558.50958}, {129.4222, 16.413294}}</string>
+					<key>Class</key>
+					<string>ShapedGraphic</string>
+					<key>ID</key>
+					<integer>192</integer>
+					<key>Magnets</key>
+					<array>
+						<string>{0, 1}</string>
+						<string>{0, -1}</string>
+						<string>{1, 0}</string>
+						<string>{-1, 0}</string>
+						<string>{1, 1}</string>
+						<string>{1, -1}</string>
+						<string>{-1, 1}</string>
+						<string>{-1, -1}</string>
+					</array>
+					<key>Shape</key>
+					<string>Rectangle</string>
+					<key>Text</key>
+					<dict>
+						<key>Text</key>
+						<string>{\rtf1\ansi\ansicpg1252\cocoartf1138\cocoasubrtf230
 {\fonttbl\f0\fswiss\fcharset0 Helvetica;}
 {\colortbl;\red255\green255\blue255;}
 \pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\pardirnatural\qc
 
-\f0\fs24 \cf0 cert:hex}</string>
-			</dict>
+\f0\fs24 \cf0 xsd:hexBinary}</string>
+					</dict>
+				</dict>
+				<dict>
+					<key>Bounds</key>
+					<string>{{226.30603, 558.50952}, {369.22726, 179.87692}}</string>
+					<key>Class</key>
+					<string>ShapedGraphic</string>
+					<key>ID</key>
+					<integer>193</integer>
+					<key>Magnets</key>
+					<array>
+						<string>{0, 1}</string>
+						<string>{0, -1}</string>
+						<string>{1, 0}</string>
+						<string>{-1, 0}</string>
+						<string>{1, 1}</string>
+						<string>{1, -1}</string>
+						<string>{-1, 1}</string>
+						<string>{-1, -1}</string>
+					</array>
+					<key>Shape</key>
+					<string>Rectangle</string>
+					<key>Style</key>
+					<dict/>
+					<key>Text</key>
+					<dict>
+						<key>Align</key>
+						<integer>0</integer>
+						<key>Text</key>
+						<string>{\rtf1\ansi\ansicpg1252\cocoartf1138\cocoasubrtf230
+{\fonttbl\f0\fmodern\fcharset0 Courier;}
+{\colortbl;\red255\green255\blue255;}
+\deftab720
+\pard\pardeftab720
+
+\f0\fs24 \cf0 cb24ed85d64d794b69c701c186acc059501e856000f661c93204d8380e07191c5c8b368d2ac32a428acb970398664368dc2a867320220f755e99ca2eecdae62e8d15fb58e1b76ae59cb7ace8838394d59e7250b449176e51a494951a1c366c6217d8768d682dde78dd4d55e613f8839cf275d4c8403743e7862601f3c49a6366e12bb8f498262c3c77de19bce40b32f89ae62c3780f5b6275be337e2b3153ae2ba72a9975ae71ab724649497066b660fcf774b7543d980952d2e8586200eda4158b014e75465d91ecf93efc7ac170c11fc7246fc6ded79c37780000ac4e079f671fd4f207ad770809e0e2d7b0ef5493befe73544d8e1be3dddb52455c61391a1}</string>
+					</dict>
+					<key>TextPlacement</key>
+					<integer>2</integer>
+				</dict>
+			</array>
+			<key>ID</key>
+			<integer>191</integer>
 		</dict>
 		<dict>
-			<key>Bounds</key>
-			<string>{{81.919296, 530.02002}, {49.999599, 18}}</string>
 			<key>Class</key>
-			<string>ShapedGraphic</string>
-			<key>ID</key>
-			<integer>50</integer>
-			<key>Magnets</key>
+			<string>Group</string>
+			<key>Graphics</key>
 			<array>
-				<string>{0, 1}</string>
-				<string>{0, -1}</string>
-				<string>{1, 0}</string>
-				<string>{-1, 0}</string>
-				<string>{1, 1}</string>
-				<string>{1, -1}</string>
-				<string>{-1, 1}</string>
-				<string>{-1, -1}</string>
-			</array>
-			<key>Shape</key>
-			<string>Rectangle</string>
-			<key>Text</key>
-			<dict>
-				<key>Text</key>
-				<string>{\rtf1\ansi\ansicpg1252\cocoartf1138\cocoasubrtf230
+				<dict>
+					<key>Bounds</key>
+					<string>{{135.45203, 682.59119}, {49.999588, 18}}</string>
+					<key>Class</key>
+					<string>ShapedGraphic</string>
+					<key>ID</key>
+					<integer>195</integer>
+					<key>Magnets</key>
+					<array>
+						<string>{0, 1}</string>
+						<string>{0, -1}</string>
+						<string>{1, 0}</string>
+						<string>{-1, 0}</string>
+						<string>{1, 1}</string>
+						<string>{1, -1}</string>
+						<string>{-1, 1}</string>
+						<string>{-1, -1}</string>
+					</array>
+					<key>Shape</key>
+					<string>Rectangle</string>
+					<key>Text</key>
+					<dict>
+						<key>Text</key>
+						<string>{\rtf1\ansi\ansicpg1252\cocoartf1138\cocoasubrtf230
 {\fonttbl\f0\fswiss\fcharset0 Helvetica;}
 {\colortbl;\red255\green255\blue255;}
 \pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\pardirnatural\qc
 
-\f0\fs24 \cf0 cert:int}</string>
-			</dict>
+\f0\fs24 \cf0 xsd:int}</string>
+					</dict>
+				</dict>
+				<dict>
+					<key>Bounds</key>
+					<string>{{121.45161, 682.59119}, {64, 42}}</string>
+					<key>Class</key>
+					<string>ShapedGraphic</string>
+					<key>ID</key>
+					<integer>196</integer>
+					<key>Magnets</key>
+					<array>
+						<string>{0, 1}</string>
+						<string>{0, -1}</string>
+						<string>{1, 0}</string>
+						<string>{-1, 0}</string>
+						<string>{1, 1}</string>
+						<string>{1, -1}</string>
+						<string>{-1, 1}</string>
+						<string>{-1, -1}</string>
+					</array>
+					<key>Shape</key>
+					<string>Rectangle</string>
+					<key>Style</key>
+					<dict/>
+					<key>Text</key>
+					<dict>
+						<key>Text</key>
+						<string>{\rtf1\ansi\ansicpg1252\cocoartf1138\cocoasubrtf230
+{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
+{\colortbl;\red255\green255\blue255;}
+\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\pardirnatural\qc
+
+\f0\fs24 \cf0 65537}</string>
+					</dict>
+					<key>TextPlacement</key>
+					<integer>2</integer>
+				</dict>
+			</array>
+			<key>ID</key>
+			<integer>194</integer>
 		</dict>
 		<dict>
 			<key>Bounds</key>
-			<string>{{186.44353, 140.65331}, {64, 24}}</string>
+			<string>{{258.96838, 234.04915}, {64, 24}}</string>
 			<key>Class</key>
 			<string>ShapedGraphic</string>
 			<key>FitText</key>
@@ -287,13 +748,13 @@
 				<real>12</real>
 			</dict>
 			<key>ID</key>
-			<integer>49</integer>
+			<integer>197</integer>
 			<key>Line</key>
 			<dict>
 				<key>ID</key>
-				<integer>31</integer>
+				<integer>211</integer>
 				<key>Position</key>
-				<real>0.48328354954719543</real>
+				<real>0.48273703455924988</real>
 				<key>RotationType</key>
 				<integer>0</integer>
 			</dict>
@@ -308,8 +769,17 @@
 				</dict>
 				<key>stroke</key>
 				<dict>
-					<key>Draws</key>
-					<string>NO</string>
+					<key>Color</key>
+					<dict>
+						<key>b</key>
+						<string>0.882653</string>
+						<key>g</key>
+						<string>0.568663</string>
+						<key>r</key>
+						<string>0.427855</string>
+					</dict>
+					<key>Width</key>
+					<real>0.0</real>
 				</dict>
 			</dict>
 			<key>Text</key>
@@ -327,7 +797,7 @@
 		</dict>
 		<dict>
 			<key>Bounds</key>
-			<string>{{68.237846, 276.1048}, {53, 24}}</string>
+			<string>{{110.80666, 371.88705}, {53, 24}}</string>
 			<key>Class</key>
 			<string>ShapedGraphic</string>
 			<key>FitText</key>
@@ -347,11 +817,11 @@
 				<real>12</real>
 			</dict>
 			<key>ID</key>
-			<integer>48</integer>
+			<integer>198</integer>
 			<key>Line</key>
 			<dict>
 				<key>ID</key>
-				<integer>47</integer>
+				<integer>199</integer>
 				<key>Position</key>
 				<real>0.42995861172676086</real>
 				<key>RotationType</key>
@@ -391,15 +861,15 @@
 			<key>Head</key>
 			<dict>
 				<key>ID</key>
-				<integer>33</integer>
+				<integer>209</integer>
 			</dict>
 			<key>ID</key>
-			<integer>47</integer>
+			<integer>199</integer>
 			<key>Points</key>
 			<array>
-				<string>{93.489799, 249}</string>
-				<string>{96.237999, 335.10901}</string>
-				<string>{96.158195, 339.95197}</string>
+				<string>{165.93863, 344.69342}</string>
+				<string>{129.68669, 399.32605}</string>
+				<string>{139.935, 437.5929}</string>
 			</array>
 			<key>Style</key>
 			<dict>
@@ -416,62 +886,7 @@
 		</dict>
 		<dict>
 			<key>Bounds</key>
-			<string>{{191.35899, 395}, {336.64099, 276}}</string>
-			<key>Class</key>
-			<string>ShapedGraphic</string>
-			<key>ID</key>
-			<integer>46</integer>
-			<key>Magnets</key>
-			<array>
-				<string>{0, 1}</string>
-				<string>{0, -1}</string>
-				<string>{1, 0}</string>
-				<string>{-1, 0}</string>
-				<string>{1, 1}</string>
-				<string>{1, -1}</string>
-				<string>{-1, 1}</string>
-				<string>{-1, -1}</string>
-			</array>
-			<key>Shape</key>
-			<string>Rectangle</string>
-			<key>Style</key>
-			<dict/>
-			<key>Text</key>
-			<dict>
-				<key>Align</key>
-				<integer>0</integer>
-				<key>Text</key>
-				<string>{\rtf1\ansi\ansicpg1252\cocoartf1138\cocoasubrtf230
-{\fonttbl\f0\fmodern\fcharset0 Courier;}
-{\colortbl;\red255\green255\blue255;}
-\deftab720
-\pard\pardeftab720
-
-\f0\fs24 \cf0 00:cb:24:ed:85:d6:4d:79:4b:69:c7:01:c1:86:ac:\
-c0:59:50:1e:85:60:00:f6:61:c9:32:04:d8:38:0e:\
-07:19:1c:5c:8b:36:8d:2a:c3:2a:42:8a:cb:97:03:\
-98:66:43:68:dc:2a:86:73:20:22:0f:75:5e:99:ca:\
-2e:ec:da:e6:2e:8d:15:fb:58:e1:b7:6a:e5:9c:b7:\
-ac:e8:83:83:94:d5:9e:72:50:b4:49:17:6e:51:a4:\
-94:95:1a:1c:36:6c:62:17:d8:76:8d:68:2d:de:78:\
-dd:4d:55:e6:13:f8:83:9c:f2:75:d4:c8:40:37:43:\
-e7:86:26:01:f3:c4:9a:63:66:e1:2b:b8:f4:98:26:\
-2c:3c:77:de:19:bc:e4:0b:32:f8:9a:e6:2c:37:80:\
-f5:b6:27:5b:e3:37:e2:b3:15:3a:e2:ba:72:a9:97:\
-5a:e7:1a:b7:24:64:94:97:06:6b:66:0f:cf:77:4b:\
-75:43:d9:80:95:2d:2e:85:86:20:0e:da:41:58:b0:\
-14:e7:54:65:d9:1e:cf:93:ef:c7:ac:17:0c:11:fc:\
-72:46:fc:6d:ed:79:c3:77:80:00:0a:c4:e0:79:f6:\
-71:fd:4f:20:7a:d7:70:80:9e:0e:2d:7b:0e:f5:49:\
-3b:ef:e7:35:44:d8:e1:be:3d:dd:b5:24:55:c6:13:\
-91:a1}</string>
-			</dict>
-			<key>TextPlacement</key>
-			<integer>2</integer>
-		</dict>
-		<dict>
-			<key>Bounds</key>
-			<string>{{188.77599, 344.44638}, {76, 24}}</string>
+			<string>{{131.739, 496.79349}, {79, 24}}</string>
 			<key>Class</key>
 			<string>ShapedGraphic</string>
 			<key>FitText</key>
@@ -491,11 +906,106 @@
 				<real>12</real>
 			</dict>
 			<key>ID</key>
-			<integer>45</integer>
+			<integer>200</integer>
 			<key>Line</key>
 			<dict>
 				<key>ID</key>
-				<integer>44</integer>
+				<integer>201</integer>
+				<key>Position</key>
+				<real>0.24126927554607391</real>
+				<key>RotationType</key>
+				<integer>0</integer>
+			</dict>
+			<key>Shape</key>
+			<string>Rectangle</string>
+			<key>Style</key>
+			<dict>
+				<key>shadow</key>
+				<dict>
+					<key>Draws</key>
+					<string>NO</string>
+				</dict>
+				<key>stroke</key>
+				<dict>
+					<key>Draws</key>
+					<string>NO</string>
+				</dict>
+			</dict>
+			<key>Text</key>
+			<dict>
+				<key>Text</key>
+				<string>{\rtf1\ansi\ansicpg1252\cocoartf1138\cocoasubrtf230
+{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
+{\colortbl;\red255\green255\blue255;}
+\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\pardirnatural\qc
+
+\f0\fs24 \cf0 cert:modulus}</string>
+			</dict>
+			<key>Wrap</key>
+			<string>NO</string>
+		</dict>
+		<dict>
+			<key>Class</key>
+			<string>LineGraphic</string>
+			<key>Head</key>
+			<dict>
+				<key>ID</key>
+				<integer>193</integer>
+			</dict>
+			<key>ID</key>
+			<integer>201</integer>
+			<key>Points</key>
+			<array>
+				<string>{151.21638, 463.99704}</string>
+				<string>{172.05733, 498.30563}</string>
+				<string>{157.68668, 597.28503}</string>
+				<string>{226.30605, 648.448}</string>
+			</array>
+			<key>Style</key>
+			<dict>
+				<key>stroke</key>
+				<dict>
+					<key>HeadArrow</key>
+					<string>FilledArrow</string>
+					<key>LineType</key>
+					<integer>1</integer>
+					<key>TailArrow</key>
+					<string>0</string>
+				</dict>
+			</dict>
+			<key>Tail</key>
+			<dict>
+				<key>ID</key>
+				<integer>209</integer>
+			</dict>
+		</dict>
+		<dict>
+			<key>Bounds</key>
+			<string>{{70.959244, 542.05835}, {83, 24}}</string>
+			<key>Class</key>
+			<string>ShapedGraphic</string>
+			<key>FitText</key>
+			<string>YES</string>
+			<key>Flow</key>
+			<string>Resize</string>
+			<key>FontInfo</key>
+			<dict>
+				<key>Color</key>
+				<dict>
+					<key>w</key>
+					<string>0</string>
+				</dict>
+				<key>Font</key>
+				<string>Helvetica</string>
+				<key>Size</key>
+				<real>12</real>
+			</dict>
+			<key>ID</key>
+			<integer>202</integer>
+			<key>Line</key>
+			<dict>
+				<key>ID</key>
+				<integer>203</integer>
 				<key>Position</key>
 				<real>0.42995861172676086</real>
 				<key>RotationType</key>
@@ -524,7 +1034,7 @@
 {\colortbl;\red255\green255\blue255;}
 \pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\pardirnatural\qc
 
-\f0\fs24 \cf0 rsa:modulus}</string>
+\f0\fs24 \cf0 cert:exponent}</string>
 			</dict>
 			<key>Wrap</key>
 			<string>NO</string>
@@ -535,16 +1045,15 @@
 			<key>Head</key>
 			<dict>
 				<key>ID</key>
-				<integer>46</integer>
+				<integer>196</integer>
 			</dict>
 			<key>ID</key>
-			<integer>44</integer>
+			<integer>203</integer>
 			<key>Points</key>
 			<array>
-				<string>{110.41571, 354.77353}</string>
-				<string>{255, 358}</string>
-				<string>{322, 373}</string>
-				<string>{359.6795, 395}</string>
+				<string>{138.68835, 465.2164}</string>
+				<string>{110.80666, 541.16266}</string>
+				<string>{153.45161, 682.59119}</string>
 			</array>
 			<key>Style</key>
 			<dict>
@@ -561,47 +1070,12 @@
 			<key>Tail</key>
 			<dict>
 				<key>ID</key>
-				<integer>33</integer>
+				<integer>209</integer>
 			</dict>
 		</dict>
 		<dict>
 			<key>Bounds</key>
-			<string>{{67.9189, 530.02002}, {64, 42}}</string>
-			<key>Class</key>
-			<string>ShapedGraphic</string>
-			<key>ID</key>
-			<integer>43</integer>
-			<key>Magnets</key>
-			<array>
-				<string>{0, 1}</string>
-				<string>{0, -1}</string>
-				<string>{1, 0}</string>
-				<string>{-1, 0}</string>
-				<string>{1, 1}</string>
-				<string>{1, -1}</string>
-				<string>{-1, 1}</string>
-				<string>{-1, -1}</string>
-			</array>
-			<key>Shape</key>
-			<string>Rectangle</string>
-			<key>Style</key>
-			<dict/>
-			<key>Text</key>
-			<dict>
-				<key>Text</key>
-				<string>{\rtf1\ansi\ansicpg1252\cocoartf1138\cocoasubrtf230
-{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
-{\colortbl;\red255\green255\blue255;}
-\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\pardirnatural\qc
-
-\f0\fs24 \cf0 65537}</string>
-			</dict>
-			<key>TextPlacement</key>
-			<integer>2</integer>
-		</dict>
-		<dict>
-			<key>Bounds</key>
-			<string>{{32.121513, 424.73407}, {118, 24}}</string>
+			<string>{{206.66376, 433.46439}, {51, 24}}</string>
 			<key>Class</key>
 			<string>ShapedGraphic</string>
 			<key>FitText</key>
@@ -621,105 +1095,11 @@
 				<real>12</real>
 			</dict>
 			<key>ID</key>
-			<integer>42</integer>
+			<integer>204</integer>
 			<key>Line</key>
 			<dict>
 				<key>ID</key>
-				<integer>41</integer>
-				<key>Position</key>
-				<real>0.42995861172676086</real>
-				<key>RotationType</key>
-				<integer>0</integer>
-			</dict>
-			<key>Shape</key>
-			<string>Rectangle</string>
-			<key>Style</key>
-			<dict>
-				<key>shadow</key>
-				<dict>
-					<key>Draws</key>
-					<string>NO</string>
-				</dict>
-				<key>stroke</key>
-				<dict>
-					<key>Draws</key>
-					<string>NO</string>
-				</dict>
-			</dict>
-			<key>Text</key>
-			<dict>
-				<key>Text</key>
-				<string>{\rtf1\ansi\ansicpg1252\cocoartf1138\cocoasubrtf230
-{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
-{\colortbl;\red255\green255\blue255;}
-\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\pardirnatural\qc
-
-\f0\fs24 \cf0 rsa:public_exponent}</string>
-			</dict>
-			<key>Wrap</key>
-			<string>NO</string>
-		</dict>
-		<dict>
-			<key>Class</key>
-			<string>LineGraphic</string>
-			<key>Head</key>
-			<dict>
-				<key>ID</key>
-				<integer>43</integer>
-			</dict>
-			<key>ID</key>
-			<integer>41</integer>
-			<key>Points</key>
-			<array>
-				<string>{94.945976, 368.91751}</string>
-				<string>{90.837898, 429.98001}</string>
-				<string>{99.9189, 530.02002}</string>
-			</array>
-			<key>Style</key>
-			<dict>
-				<key>stroke</key>
-				<dict>
-					<key>HeadArrow</key>
-					<string>FilledArrow</string>
-					<key>LineType</key>
-					<integer>1</integer>
-					<key>TailArrow</key>
-					<string>0</string>
-				</dict>
-			</dict>
-			<key>Tail</key>
-			<dict>
-				<key>ID</key>
-				<integer>33</integer>
-			</dict>
-		</dict>
-		<dict>
-			<key>Bounds</key>
-			<string>{{195.92648, 307.77432}, {51, 24}}</string>
-			<key>Class</key>
-			<string>ShapedGraphic</string>
-			<key>FitText</key>
-			<string>YES</string>
-			<key>Flow</key>
-			<string>Resize</string>
-			<key>FontInfo</key>
-			<dict>
-				<key>Color</key>
-				<dict>
-					<key>w</key>
-					<string>0</string>
-				</dict>
-				<key>Font</key>
-				<string>Helvetica</string>
-				<key>Size</key>
-				<real>12</real>
-			</dict>
-			<key>ID</key>
-			<integer>40</integer>
-			<key>Line</key>
-			<dict>
-				<key>ID</key>
-				<integer>34</integer>
+				<integer>208</integer>
 				<key>Position</key>
 				<real>0.42995861172676086</real>
 				<key>RotationType</key>
@@ -760,7 +1140,7 @@
 			<array>
 				<dict>
 					<key>Bounds</key>
-					<string>{{377, 308.086}, {151, 14}}</string>
+					<string>{{226.30597, 487.13843}, {151, 14}}</string>
 					<key>Class</key>
 					<string>ShapedGraphic</string>
 					<key>FitText</key>
@@ -768,7 +1148,7 @@
 					<key>Flow</key>
 					<string>Resize</string>
 					<key>ID</key>
-					<integer>36</integer>
+					<integer>206</integer>
 					<key>Shape</key>
 					<string>Rectangle</string>
 					<key>Style</key>
@@ -787,7 +1167,7 @@
 {\colortbl;\red255\green255\blue255;}
 \pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\qc
 
-\f0\b\fs24 \cf0 rsa:RSAPublicKey}</string>
+\f0\b\fs24 \cf0 cert:RSAPublicKey}</string>
 						<key>VerticalPad</key>
 						<integer>0</integer>
 					</dict>
@@ -796,7 +1176,7 @@
 				</dict>
 				<dict>
 					<key>Bounds</key>
-					<string>{{377, 322.086}, {151, 28}}</string>
+					<string>{{226.30597, 501.13843}, {151, 28}}</string>
 					<key>Class</key>
 					<string>ShapedGraphic</string>
 					<key>FitText</key>
@@ -804,7 +1184,7 @@
 					<key>Flow</key>
 					<string>Resize</string>
 					<key>ID</key>
-					<integer>37</integer>
+					<integer>207</integer>
 					<key>Shape</key>
 					<string>Rectangle</string>
 					<key>Style</key>
@@ -825,8 +1205,8 @@
 {\colortbl;\red255\green255\blue255;}
 \pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720
 
-\f0\fs24 \cf0 rsa:public_exponent\
-rsa:modulus}</string>
+\f0\fs24 \cf0 cert:exponent\
+cert:modulus}</string>
 						<key>VerticalPad</key>
 						<integer>0</integer>
 					</dict>
@@ -836,12 +1216,12 @@
 			</array>
 			<key>GridH</key>
 			<array>
-				<integer>36</integer>
-				<integer>37</integer>
+				<integer>206</integer>
+				<integer>207</integer>
 				<array/>
 			</array>
 			<key>ID</key>
-			<integer>35</integer>
+			<integer>205</integer>
 		</dict>
 		<dict>
 			<key>Class</key>
@@ -849,15 +1229,15 @@
 			<key>Head</key>
 			<dict>
 				<key>ID</key>
-				<integer>36</integer>
+				<integer>206</integer>
 			</dict>
 			<key>ID</key>
-			<integer>34</integer>
+			<integer>208</integer>
 			<key>Points</key>
 			<array>
-				<string>{109.91874, 350.66394}</string>
-				<string>{227, 319}</string>
-				<string>{376.50006, 316.40512}</string>
+				<string>{158.1776, 451.08615}</string>
+				<string>{265.03888, 447.28525}</string>
+				<string>{296.00421, 486.74512}</string>
 			</array>
 			<key>Style</key>
 			<dict>
@@ -874,16 +1254,16 @@
 			<key>Tail</key>
 			<dict>
 				<key>ID</key>
-				<integer>33</integer>
+				<integer>209</integer>
 			</dict>
 		</dict>
 		<dict>
 			<key>Bounds</key>
-			<string>{{81.919296, 340.45001}, {28, 28}}</string>
+			<string>{{129.68669, 437.60156}, {28, 28}}</string>
 			<key>Class</key>
 			<string>ShapedGraphic</string>
 			<key>ID</key>
-			<integer>33</integer>
+			<integer>209</integer>
 			<key>Shape</key>
 			<string>Circle</string>
 			<key>Style</key>
@@ -891,11 +1271,11 @@
 		</dict>
 		<dict>
 			<key>Bounds</key>
-			<string>{{331.633, 159}, {90, 24}}</string>
+			<string>{{404.08191, 254.69337}, {90, 24}}</string>
 			<key>Class</key>
 			<string>ShapedGraphic</string>
 			<key>ID</key>
-			<integer>1</integer>
+			<integer>210</integer>
 			<key>Magnets</key>
 			<array>
 				<string>{0, 1}</string>
@@ -916,11 +1296,11 @@
 					<key>Color</key>
 					<dict>
 						<key>b</key>
-						<string>0.8</string>
+						<string>0.882653</string>
 						<key>g</key>
-						<string>0.8</string>
+						<string>0.568663</string>
 						<key>r</key>
-						<string>0.8</string>
+						<string>0.427855</string>
 					</dict>
 				</dict>
 			</dict>
@@ -941,18 +1321,18 @@
 			<key>Head</key>
 			<dict>
 				<key>ID</key>
-				<integer>1</integer>
+				<integer>210</integer>
 				<key>Info</key>
 				<integer>4</integer>
 			</dict>
 			<key>ID</key>
-			<integer>31</integer>
+			<integer>211</integer>
 			<key>Points</key>
 			<array>
-				<string>{116, 186}</string>
-				<string>{188.776, 156}</string>
-				<string>{279.20401, 154.18401}</string>
-				<string>{331.15689, 170.84729}</string>
+				<string>{188.44882, 281.69336}</string>
+				<string>{261.2453, 249.63216}</string>
+				<string>{351.67334, 247.81618}</string>
+				<string>{404.08191, 266.69336}</string>
 			</array>
 			<key>Style</key>
 			<dict>
@@ -961,11 +1341,11 @@
 					<key>Color</key>
 					<dict>
 						<key>b</key>
-						<string>0.8</string>
+						<string>0.882653</string>
 						<key>g</key>
-						<string>0.8</string>
+						<string>0.568663</string>
 						<key>r</key>
-						<string>0.8</string>
+						<string>0.427855</string>
 					</dict>
 					<key>HeadArrow</key>
 					<string>FilledArrow</string>
@@ -978,16 +1358,16 @@
 			<key>Tail</key>
 			<dict>
 				<key>ID</key>
-				<integer>24</integer>
+				<integer>214</integer>
 			</dict>
 		</dict>
 		<dict>
 			<key>Bounds</key>
-			<string>{{16.9592, 231}, {178.041, 18}}</string>
+			<string>{{89.408051, 326.69342}, {194.89795, 18}}</string>
 			<key>Class</key>
 			<string>ShapedGraphic</string>
 			<key>ID</key>
-			<integer>22</integer>
+			<integer>212</integer>
 			<key>Shape</key>
 			<string>Rectangle</string>
 			<key>Style</key>
@@ -1016,7 +1396,7 @@
 {\colortbl;\red255\green255\blue255;}
 \pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\qc
 
-\f0\b\fs24 \cf0 http://joe.example/profile#me}</string>
+\f0\b\fs24 \cf0 https://bob.example/profile#me}</string>
 				<key>VerticalPad</key>
 				<integer>0</integer>
 			</dict>
@@ -1032,11 +1412,11 @@
 					<key>Class</key>
 					<string>LineGraphic</string>
 					<key>ID</key>
-					<integer>24</integer>
+					<integer>214</integer>
 					<key>Points</key>
 					<array>
-						<string>{116, 186}</string>
-						<string>{98, 186}</string>
+						<string>{188.44882, 281.69336}</string>
+						<string>{170.44882, 281.69336}</string>
 					</array>
 					<key>Style</key>
 					<dict>
@@ -1055,11 +1435,11 @@
 					<key>Class</key>
 					<string>LineGraphic</string>
 					<key>ID</key>
-					<integer>25</integer>
+					<integer>215</integer>
 					<key>Points</key>
 					<array>
-						<string>{98, 186}</string>
-						<string>{80, 186}</string>
+						<string>{170.44882, 281.69336}</string>
+						<string>{152.44882, 281.69336}</string>
 					</array>
 					<key>Style</key>
 					<dict>
@@ -1078,11 +1458,11 @@
 					<key>Class</key>
 					<string>LineGraphic</string>
 					<key>ID</key>
-					<integer>26</integer>
+					<integer>216</integer>
 					<key>Points</key>
 					<array>
-						<string>{98, 204}</string>
-						<string>{107, 231}</string>
+						<string>{170.44882, 299.69339}</string>
+						<string>{179.44882, 326.69339}</string>
 					</array>
 					<key>Style</key>
 					<dict>
@@ -1101,11 +1481,11 @@
 					<key>Class</key>
 					<string>LineGraphic</string>
 					<key>ID</key>
-					<integer>27</integer>
+					<integer>217</integer>
 					<key>Points</key>
 					<array>
-						<string>{98, 204}</string>
-						<string>{89, 231}</string>
+						<string>{170.44882, 299.69339}</string>
+						<string>{161.44882, 326.69339}</string>
 					</array>
 					<key>Style</key>
 					<dict>
@@ -1128,11 +1508,11 @@
 					<key>Class</key>
 					<string>LineGraphic</string>
 					<key>ID</key>
-					<integer>28</integer>
+					<integer>218</integer>
 					<key>Points</key>
 					<array>
-						<string>{98, 177}</string>
-						<string>{98, 204}</string>
+						<string>{170.44882, 272.69336}</string>
+						<string>{170.44882, 299.69336}</string>
 					</array>
 					<key>Style</key>
 					<dict>
@@ -1147,11 +1527,11 @@
 				</dict>
 				<dict>
 					<key>Bounds</key>
-					<string>{{89, 159}, {18, 18}}</string>
+					<string>{{161.44882, 254.69336}, {18, 18}}</string>
 					<key>Class</key>
 					<string>ShapedGraphic</string>
 					<key>ID</key>
-					<integer>29</integer>
+					<integer>219</integer>
 					<key>Shape</key>
 					<string>Circle</string>
 					<key>Style</key>
@@ -1159,15 +1539,15 @@
 				</dict>
 			</array>
 			<key>ID</key>
-			<integer>23</integer>
+			<integer>213</integer>
 		</dict>
 		<dict>
 			<key>Bounds</key>
-			<string>{{74, 146}, {42, 99}}</string>
+			<string>{{146.44882, 241.69337}, {42, 99}}</string>
 			<key>Class</key>
 			<string>ShapedGraphic</string>
 			<key>ID</key>
-			<integer>30</integer>
+			<integer>220</integer>
 			<key>Shape</key>
 			<string>Rectangle</string>
 			<key>Style</key>
@@ -1191,11 +1571,11 @@
 		</dict>
 		<dict>
 			<key>Bounds</key>
-			<string>{{9, 70.497498}, {537.28198, 610.013}}</string>
+			<string>{{81.448853, 165.4485}, {545.32654, 610.75537}}</string>
 			<key>Class</key>
 			<string>ShapedGraphic</string>
 			<key>ID</key>
-			<integer>15</integer>
+			<integer>221</integer>
 			<key>Shape</key>
 			<string>NoteShape</string>
 			<key>Style</key>
@@ -1210,7 +1590,873 @@
 {\colortbl;\red255\green255\blue255;}
 \pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720
 
-\f0\fs24 \cf0 http://joe.example/profile}</string>
+\f0\fs38 \cf0 https://bob.example/profile}</string>
+				<key>VerticalPad</key>
+				<integer>0</integer>
+			</dict>
+			<key>TextPlacement</key>
+			<integer>0</integer>
+		</dict>
+		<dict>
+			<key>Bounds</key>
+			<string>{{100.326, 131.63264}, {545.32654, 610.75537}}</string>
+			<key>Class</key>
+			<string>ShapedGraphic</string>
+			<key>ID</key>
+			<integer>183</integer>
+			<key>Magnets</key>
+			<array>
+				<string>{0.21419358, -0.5}</string>
+			</array>
+			<key>Shape</key>
+			<string>NoteShape</string>
+			<key>Style</key>
+			<dict/>
+			<key>Text</key>
+			<dict>
+				<key>Align</key>
+				<integer>0</integer>
+				<key>Text</key>
+				<string>{\rtf1\ansi\ansicpg1252\cocoartf1138\cocoasubrtf230
+{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
+{\colortbl;\red255\green255\blue255;}
+\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720
+
+\f0\fs38 \cf0 https://bob.example/profile/protected}</string>
+				<key>VerticalPad</key>
+				<integer>0</integer>
+			</dict>
+			<key>TextPlacement</key>
+			<integer>0</integer>
+		</dict>
+		<dict>
+			<key>Class</key>
+			<string>LineGraphic</string>
+			<key>Head</key>
+			<dict>
+				<key>ID</key>
+				<integer>106</integer>
+			</dict>
+			<key>ID</key>
+			<integer>86</integer>
+			<key>Points</key>
+			<array>
+				<string>{924.82111, 323.93069}</string>
+				<string>{950.45837, 401.16281}</string>
+				<string>{887.75482, 490.95871}</string>
+				<string>{907.38745, 572.59125}</string>
+				<string>{891.58057, 658.24811}</string>
+			</array>
+			<key>Style</key>
+			<dict>
+				<key>stroke</key>
+				<dict>
+					<key>Color</key>
+					<dict>
+						<key>b</key>
+						<string>0.882653</string>
+						<key>g</key>
+						<string>0.568663</string>
+						<key>r</key>
+						<string>0.427855</string>
+					</dict>
+					<key>HeadArrow</key>
+					<string>0</string>
+					<key>LineType</key>
+					<integer>1</integer>
+					<key>TailArrow</key>
+					<string>FilledArrow</string>
+				</dict>
+			</dict>
+			<key>Tail</key>
+			<dict>
+				<key>ID</key>
+				<integer>84</integer>
+			</dict>
+		</dict>
+		<dict>
+			<key>Class</key>
+			<string>Group</string>
+			<key>Graphics</key>
+			<array>
+				<dict>
+					<key>Bounds</key>
+					<string>{{862.49969, 730.59119}, {68, 18}}</string>
+					<key>Class</key>
+					<string>ShapedGraphic</string>
+					<key>ID</key>
+					<integer>99</integer>
+					<key>Shape</key>
+					<string>Rectangle</string>
+					<key>Style</key>
+					<dict>
+						<key>fill</key>
+						<dict>
+							<key>Draws</key>
+							<string>NO</string>
+						</dict>
+						<key>shadow</key>
+						<dict>
+							<key>Draws</key>
+							<string>NO</string>
+						</dict>
+						<key>stroke</key>
+						<dict>
+							<key>Color</key>
+							<dict>
+								<key>b</key>
+								<string>0.882653</string>
+								<key>g</key>
+								<string>0.568663</string>
+								<key>r</key>
+								<string>0.427855</string>
+							</dict>
+							<key>Width</key>
+							<real>0.5</real>
+						</dict>
+					</dict>
+					<key>Text</key>
+					<dict>
+						<key>Text</key>
+						<string>{\rtf1\ansi\ansicpg1252\cocoartf1138\cocoasubrtf230
+{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
+{\colortbl;\red255\green255\blue255;\red109\green145\blue225;}
+\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\qc
+
+\f0\b\fs24 \cf2 Alice}</string>
+						<key>VerticalPad</key>
+						<integer>0</integer>
+					</dict>
+				</dict>
+				<dict>
+					<key>Class</key>
+					<string>Group</string>
+					<key>Graphics</key>
+					<array>
+						<dict>
+							<key>AllowLabelDrop</key>
+							<false/>
+							<key>Class</key>
+							<string>LineGraphic</string>
+							<key>ID</key>
+							<integer>101</integer>
+							<key>Points</key>
+							<array>
+								<string>{907.85645, 685.59119}</string>
+								<string>{889.85638, 685.59119}</string>
+							</array>
+							<key>Style</key>
+							<dict>
+								<key>stroke</key>
+								<dict>
+									<key>Color</key>
+									<dict>
+										<key>b</key>
+										<string>0.882653</string>
+										<key>g</key>
+										<string>0.568663</string>
+										<key>r</key>
+										<string>0.427855</string>
+									</dict>
+									<key>HeadArrow</key>
+									<string>0</string>
+									<key>TailArrow</key>
+									<string>0</string>
+								</dict>
+							</dict>
+						</dict>
+						<dict>
+							<key>AllowLabelDrop</key>
+							<false/>
+							<key>Class</key>
+							<string>LineGraphic</string>
+							<key>ID</key>
+							<integer>102</integer>
+							<key>Points</key>
+							<array>
+								<string>{889.85638, 685.59119}</string>
+								<string>{871.85638, 685.59119}</string>
+							</array>
+							<key>Style</key>
+							<dict>
+								<key>stroke</key>
+								<dict>
+									<key>Color</key>
+									<dict>
+										<key>b</key>
+										<string>0.882653</string>
+										<key>g</key>
+										<string>0.568663</string>
+										<key>r</key>
+										<string>0.427855</string>
+									</dict>
+									<key>HeadArrow</key>
+									<string>0</string>
+									<key>TailArrow</key>
+									<string>0</string>
+								</dict>
+							</dict>
+						</dict>
+						<dict>
+							<key>AllowLabelDrop</key>
+							<false/>
+							<key>Class</key>
+							<string>LineGraphic</string>
+							<key>ID</key>
+							<integer>103</integer>
+							<key>Points</key>
+							<array>
+								<string>{889.85645, 703.59119}</string>
+								<string>{898.85638, 730.59119}</string>
+							</array>
+							<key>Style</key>
+							<dict>
+								<key>stroke</key>
+								<dict>
+									<key>Color</key>
+									<dict>
+										<key>b</key>
+										<string>0.882653</string>
+										<key>g</key>
+										<string>0.568663</string>
+										<key>r</key>
+										<string>0.427855</string>
+									</dict>
+									<key>HeadArrow</key>
+									<string>0</string>
+									<key>TailArrow</key>
+									<string>0</string>
+								</dict>
+							</dict>
+						</dict>
+						<dict>
+							<key>AllowLabelDrop</key>
+							<false/>
+							<key>Class</key>
+							<string>LineGraphic</string>
+							<key>ID</key>
+							<integer>104</integer>
+							<key>Points</key>
+							<array>
+								<string>{889.85638, 703.59119}</string>
+								<string>{880.85638, 730.59119}</string>
+							</array>
+							<key>Style</key>
+							<dict>
+								<key>stroke</key>
+								<dict>
+									<key>Color</key>
+									<dict>
+										<key>b</key>
+										<string>0.882653</string>
+										<key>g</key>
+										<string>0.568663</string>
+										<key>r</key>
+										<string>0.427855</string>
+									</dict>
+									<key>HeadArrow</key>
+									<string>0</string>
+									<key>TailArrow</key>
+									<string>0</string>
+								</dict>
+							</dict>
+						</dict>
+						<dict>
+							<key>AllowConnections</key>
+							<string>NO</string>
+							<key>AllowLabelDrop</key>
+							<false/>
+							<key>AllowToConnect</key>
+							<false/>
+							<key>Class</key>
+							<string>LineGraphic</string>
+							<key>ID</key>
+							<integer>105</integer>
+							<key>Points</key>
+							<array>
+								<string>{889.85638, 676.59119}</string>
+								<string>{889.85638, 703.59119}</string>
+							</array>
+							<key>Style</key>
+							<dict>
+								<key>stroke</key>
+								<dict>
+									<key>Color</key>
+									<dict>
+										<key>b</key>
+										<string>0.882653</string>
+										<key>g</key>
+										<string>0.568663</string>
+										<key>r</key>
+										<string>0.427855</string>
+									</dict>
+									<key>HeadArrow</key>
+									<string>0</string>
+									<key>TailArrow</key>
+									<string>0</string>
+								</dict>
+							</dict>
+						</dict>
+						<dict>
+							<key>Bounds</key>
+							<string>{{880.85638, 658.59119}, {18, 18}}</string>
+							<key>Class</key>
+							<string>ShapedGraphic</string>
+							<key>ID</key>
+							<integer>106</integer>
+							<key>Shape</key>
+							<string>Circle</string>
+							<key>Style</key>
+							<dict>
+								<key>stroke</key>
+								<dict>
+									<key>Color</key>
+									<dict>
+										<key>b</key>
+										<string>0.882653</string>
+										<key>g</key>
+										<string>0.568663</string>
+										<key>r</key>
+										<string>0.427855</string>
+									</dict>
+								</dict>
+							</dict>
+						</dict>
+					</array>
+					<key>ID</key>
+					<integer>100</integer>
+				</dict>
+			</array>
+			<key>ID</key>
+			<integer>98</integer>
+		</dict>
+		<dict>
+			<key>Bounds</key>
+			<string>{{814.73431, 628.71368}, {135.22614, 130.70239}}</string>
+			<key>Class</key>
+			<string>ShapedGraphic</string>
+			<key>ID</key>
+			<integer>97</integer>
+			<key>Shape</key>
+			<string>NoteShape</string>
+			<key>Style</key>
+			<dict>
+				<key>stroke</key>
+				<dict>
+					<key>Color</key>
+					<dict>
+						<key>b</key>
+						<string>0.882653</string>
+						<key>g</key>
+						<string>0.568663</string>
+						<key>r</key>
+						<string>0.427855</string>
+					</dict>
+				</dict>
+			</dict>
+			<key>Text</key>
+			<dict>
+				<key>Align</key>
+				<integer>0</integer>
+				<key>Text</key>
+				<string>{\rtf1\ansi\ansicpg1252\cocoartf1138\cocoasubrtf230
+{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
+{\colortbl;\red255\green255\blue255;\red109\green145\blue225;}
+\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720
+
+\f0\fs38 \cf2 /home}</string>
+				<key>VerticalPad</key>
+				<integer>0</integer>
+			</dict>
+			<key>TextPlacement</key>
+			<integer>0</integer>
+		</dict>
+		<dict>
+			<key>Bounds</key>
+			<string>{{887.75482, 305.69342}, {68, 18}}</string>
+			<key>Class</key>
+			<string>ShapedGraphic</string>
+			<key>ID</key>
+			<integer>84</integer>
+			<key>Shape</key>
+			<string>Rectangle</string>
+			<key>Style</key>
+			<dict>
+				<key>fill</key>
+				<dict>
+					<key>Draws</key>
+					<string>NO</string>
+				</dict>
+				<key>shadow</key>
+				<dict>
+					<key>Draws</key>
+					<string>NO</string>
+				</dict>
+				<key>stroke</key>
+				<dict>
+					<key>Color</key>
+					<dict>
+						<key>b</key>
+						<string>0.882653</string>
+						<key>g</key>
+						<string>0.568663</string>
+						<key>r</key>
+						<string>0.427855</string>
+					</dict>
+					<key>Width</key>
+					<real>0.5</real>
+				</dict>
+			</dict>
+			<key>Text</key>
+			<dict>
+				<key>Text</key>
+				<string>{\rtf1\ansi\ansicpg1252\cocoartf1138\cocoasubrtf230
+{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
+{\colortbl;\red255\green255\blue255;\red109\green145\blue225;}
+\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\qc
+
+\f0\b\fs24 \cf2 Alois}</string>
+				<key>VerticalPad</key>
+				<integer>0</integer>
+			</dict>
+		</dict>
+		<dict>
+			<key>Class</key>
+			<string>Group</string>
+			<key>Graphics</key>
+			<array>
+				<dict>
+					<key>AllowLabelDrop</key>
+					<false/>
+					<key>Class</key>
+					<string>LineGraphic</string>
+					<key>ID</key>
+					<integer>78</integer>
+					<key>Points</key>
+					<array>
+						<string>{930.49969, 257.69336}</string>
+						<string>{912.49969, 257.69336}</string>
+					</array>
+					<key>Style</key>
+					<dict>
+						<key>stroke</key>
+						<dict>
+							<key>Color</key>
+							<dict>
+								<key>b</key>
+								<string>0.882653</string>
+								<key>g</key>
+								<string>0.568663</string>
+								<key>r</key>
+								<string>0.427855</string>
+							</dict>
+							<key>HeadArrow</key>
+							<string>0</string>
+							<key>TailArrow</key>
+							<string>0</string>
+						</dict>
+					</dict>
+				</dict>
+				<dict>
+					<key>AllowLabelDrop</key>
+					<false/>
+					<key>Class</key>
+					<string>LineGraphic</string>
+					<key>ID</key>
+					<integer>79</integer>
+					<key>Points</key>
+					<array>
+						<string>{912.49969, 257.69336}</string>
+						<string>{894.49969, 257.69336}</string>
+					</array>
+					<key>Style</key>
+					<dict>
+						<key>stroke</key>
+						<dict>
+							<key>Color</key>
+							<dict>
+								<key>b</key>
+								<string>0.882653</string>
+								<key>g</key>
+								<string>0.568663</string>
+								<key>r</key>
+								<string>0.427855</string>
+							</dict>
+							<key>HeadArrow</key>
+							<string>0</string>
+							<key>TailArrow</key>
+							<string>0</string>
+						</dict>
+					</dict>
+				</dict>
+				<dict>
+					<key>AllowLabelDrop</key>
+					<false/>
+					<key>Class</key>
+					<string>LineGraphic</string>
+					<key>ID</key>
+					<integer>80</integer>
+					<key>Points</key>
+					<array>
+						<string>{912.49969, 275.69333}</string>
+						<string>{921.49969, 302.69333}</string>
+					</array>
+					<key>Style</key>
+					<dict>
+						<key>stroke</key>
+						<dict>
+							<key>Color</key>
+							<dict>
+								<key>b</key>
+								<string>0.882653</string>
+								<key>g</key>
+								<string>0.568663</string>
+								<key>r</key>
+								<string>0.427855</string>
+							</dict>
+							<key>HeadArrow</key>
+							<string>0</string>
+							<key>TailArrow</key>
+							<string>0</string>
+						</dict>
+					</dict>
+				</dict>
+				<dict>
+					<key>AllowLabelDrop</key>
+					<false/>
+					<key>Class</key>
+					<string>LineGraphic</string>
+					<key>ID</key>
+					<integer>81</integer>
+					<key>Points</key>
+					<array>
+						<string>{912.49969, 275.69333}</string>
+						<string>{903.49969, 302.69333}</string>
+					</array>
+					<key>Style</key>
+					<dict>
+						<key>stroke</key>
+						<dict>
+							<key>Color</key>
+							<dict>
+								<key>b</key>
+								<string>0.882653</string>
+								<key>g</key>
+								<string>0.568663</string>
+								<key>r</key>
+								<string>0.427855</string>
+							</dict>
+							<key>HeadArrow</key>
+							<string>0</string>
+							<key>TailArrow</key>
+							<string>0</string>
+						</dict>
+					</dict>
+				</dict>
+				<dict>
+					<key>AllowConnections</key>
+					<string>NO</string>
+					<key>AllowLabelDrop</key>
+					<false/>
+					<key>AllowToConnect</key>
+					<false/>
+					<key>Class</key>
+					<string>LineGraphic</string>
+					<key>ID</key>
+					<integer>82</integer>
+					<key>Points</key>
+					<array>
+						<string>{912.49969, 248.69337}</string>
+						<string>{912.49969, 275.69336}</string>
+					</array>
+					<key>Style</key>
+					<dict>
+						<key>stroke</key>
+						<dict>
+							<key>Color</key>
+							<dict>
+								<key>b</key>
+								<string>0.882653</string>
+								<key>g</key>
+								<string>0.568663</string>
+								<key>r</key>
+								<string>0.427855</string>
+							</dict>
+							<key>HeadArrow</key>
+							<string>0</string>
+							<key>TailArrow</key>
+							<string>0</string>
+						</dict>
+					</dict>
+				</dict>
+				<dict>
+					<key>Bounds</key>
+					<string>{{903.49969, 230.69336}, {18, 18}}</string>
+					<key>Class</key>
+					<string>ShapedGraphic</string>
+					<key>ID</key>
+					<integer>83</integer>
+					<key>Shape</key>
+					<string>Circle</string>
+					<key>Style</key>
+					<dict>
+						<key>stroke</key>
+						<dict>
+							<key>Color</key>
+							<dict>
+								<key>b</key>
+								<string>0.882653</string>
+								<key>g</key>
+								<string>0.568663</string>
+								<key>r</key>
+								<string>0.427855</string>
+							</dict>
+						</dict>
+					</dict>
+				</dict>
+			</array>
+			<key>ID</key>
+			<integer>77</integer>
+		</dict>
+		<dict>
+			<key>Bounds</key>
+			<string>{{825.42151, 220.18315}, {135.22614, 111.64958}}</string>
+			<key>Class</key>
+			<string>ShapedGraphic</string>
+			<key>ID</key>
+			<integer>96</integer>
+			<key>Shape</key>
+			<string>NoteShape</string>
+			<key>Style</key>
+			<dict>
+				<key>stroke</key>
+				<dict>
+					<key>Color</key>
+					<dict>
+						<key>b</key>
+						<string>0.882653</string>
+						<key>g</key>
+						<string>0.568663</string>
+						<key>r</key>
+						<string>0.427855</string>
+					</dict>
+				</dict>
+			</dict>
+			<key>Text</key>
+			<dict>
+				<key>Align</key>
+				<integer>0</integer>
+				<key>Text</key>
+				<string>{\rtf1\ansi\ansicpg1252\cocoartf1138\cocoasubrtf230
+{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
+{\colortbl;\red255\green255\blue255;\red109\green145\blue225;}
+\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720
+
+\f0\fs38 \cf2 /p/Alois}</string>
+				<key>VerticalPad</key>
+				<integer>0</integer>
+			</dict>
+			<key>TextPlacement</key>
+			<integer>0</integer>
+		</dict>
+		<dict>
+			<key>Bounds</key>
+			<string>{{859.55188, 465.79803}, {68, 24}}</string>
+			<key>Class</key>
+			<string>ShapedGraphic</string>
+			<key>FitText</key>
+			<string>YES</string>
+			<key>Flow</key>
+			<string>Resize</string>
+			<key>FontInfo</key>
+			<dict>
+				<key>Color</key>
+				<dict>
+					<key>w</key>
+					<string>0</string>
+				</dict>
+				<key>Font</key>
+				<string>Helvetica</string>
+				<key>Size</key>
+				<real>12</real>
+			</dict>
+			<key>ID</key>
+			<integer>87</integer>
+			<key>Line</key>
+			<dict>
+				<key>ID</key>
+				<integer>86</integer>
+				<key>Position</key>
+				<real>0.48328354954719543</real>
+				<key>RotationType</key>
+				<integer>0</integer>
+			</dict>
+			<key>Shape</key>
+			<string>Rectangle</string>
+			<key>Style</key>
+			<dict>
+				<key>shadow</key>
+				<dict>
+					<key>Draws</key>
+					<string>NO</string>
+				</dict>
+				<key>stroke</key>
+				<dict>
+					<key>Draws</key>
+					<string>NO</string>
+				</dict>
+			</dict>
+			<key>Text</key>
+			<dict>
+				<key>Text</key>
+				<string>{\rtf1\ansi\ansicpg1252\cocoartf1138\cocoasubrtf230
+{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
+{\colortbl;\red255\green255\blue255;\red102\green102\blue102;}
+\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\pardirnatural\qc
+
+\f0\fs24 \cf2 foaf:knows}</string>
+			</dict>
+			<key>Wrap</key>
+			<string>NO</string>
+		</dict>
+		<dict>
+			<key>Bounds</key>
+			<string>{{786.97931, 590.64172}, {201.02045, 185.56201}}</string>
+			<key>Class</key>
+			<string>ShapedGraphic</string>
+			<key>ID</key>
+			<integer>85</integer>
+			<key>Magnets</key>
+			<array>
+				<string>{0, 1}</string>
+				<string>{0, -1}</string>
+				<string>{1, 0}</string>
+				<string>{-1, 0}</string>
+			</array>
+			<key>Shape</key>
+			<string>Cube</string>
+			<key>Style</key>
+			<dict>
+				<key>stroke</key>
+				<dict>
+					<key>Color</key>
+					<dict>
+						<key>b</key>
+						<string>0.882653</string>
+						<key>g</key>
+						<string>0.568663</string>
+						<key>r</key>
+						<string>0.427855</string>
+					</dict>
+				</dict>
+			</dict>
+			<key>Text</key>
+			<dict>
+				<key>Align</key>
+				<integer>0</integer>
+				<key>Text</key>
+				<string>{\rtf1\ansi\ansicpg1252\cocoartf1138\cocoasubrtf230
+{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
+{\colortbl;\red255\green255\blue255;\red109\green145\blue225;}
+\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720
+
+\f0\b\fs24 \cf2 alice.example}</string>
+				<key>VerticalPad</key>
+				<integer>0</integer>
+			</dict>
+			<key>TextPlacement</key>
+			<integer>0</integer>
+		</dict>
+		<dict>
+			<key>Bounds</key>
+			<string>{{814.73425, 176.67296}, {179.36719, 164.02042}}</string>
+			<key>Class</key>
+			<string>ShapedGraphic</string>
+			<key>ID</key>
+			<integer>65</integer>
+			<key>Magnets</key>
+			<array>
+				<string>{0, 1}</string>
+				<string>{0, -1}</string>
+				<string>{1, 0}</string>
+				<string>{-1, 0}</string>
+			</array>
+			<key>Shape</key>
+			<string>Cube</string>
+			<key>Style</key>
+			<dict>
+				<key>stroke</key>
+				<dict>
+					<key>Color</key>
+					<dict>
+						<key>b</key>
+						<string>0.882653</string>
+						<key>g</key>
+						<string>0.568663</string>
+						<key>r</key>
+						<string>0.427855</string>
+					</dict>
+				</dict>
+			</dict>
+			<key>Text</key>
+			<dict>
+				<key>Align</key>
+				<integer>0</integer>
+				<key>Text</key>
+				<string>{\rtf1\ansi\ansicpg1252\cocoartf1138\cocoasubrtf230
+{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
+{\colortbl;\red255\green255\blue255;\red109\green145\blue225;}
+\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720
+
+\f0\b\fs24 \cf2 example.edu}</string>
+				<key>VerticalPad</key>
+				<integer>0</integer>
+			</dict>
+			<key>TextPlacement</key>
+			<integer>0</integer>
+		</dict>
+		<dict>
+			<key>Bounds</key>
+			<string>{{61.409294, 25.632336}, {669.46948, 774.41821}}</string>
+			<key>Class</key>
+			<string>ShapedGraphic</string>
+			<key>ID</key>
+			<integer>64</integer>
+			<key>Magnets</key>
+			<array>
+				<string>{0, 1}</string>
+				<string>{0, -1}</string>
+				<string>{1, 0}</string>
+				<string>{-1, 0}</string>
+			</array>
+			<key>Shape</key>
+			<string>Cube</string>
+			<key>Style</key>
+			<dict>
+				<key>stroke</key>
+				<dict>
+					<key>Color</key>
+					<dict>
+						<key>b</key>
+						<string>0.882653</string>
+						<key>g</key>
+						<string>0.568663</string>
+						<key>r</key>
+						<string>0.427855</string>
+					</dict>
+				</dict>
+			</dict>
+			<key>Text</key>
+			<dict>
+				<key>Align</key>
+				<integer>0</integer>
+				<key>Text</key>
+				<string>{\rtf1\ansi\ansicpg1252\cocoartf1138\cocoasubrtf230
+{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
+{\colortbl;\red255\green255\blue255;}
+\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720
+
+\f0\b\fs40 \cf0 bob.example}</string>
 				<key>VerticalPad</key>
 				<integer>0</integer>
 			</dict>
@@ -1225,7 +2471,7 @@
 	<key>GuidesVisible</key>
 	<string>YES</string>
 	<key>HPages</key>
-	<integer>1</integer>
+	<integer>2</integer>
 	<key>ImageCounter</key>
 	<integer>2</integer>
 	<key>KeepToScale</key>
@@ -1265,7 +2511,7 @@
 	<key>MasterSheets</key>
 	<array/>
 	<key>ModificationDate</key>
-	<string>2011-10-17 16:42:43 +0000</string>
+	<string>2011-11-23 18:52:31 +0000</string>
 	<key>Modifier</key>
 	<string>Henry Story</string>
 	<key>NotesVisible</key>
@@ -1293,11 +2539,6 @@
 			<string>float</string>
 			<string>18</string>
 		</array>
-		<key>NSPaperName</key>
-		<array>
-			<string>string</string>
-			<string>A4</string>
-		</array>
 		<key>NSPaperSize</key>
 		<array>
 			<string>coded</string>
@@ -1338,7 +2579,7 @@
 	<key>UseEntirePage</key>
 	<false/>
 	<key>VPages</key>
-	<integer>1</integer>
+	<integer>2</integer>
 	<key>WindowInfo</key>
 	<dict>
 		<key>CurrentSheet</key>
@@ -1351,21 +2592,19 @@
 			</dict>
 		</array>
 		<key>Frame</key>
-		<string>{{691, 169}, {842, 932}}</string>
+		<string>{{691, 169}, {1135, 932}}</string>
 		<key>ListView</key>
 		<true/>
 		<key>OutlineWidth</key>
 		<integer>142</integer>
 		<key>RightSidebar</key>
 		<false/>
-		<key>ShowRuler</key>
-		<true/>
 		<key>Sidebar</key>
 		<true/>
 		<key>SidebarWidth</key>
 		<integer>120</integer>
 		<key>VisibleRegion</key>
-		<string>{{-80.999992, -3.9999821}, {721.42853, 792.85718}}</string>
+		<string>{{43.877556, 1.0204082}, {1035.7142, 838.77551}}</string>
 		<key>Zoom</key>
 		<real>0.98000001907348633</real>
 		<key>ZoomValues</key>
Binary file spec/img/WebIdGraph.jpg has changed
--- a/spec/index-respec.html	Fri Nov 18 20:05:15 2011 +0100
+++ b/spec/index-respec.html	Wed Nov 23 20:53:38 2011 +0100
@@ -45,6 +45,10 @@
     <script class='remove'>
       var preProc = {
           apply:  function(c) {
+                    // extend the bibliography entries
+                    berjon.biblio["RFC5246"] = "T. Dierks; E. Rescorla. <a href=\"http://tools.ietf.org/html/rfc5246\"><cite>The Transport Layer Security (TLS) Protocol Version 1.2</cite></a> August 2008. Internet RFC 5246. URL: <a href=\"http://tools.ietf.org/html/rfc5246\">http://tools.ietf.org/html/rfc5246</a> ";
+                    berjon.biblio["RFC5746"] = "E. Rescorla, M. Ray, S. Dispensa, N. Oskov,  <a href=\"http://tools.ietf.org/html/rfc5746\"><cite>Transport Layer Security (TLS) Renegotiation Indication Extension</cite></a> February 2010. Internet RFC 5246. URL: <a href=\"http://tools.ietf.org/html/rfc5746\">http://tools.ietf.org/html/rfc5746</a> ";
+
                     // process the document before anything else is done
                     var refs = document.querySelectorAll('adef') ;
                     for (var i = 0; i < refs.length; i++) {
@@ -283,18 +287,9 @@
   <body>
     <section id='abstract'>
 
-<p>Social networking, identity and privacy have been at the center of how we
-interact with the Web in the last decade. The explosion of social networking
-sites has brought the world closer together as well as created new points of
-pain regarding ease of use and the Web. Remembering login details, passwords,
-and sharing private information across the many websites and social groups
-that we are a part of has become more difficult and complicated than necessary.
-The Social Web is designed to ensure that control of identity and privacy
-settings is always simple and under one's control. WebID is a key enabler of the
-Social Web. This specification outlines a simple universal identification
-mechanism that is distributed, openly extensible, improves privacy, security
-and control over how one can identify themselves and control access to their
-information on the Web.
+<p>A global distributed Social Web requires that each person be able to control their identity, that this identity be linkable across sites -  placing each person in a Web of relationships - and that it be possible to authenticate globally with such identities allowing each user to protect resources and enable his preferred privacy settings.
+This specification outlines a simple universal identification mechanism that is distributed, openly extensible, improves privacy, security and control over how each person can identify themselves in order to allow fine grained  access control to their information on the Web.
+It does this by applying the best practices of Web Architecture whilst building on well established widely deployed protocols and standards such as RDF and TLS.
 </p>
 
 <section>
@@ -303,7 +298,7 @@
 <p>There are a number of concepts that are covered in this document that the
 reader may want to be aware of before continuing. General knowledge of
 <a href="http://en.wikipedia.org/wiki/Public_key_cryptography">public key cryptography</a>
-and RDF [[!RDF-PRIMER]] and RDFa [[!RDFA-CORE]] is necessary to understand how
+and RDF [[!RDF-PRIMER]] is necessary to understand how
 to implement this specification. WebID uses a number of specific technologies
 like HTTP over TLS [[!HTTP-TLS]], X.509 certificates [[!X509V3]],
 RDF/XML [[!RDF-SYNTAX-GRAMMAR]] and XHTML+RDFa [[!XHTML-RDFA]].</p>
@@ -411,63 +406,102 @@
 
 <section>
 <h1>Terminology</h1>
-
 <dl>
-
-<dt><tdef>Verification Agent</tdef></dt>
-<dd>Performs authentication on provided WebID credentials and determines if
-an <tref>Identification Agent</tref> can have access to a particular
-resource. A <tref>Verification Agent</tref> is typically a Web server, but
-may also be a peer on a peer-to-peer network.</dd>
+<dt><tdef>Alice</tdef></dt>
+<dd>Alice is an agent who owns a Server which runs a Service which Bob wishes to Access</dd>
 
-<dt><tdef>Identification Agent</tdef></dt>
-<dd>Provides identification credentials to a <tref>Verification Agent</tref>.
-The <tref>Identification Agent</tref> is typically also a User Agent.</dd>
+<dt><tdef>Subject</tdef></dt>
+<dd>The Subject is the Agent that is identified by the <tref>WebID</tref>. When used correctly it is the Subject who wishes to authenticate to a <tref>Service</tref>.
+When speaking of a particular agent, and in order to improve lisibility in this spec, we will name him <tref>Bob</tref>. The Subject is distinct from the <tref>Client</tref> which is used to connect to the <tref>Server</tref>.</dd>
 
-<dt><tdef>Identification Certificate</tdef></dt>
-<dd>An X.509 [[!X509V3]] Certificate that MUST contain a
-<code>Subject Alternative Name</code> extension with at least one URI entry
-identifying the <tref>Identification Agent</tref>. This URI SHOULD be
-dereference-able and result in a document containing RDF data.
-For example, a certificate identifying the WebID URI
-<code>http://example.org/webid#public</code> would contain the following:
-<pre>
+<dt><tdef>Bob</tdef></dt>
+<dd>Bob is an agent who uses a <tref>Client</tref> to connect to <tref>Alice</tref>'s Service, and who controls the private key the client uses to access the resource.</dd>
+
+<dt><tdef>Client</tdef></dt>
+<dd>The Client initiates a request to a Service listening on a specific port using a given protocol on a given Server.</dd>
+
+<dt><tdef>Server</tdef></dt>
+<dd>A Server is a machine contactable at a domain name or ip address that hosts a number of globally accessible Services.</dd>
+
+<dt><tdef>Service</tdef></dt>
+<dd>A Service is a an agent listening for requests at a given ip address on a given Server</dd>  
+
+<dt><tdef>Guard</tdef><dt>
+<dd>A guard is an agent, usually on the <tref>Server</tref> that can look at a request from the <tref>Client</tref> and decide if it needs Authentication by looking at the Access control Rules. 
+If it needs Authentication it can request it, and it can use the <tref>WebId Verifier</tref> to complete identity checks. 
+Finally it can grant or deny access.
+</dd>
+
+<dt><tdef>Verification Agent</tdef> or <tdef>WebId Verifier</tdef></dt>
+<dd>Performs authentication on provided WebID credentials.</dd>
+
+<dt><tdef>WebID Certificate</tdef></dt>
+<dd>An X.509 [[!X509V3]] Certificate that will identify an Agent using a WebID.
+The Certificate need not be signed by a well known Certificate Authority.
+Indeed it can be signed by the server which hosts the certificate, or it can even be self signed. 
+The Certificate MUST contain a <code>Subject Alternative Name</code> extension with at least one URI entry identifying the <tref>Subject</tref>. 
+This URI SHOULD be one of the URIs with a dereferenceable secure scheme, such as https:// .   Dereferencing this URI should return a representation containing RDF data.
+For example, a certificate identifying the WebID URI <code>https://bob.example/profile#me</code> would contain the following:
+<pre class="example">
 X509v3 extensions:
    ...
    X509v3 Subject Alternative Name:
-      URI:http://example.org/webid#public
+      URI:https://bob.example/profile#me
 </pre>
-<p class="issue">TODO: cover the case where there are more than one URI entry</p>
+And it would have a <tref>WebID Profile</tref> at <code>https://bob.example/profile</code>
+Such a URI is known as a <tref>WebID</tref>.
 </dd>
 
-<dt><tdef>WebID URI</tdef></dt>
-<dd>A URI specified via the <code>Subject Alternative Name</code> extension
-of the <tref>Identification Certificate</tref> that identifies an
-<tref>Identification Agent</tref>.</dd>
-
-<dt><tdef>public key</tdef></dt>
-<dd>A widely distributed cryptographic key that can be used to verify
-digital signatures and encrypt data between a sender and a receiver. A public
-key is always included in an <tref>Identification Certificate</tref>.</dd>
+<dt><tdef>WebID</tdef></dt>
+<dd>A URI that refers to an Agent - Person, Robot, Group or other thing that can have Intentions. The WebID should be a URI which when dereferenced returns a representation whose description uniquely identifies the Agent as the controller of a public key. In our example the WebID refers to Bob. A WebID is usually a URL with a #tag, as the meaning of such a URL is defined in the document.</dd> 
+</dd>
 
-<dt><tdef>WebID Profile</tdef></dt>
+<dt><tdef>Public Key</tdef></dt>
+<dd>A cryptographic key that can be published and can be used to verify the possession of a private key. A public
+key is always included in a <tref>WebID Certificate</tref>.</dd>
+
+<dt><tdef>WebID Profile</tdef> or <tdef>Profile Page</tdef></dt>
 <dd>
-A structured document that contains identification credentials for the
-<tref>Identification Agent</tref> expressed using the Resource Description
-Framework [[RDF-CONCEPTS]]. Either the XHTML+RDFa 1.1 [[!XHTML-RDFA]]
-serialization format or the RDF/XML [[!RDF-SYNTAX-GRAMMAR]] serialization
-format MUST be supported by the mechanism, e.g. a Web Service, providing the
-WebID Profile document. Alternate RDF serialization
-formats, such as N3 [[!N3]] or Turtle [[!TURTLE]], MAY be supported by the
-mechanism providing the WebID Profile document.
-<p class="issue">Whether or not RDF/XML, XHTML+RDFa 1.1, both or neither
-serialization of RDF should be required serialization formats in the
-specification is currently under heavy debate.</p>
+A structured document asserting the relationship between the Subject (identified by his WebID) and his <tref>Public Key</tref>s using relationships as defined by the Resource Description Framework [[RDF-CONCEPTS]] and published at the URL location of the Subject's WebID. 
+Dereferencing the <tref>WebID</tref> should return the Profile Document in one of a number of formats. 
+The Server MUST publish the document in at least the XHTML+RDFa 1.1 [[!XHTML-RDFA]] serialization format or in RDF/XML [[!RDF-SYNTAX-GRAMMAR]]. 
+The document may be published in a number of other RDF serialization formats, such as N3 [[!N3]] or Turtle [[!TURTLE]].
+Any serialisation MUST be transformable automatically and in a standard manner to an RDF Graph, using technologies such as GRDDL [[!GRDDL-PRIMER]].
+<p class="issue">Most profiles are currently written out in either of those formats. Whether or not XHTML+RDFa 1.1, both either serialization of RDF should be required serialization formats in the specification is currently under heavy debate and is open to change. </p>
 </dd>
 
 </dl>
+</section>
 
+<section class="normative">
+<h1>Namespaces</h1>
+<p>Examples assume the following namespace prefix bindings unless otherwise stated:</p>
+<table style="text-align: left; border-color: rgb(0, 0, 0); border-collapse: collapse;" border="1" cellpadding="5">
+ <tbody>
+  <tr>
+    <th>Prefix</th>
+    <th>IRI</th>
+  </tr>
+  <tr>
+    <td>cert</td>
+    <td>http://www.w3.org/ns/auth/cert#</td>
+  </tr>
+  <tr>
+    <td>xsd</td>
+    <td>http://www.w3.org/2001/XMLSchema#</td>
+  </tr>
+  <tr>
+    <td>foaf</td>
+    <td>http://xmlns.com/foaf/0.1/</td>
+  </tr>
+  <tr>
+    <td>ex</td>
+    <td>https://bob.example/profile#</td>
+  </tr>
+  </tbody>
+</table>
 
+<p>The ex: namespace is a URI that refers to Bob's profile, where Bob is an imaginary charcter well known in security circles.</p>
 </section>
 
 
@@ -475,19 +509,20 @@
 <h1>Creating the certificate</h1>
 
 <p>The user agent will create a <tref>Identification Certificate</tref> with a
-<code>Subject Alternative Name</code> URI entry. This URI must be one that
-dereferences to a document the user controls so that he can publish the
+<code>Subject Alternative Name</code> URI entry. 
+This URI must be one that dereferences to a document the user controls so that he can publish the
 public key of the <tref>Identification Certificate</tref> at this URI.</p>
-<p>For example, if a user Joe controls <code>http://joe.example/profile</code>,
-then his WebID can be <code>http://joe.example/profile#me</code></p>
-
-<p class="issue">explain why the WebID URI is different from the URI of the
-WebID profile document.</p>
+<p>For example, if a user Bob controls <code>https://bob.example/profile</code>,
+then his WebID can be <code>https://bob.example/profile#me</code></p>
+<p>When creating a certificate it is very important to put an nice Common Name (CN) for the user, that will allow
+him to distinguish between different certificates he may have, such as a personal or a business certificate. 
+In the example below the CN is <code>Bob (personal)</code>. 
+This name can then also be used by any server authenticating the user to immediately find a way to address the user. 
+The WebID should not usually be used as a visible identifier for human users, rather it should be thought of as a hyperlink in an <code>&lta href="https://..."&gt;</code> code, especially if the resulting resource has an html representation. </p> 
 
 <p>As an example to use throughout this specification here is the
 following certificate as an output of the openssl program.</p>
-<p class="example">
-<pre>
+<pre class="example">
 Certificate:
     Data:
         Version: 3 (0x2)
@@ -498,7 +533,7 @@
         Validity
             Not Before: Jun  8 14:16:14 2010 GMT
             Not After : Jun  8 16:16:14 2010 GMT
-        <span style="color: red">Subject:</span> O=FOAF+SSL, OU=The Community Of Self Signers/UID=https://example.org/profile#me, CN=Joe (Personal)
+        <span style="color: red">Subject:</span> O=FOAF+SSL, OU=The Community Of Self Signers, CN=Bob (Personal)
         Subject Public Key Info:
 <span style="color: red">            Public Key Algorithm:</span> rsaEncryption
                 <span style="color: red">Public-Key:</span> (2048 bit)
@@ -526,13 +561,13 @@
             X509v3 Basic Constraints: critical
                 CA:FALSE
             X509v3 Key Usage: critical
-                Digital Signature, Non Repudiation, Key Encipherment, Key Agreement, Certificate Sign
+                Digital Signature, Non Repudiation, Key Encipherment, Key Agreement
             Netscape Cert Type:
                 SSL Client, S/MIME
             X509v3 Subject Key Identifier:
                 08:8E:A5:5B:AE:5D:C3:8B:00:B7:30:62:65:2A:5A:F5:D2:E9:00:FA
             <span style="color: red">X509v3 Subject Alternative Name:</span> critical
-                <span style="color: red">URI:</span>https://joe.example/profile#me
+                <span style="color: red">URI:</span>https://bob.example/profile#me
     Signature Algorithm: sha1WithRSAEncryption
         cf:8c:f8:7b:b2:af:63:f0:0e:dc:64:22:e5:8a:ba:03:1e:f1:
         ee:6f:2c:f5:f5:10:ad:4c:54:fc:49:2b:e1:0d:cd:be:3d:7c:
@@ -543,13 +578,11 @@
         45:0c:b9:48:c0:fd:ac:bc:fb:1b:c9:e0:1c:01:18:5e:44:bb:
         d8:b8
 </pre>
-</p>
 <p class="issue">Should we formally require the Issuer to be
 O=FOAF+SSL, OU=The Community of Self Signers, CN=Not a Certification Authority.
 This was discussed on the list as allowing servers to distinguish certificates
 that are foaf+Ssl enabled from others. Will probably need some very deep TLS
 thinking to get this right.</p>
-<p class="issue">discuss the importance for UIs of the CN</p>
 <p class="issue">The above certificate is no longer valid, as I took an valid
 certificate and change the time and WebID. As a result the Signatiure is now
 false. A completely valid certificate should be generated to avoid nit-pickers
@@ -560,120 +593,98 @@
 <section class='normative'>
 <h1>Publishing the WebID Profile Document</h1>
 
-<p>The <tref>WebID Profile</tref> document MUST expose the relation between the
-<tref>WebID URI</tref> and the <tref>Identification Agent</tref>'s
-<tref>public key</tref>s using the <code>cert</code> and <code>rsa</code>
-ontologies, as well as the <code>cert</code> or <code>xsd</code> datatypes.
-The set of relations to be published at the <tref>WebID Profile</tref> document
-can be presented in a graphical notation as follows.</p>
-<img alt="Web ID graph" src="img/WebIdGraph.jpg"/>
-<p>The document can publish many more relations than are of interest to the
-WebID protocol, as shown in the above graph by the grayed out relations.</p>
-<p>The encoding of this graph is immaterial to the protocol, so long as a well
-known mapping to the format of the representation to such a graph can be found.
-Below we discuss the most well known formats, and a method for dealing with new
-unknown formats as they come along.</p>
-<p>The WebID provider must publish the graph of relations in one of the well
-known formats, though he may publish it in a number of formats to increase the
-usability of his site using content negotiations.</p>
-<p class="issue">Add content negotiation pointers</p>
+<p>The <tref>WebID Profile</tref> document MUST expose the relation between the <tref>WebID URI</tref> and the <tref>Identification Agent</tref>'s <tref>public key</tref>s using the <code>cert</code> ontologies, as well as the standard <code>xsd</code> datatypes.
+The set of relations to be published at the <tref>WebID Profile</tref> document can be presented in a graphical notation as follows.</p>
+<img alt="Web ID graph" width="90%" src="img/WebIdGraph.jpg"/>
+<p>The document can publish many more relations than are of interest to the WebID protocol, as shown in the above graph by the grayed out relations. 
+For example Bob can publish a depiction or logo, so that sites he authenticates to can personalise the user experience. He can post links to people he knows, where those are have WebIDs published on other sites, in order to create a distributed Social Web. 
+He can also publish relations to protected documents, where he keeps more information for people who authenticate, such as his friend Alois or his friends friends who may not yet know him personally, such as Alice.</p>
+<p>
+The protocol does not depend on any particular serialisation of the graph, provided that agents are able to parse that serialisation and obtain the graph automatically.  
+Technologies such as GRDDL [[!GRDDL-PRIMER]] for example permit any XML format to be transformed automatically to a graph of relations.
+Yet for reasons of interoperabity is has been decided that the document MUST be published at least in one of RDFa [XHTML-RDFA] or RDF/XML [RDF-SYNTAX-GRAMMAR]. 
+HTTP Content Negotiation [SWBP-VOCAB-PUB] can be employed to aid in publication and discovery of multiple distinct serialisations of the same graph at the same URL. </p>
+<p>
+Irrespective of whether content negotiation can or not be employed, if an HTML representation of the WebID profile is published, it is suggested that the provider uses the HTML <code>&lt;link&gt;</code> element to allow discovery of the various alternate representations of the graph which may be available:
+</p>
+
+<pre class="example">
+&lt;html&gt;
+&lt;head&gt;
+&lt;link rel="alternate" type="application/rdf+xml" href="profile.rdf"/&gt;
+&lt;link rel="alternate" type="text/turtle" href="profile.ttl"/&gt;
+...
+&lt;/head&gt; ...
+</pre>
 <p>It is particularly useful to have one of the representations be in HTML or
 XHTML even if it is not marked up in RDFa as this allows people using a
 web browser to understand what the information at that URI represents.</p>
 <section class='normative'>
 <h1>Turtle</h1>
-<p>A widely used format for writing RDF graphs is the Turtle notation. </p>
-<p class="example">
-<pre>
- @prefix cert: &lt;http://www.w3.org/ns/auth/cert#&gt; .
- @prefix rsa: &lt;http://www.w3.org/ns/auth/rsa#&gt; .
+<p>A widely used format for writing RDF graphs by hand is the Turtle notation. 
+It is easy to learn to use, is very handy for commmunicating over e-mail and on mailing lists, and can then be transformed into RDF/XML automatically. 
+It is also very similar to the SPARQL query language.
+</p>
+<pre class="example" style="word-wrap: break-word; white-space: pre-wrap;">
+ @prefix : &lt;http://www.w3.org/ns/auth/cert#&gt; .
+ @prefix xsd: &lt;http://www.w3.org/2001/XMLSchema#&gt; .
  @prefix foaf: &lt;http://xmlns.com/foaf/0.1/&gt; .
- @prefix : &lt;https://joe.example/profile#&gt; .
+ @prefix bob: &lt;https://bob.example/profile#&gt; .
+ @prefix rdfs: &lt;http://www.w3.org/1999/02/22-rdf-syntax-ns#&gt; .
 
- :me a foaf:Person;
-   foaf:name "Joe";
-   cert:key [
-     a rsa:RSAPublicKey;
-     rsa:modulus """
-       00:cb:24:ed:85:d6:4d:79:4b:69:c7:01:c1:86:ac:
-       c0:59:50:1e:85:60:00:f6:61:c9:32:04:d8:38:0e:
-       07:19:1c:5c:8b:36:8d:2a:c3:2a:42:8a:cb:97:03:
-       98:66:43:68:dc:2a:86:73:20:22:0f:75:5e:99:ca:
-       2e:ec:da:e6:2e:8d:15:fb:58:e1:b7:6a:e5:9c:b7:
-       ac:e8:83:83:94:d5:9e:72:50:b4:49:17:6e:51:a4:
-       94:95:1a:1c:36:6c:62:17:d8:76:8d:68:2d:de:78:
-       dd:4d:55:e6:13:f8:83:9c:f2:75:d4:c8:40:37:43:
-       e7:86:26:01:f3:c4:9a:63:66:e1:2b:b8:f4:98:26:
-       2c:3c:77:de:19:bc:e4:0b:32:f8:9a:e6:2c:37:80:
-       f5:b6:27:5b:e3:37:e2:b3:15:3a:e2:ba:72:a9:97:
-       5a:e7:1a:b7:24:64:94:97:06:6b:66:0f:cf:77:4b:
-       75:43:d9:80:95:2d:2e:85:86:20:0e:da:41:58:b0:
-       14:e7:54:65:d9:1e:cf:93:ef:c7:ac:17:0c:11:fc:
-       72:46:fc:6d:ed:79:c3:77:80:00:0a:c4:e0:79:f6:
-       71:fd:4f:20:7a:d7:70:80:9e:0e:2d:7b:0e:f5:49:
-       3b:ef:e7:35:44:d8:e1:be:3d:dd:b5:24:55:c6:13:
-       91:a1
-     """^^cert:hex;
-     rsa:public_exponent 65537 ;
-     ] .
+ bob:me a foaf:Person;
+   foaf:name "Bob";
+   foaf:knows &lt;https://example.edu/p/Alois#MSc&gt;;
+   :key [ a :RSAPublicKey;
+     rdfs:label "made on 23 November 2011 on my laptop";
+     :modulus "cb24ed85d64d794b69c701c186acc059501e856000f661c93204d8380e07191c5c8b368d2ac32a428acb970398664368dc2a867320220f755e99ca2eecdae62e8d15fb58e1b76ae59cb7ace8838394d59e7250b449176e51a494951a1c366c6217d8768d682dde78dd4d55e613f8839cf275d4c8403743e7862601f3c49a6366e12bb8f498262c3c77de19bce40b32f89ae62c3780f5b6275be337e2b3153ae2ba72a9975ae71ab724649497066b660fcf774b7543d980952d2e8586200eda4158b014e75465d91ecf93efc7ac170c11fc7246fc6ded79c37780000ac4e079f671fd4f207ad770809e0e2d7b0ef5493befe73544d8e1be3dddb52455c61391a1"^^xsd:hexBinary;
+     :exponent 65537 ;
+    ] .
 </pre>
-</p>
 </section>
 <section>
 <h1>RDFa HTML notation</h1>
 <p>There are many ways of writing out the above graph using RDFa in
-html. Here is just one example.</p>
-<p class="example">
-<pre>
-&lt;html xmlns="http://www.w3.org/1999/xhtml"
+html. Here is just one example of what a WebID profile could look like.</p>
+<pre class="example" style="word-wrap: break-word; white-space: pre-wrap;">
+&lt;!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN"
+  "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"&gt;
+&lt;html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" version="XHTML+RDFa 1.0" dir="ltr"
       xmlns:cert="http://www.w3.org/ns/auth/cert#"
-      xmlns:xsd="http://www.w3.org/2001/XMLSchema#"
       xmlns:foaf="http://xmlns.com/foaf/0.1/"
-      xmlns:owl="http://www.w3.org/2002/07/owl#"
-      xmlns:rsa="http://www.w3.org/ns/auth/rsa#"
-      xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"&gt;
+      xmlns:xsd="http://www.w3.org/2001/XMLSchema#"&gt;
 &lt;head&gt;
+   &lt;title&gt;Welcome to Bob's Home Page&lt;/title&gt;
 &lt;/head&gt;
 &lt;body&gt;
-
-&lt;div&gt;
-  &lt;span property="foaf:name"&gt;Joe&lt;/span&gt;
+&lt;!-- WebID HTML snippet--&gt;
+&lt;div about="#me" typeof="foaf:Person"&gt;
+  &lt;span property="foaf:name"&gt;Bob&lt;/span&gt;
+  &lt;h2&gt;My Good Friends&lt;/h2&gt;
+  &lt;ul&gt;
 
+    &lt;li rel="foaf:knows" href="https://example.edu/p/Alois#MSc"&gt;Alois&lt;/li&gt;
+  &lt;/ul&gt;
+  &lt;h2&gt;My RSA Public Keys&lt;/h2&gt;
   &lt;div rel="cert:key"&gt;
-    &lt;h2&gt;My RSA Public Key&lt;/h2&gt;
-    &lt;div typeof="rsa:RSAPublicKey"&gt;
+    &lt;p&gt;I made this key on the 23 November 2011 from my laptop.&lt;/p&gt;
+    &lt;div typeof="cert:RSAPublicKey"&gt;
       &lt;dl&gt;
+
       &lt;dt&gt;Modulus (hexadecimal)&lt;/dt&gt;
-      &lt;dd property="rsa:modulus" datatype="cert:hex"&gt;
-        00 cb 24 ed 85 d6 4d 79 4b 69 c7 01 c1 86 ac 
-        c0 59 50 1e 85 60 00 f6 61 c9 32 04 d8 38 0e 
-        07 19 1c 5c 8b 36 8d 2a c3 2a 42 8a cb 97 03 
-        98 66 43 68 dc 2a 86 73 20 22 0f 75 5e 99 ca 
-        2e ec da e6 2e 8d 15 fb 58 e1 b7 6a e5 9c b7 
-        ac e8 83 83 94 d5 9e 72 50 b4 49 17 6e 51 a4 
-        94 95 1a 1c 36 6c 62 17 d8 76 8d 68 2d de 78 
-        dd 4d 55 e6 13 f8 83 9c f2 75 d4 c8 40 37 43 
-        e7 86 26 01 f3 c4 9a 63 66 e1 2b b8 f4 98 26 
-        2c 3c 77 de 19 bc e4 0b 32 f8 9a e6 2c 37 80 
-        f5 b6 27 5b e3 37 e2 b3 15 3a e2 ba 72 a9 97 
-        5a e7 1a b7 24 64 94 97 06 6b 66 0f cf 77 4b 
-        75 43 d9 80 95 2d 2e 85 86 20 0e da 41 58 b0 
-        14 e7 54 65 d9 1e cf 93 ef c7 ac 17 0c 11 fc 
-        72 46 fc 6d ed 79 c3 77 80 00 0a c4 e0 79 f6 
-        71 fd 4f 20 7a d7 70 80 9e 0e 2d 7b 0e f5 49 
-        3b ef e7 35 44 d8 e1 be 3d dd b5 24 55 c6 13 
-        91 a1
-      &lt;/dd&gt;
+      &lt;dd property="cert:modulus" datatype="xsd:hexBinary"&gt;cb24ed85d64d794b69c701c186acc059501e856000f661c93204d8380e07191c5c8b368d2ac32a428acb970398664368dc2a867320220f755e99ca2eecdae62e8d15fb58e1b76ae59cb7ace8838394d59e7250b449176e51a494951a1c366c6217d8768d682dde78dd4d55e613f8839cf275d4c8403743e7862601f3c49a6366e12bb8f498262c3c77de19bce40b32f89ae62c3780f5b6275be337e2b3153ae2ba72a9975ae71ab724649497066b660fcf774b7543d980952d2e8586200eda4158b014e75465d91ecf93efc7ac170c11fc7246fc6ded79c37780000ac4e079f671fd4f207ad770809e0e2d7b0ef5493befe73544d8e1be3dddb52455c61391a1&lt;/dd&gt;
       &lt;dt&gt;Exponent (decimal)&lt;/dt&gt;
-      &lt;dd property="rsa:public_exponent" datatype="xsd:int"&gt;65537&lt;/dd&gt;
+      &lt;dd property="cert:exponent" datatype="xsd:int"&gt;65537&lt;/dd&gt;
       &lt;/dl&gt;
     &lt;/div&gt;
   &lt;/div&gt;
+
 &lt;/div&gt;
+&lt;!-- WebID HTML snippet --&gt;
 &lt;/body&gt;
 &lt;/html&gt;
 </pre>
-</p>
+<p class="issue">In order to make the above modulus easy to read for humans who may wish to compare it with the modulus in their browser, one can add some javascript. Add some javascript here that adds a : between every two characters, and that splits the line up in chunks.</p>
 <p>If a WebID provider would rather prefer not to mark up his data in RDFa, but
 just provide a human readable format for users and have the RDF graph appear
 in a machine readable format such as RDF/XML then he MAY publish the link from
@@ -683,7 +694,7 @@
 <pre>
 &lt;html&gt;
 &lt;head&gt;
-&lt;link type="rel" type="application/rdf+xml" href="profile.rdf"/&gt;
+&lt;link rel="alternate" type="application/rdf+xml" href="profile.rdf"/&gt;
 &lt;/head&gt;
 &lt;body&gt; ...  &lt;/body&gt;
 &lt;/html&gt;
@@ -696,40 +707,23 @@
 object notation or in relational databases. Parsers for it are also widely
 available.</p>
 
-<pre>
+<pre class="example" style="word-wrap: break-word; white-space: pre-wrap;">
 &lt;?xml version=&quot;1.0&quot;?&gt;
 &lt;rdf:RDF
  xmlns:rdf=&quot;http://www.w3.org/1999/02/22-rdf-syntax-ns#&quot;
  xmlns:cert=&quot;http://www.w3.org/ns/auth/cert#&quot;
- xmlns:rsa=&quot;http://www.w3.org/ns/auth/rsa#&quot;
  xmlns:xsd=&quot;http://www.w3.org/2001/XMLSchema#&quot;
  xmlns:foaf=&quot;http://xmlns.com/foaf/0.1/&quot;&gt;
-  &lt;foaf:Person rdf:about=&quot;https://joe.example/profile#me&quot;&gt;
-    &lt;foaf:name&gt;Joe&lt;/foaf:name&gt;
+  &lt;foaf:Person rdf:about=&quot;https://bob.example/profile#me&quot;&gt;
+    &lt;foaf:name&gt;Bob&lt;/foaf:name&gt;
     &lt;cert:key&gt;
-      &lt;rsa:RSAPublicKey&gt;
-        &lt;rsa:modulus rdf:datatype=&quot;http://www.w3.org/ns/auth/cert#hex&quot;&gt;
-          00-cb-24-ed-85-d6-4d-79-4b-69-c7-01-c1-86-ac
-          c0-59-50-1e-85-60-00-f6-61-c9-32-04-d8-38-0e
-          07-19-1c-5c-8b-36-8d-2a-c3-2a-42-8a-cb-97-03
-          98-66-43-68-dc-2a-86-73-20-22-0f-75-5e-99-ca
-          2e-ec-da-e6-2e-8d-15-fb-58-e1-b7-6a-e5-9c-b7
-          ac-e8-83-83-94-d5-9e-72-50-b4-49-17-6e-51-a4
-          94-95-1a-1c-36-6c-62-17-d8-76-8d-68-2d-de-78
-          dd-4d-55-e6-13-f8-83-9c-f2-75-d4-c8-40-37-43
-          e7-86-26-01-f3-c4-9a-63-66-e1-2b-b8-f4-98-26
-          2c-3c-77-de-19-bc-e4-0b-32-f8-9a-e6-2c-37-80
-          f5-b6-27-5b-e3-37-e2-b3-15-3a-e2-ba-72-a9-97
-          5a-e7-1a-b7-24-64-94-97-06-6b-66-0f-cf-77-4b
-          75-43-d9-80-95-2d-2e-85-86-20-0e-da-41-58-b0
-          14-e7-54-65-d9-1e-cf-93-ef-c7-ac-17-0c-11-fc
-          72-46-fc-6d-ed-79-c3-77-80-00-0a-c4-e0-79-f6
-          71-fd-4f-20-7a-d7-70-80-9e-0e-2d-7b-0e-f5-49
-          3b-ef-e7-35-44-d8-e1-be-3d-dd-b5-24-55-c6-13
-          91-a1
-        &lt;/rsa-modulus&gt;
-        &lt;rsa:public_exponent rdf:datatype=&quot;xsd:int&quot;&gt;65537&lt;/rsa:public_exponent&gt;
-      &lt;/rsa:RSAPublicKey&gt;
+      &lt;cert:RSAPublicKey&gt;
+        &lt;rdfs:label&gt;made on 23 November 2011 on my laptop&lt;rdfs:label&gt;
+        &lt;cert:modulus rdf:datatype=&quot;xsd:hexBinary&quot;&gt;
+cb24ed85d64d794b69c701c186acc059501e856000f661c93204d8380e07191c5c8b368d2ac32a428acb970398664368dc2a867320220f755e99ca2eecdae62e8d15fb58e1b76ae59cb7ace8838394d59e7250b449176e51a494951a1c366c6217d8768d682dde78dd4d55e613f8839cf275d4c8403743e7862601f3c49a6366e12bb8f498262c3c77de19bce40b32f89ae62c3780f5b6275be337e2b3153ae2ba72a9975ae71ab724649497066b660fcf774b7543d980952d2e8586200eda4158b014e75465d91ecf93efc7ac170c11fc7246fc6ded79c37780000ac4e079f671fd4f207ad770809e0e2d7b0ef5493befe73544d8e1be3dddb52455c61391a1&lt;/dd&gt;
+       &lt;/cert:modulus&gt;
+        &lt;cert:exponent rdf:datatype=&quot;xsd:int&quot;&gt;65537&lt;/cert:exponent&gt;
+      &lt;/cert:RSAPublicKey&gt;
     &lt;/cert:key&gt;
   &lt;/foaf:Person&gt;
 
@@ -751,84 +745,35 @@
 <section class='normative'>
 <h1>Authentication Sequence</h1>
 
-<img src="img/WebIDSequence-friendly.jpg">
-<p>The following steps are executed by <tref>Verification Agent</tref>s and
-<tref>Identification Agent</tref>s to determine the global identity of the
-requesting agent. Once this is known, the identity can be used to determine
-if access should be granted to the requested resource.
+<p>In order to give the full context of a <tref>Client</tref> interaction with a <tref>Server</tref> we will illustrate the protocol with the following sequence diagram. <tref>Bob</tref> initiates a connection to <tref>Alice</tref>'s server via a TLS enabled protocol such as https in order to access a Protected Resource or a Protected Service. The Protected Resource may be a document served over https, but it could also be a SOAP service, or some other resource. This resource is protected by a Guard, which uses a <tref>WebID Verifier</tref> to verify the non Certified WebIds found in the certificate. Once the verification succeeds the Guard checks to see if the Agent identified by the <tref>WebID</tref> is allowed access to the resource, by using trusted information from the Web and access control rules. 
 </p>
 
+<img width="90%" src="img/WebIDSequence-friendly.jpg">
+<p>The steps in detail are as follows:</p>
 <ol>
-<li>The <tref>Identification Agent</tref> (Bob's Browser) requests an action (GET, PUT, POST, DELETE, ... ) on a resource managed by the <tref>Verification Agent</tref> (Alice's Web Server) using HTTP over a TLS connection [[!HTTP-TLS]] . </li>
-
-<li>The <tref>Verification Agent</tref> decides if it needs to authenticate the user, by potentially taking into consideration the Method of the request, the resource and the capabilities of the browser as well as acces control permissions for that resource. Some servers may require all requests to be identified, others may only require some resources to be accessed by identified agents. If the server requires the <tref>Identification Agent</tref> to be identified, then it can ask for the agent's cleint certificate using the null DN [to be discussed: do we have a DN for WebID enabled TLS ] in a  TLS client-certificate Request message. </li> 
-</li>
-
-<li>The Client can select a certificate and send it to the server as specified in the TLS spec [exact location]</li>
-
-<li>The <tref>Verification Agent</tref> MUST extract the <tref>public key</tref>
-and all the URI entries contained in the <code>Subject Alternative Name</code>
-extension of the <tref>Identification Certificate</tref>.
-An <tref>Identification Certificate</tref> MAY contain multiple URI entries
-which are considered claimed <tref>WebID URI</tref>s.</li>
-
-<li>The <tref>Verification Agent</tref> MUST attempt to verify the
-<tref>public key</tref> information associated with at least one of the claimed
-<tref>WebID URI</tref>s. The <tref>Verification Agent</tref> MAY attempt to
-verify more than one claimed <tref>WebID URI</tref>.
-This verification process SHOULD occur either by dereferencing the
-<tref>WebID URI</tref> and
-extracting RDF data from the resulting document, or by utilizing a cached
-version of the RDF data contained in the document or other data source that is
-up-to-date and trusted by the <tref>Verification Agent</tref>. The processing
-and extraction mechanism is further detailed in the sections titled
-<a href="#processing-the-webid-profile">Processing the WebID Profile</a> and
-<a href="#extracting-webid-URI-details">Extracting WebID URI Details</a>.
+<li><tref>Bob</tref>'s <tref>Client</tref> MUST open a TLS [[!RFC5246]] connection with the server which authenticates itself using well known TLS mechanisms. This MAY be done as the first part of an HTTPS connection [[!HTTP-TLS]].</li>
+<li>Once the Transport Layer Security [TLS] has been set up, the application protocol exchange can start. If the protocol is HTTP then the client can request an HTTP GET, PUT, POST, DELETE, ... action on a resource as detailed by [[!HTTP11]]. The <tref>Guard</tref> can then intercept that request and by checking some access control rules determine if the client needs authentication. We will consider the case here where the client does need to be authenticated.</li>
+<li>The Guard MUST requests the client to authenticate itself using public key cryptography by signing a token with its private key and have the Client send its Certificate. This has been carefully defined in the TLS protocol and can be summarised by the following steps:
+<ol>
+<li>The guard requests of the TLS agent that it make a Certificate Request to the client. The TLS layer does this. Because the WebID protocol does not rely on Certificate Authorities to verify the contents of the <tref>Certificate</tref>, the TLS Agent can ask for any Certificate from the Client. More details in <a href="requesting-the-client-certificate">Requesting the Client Certificate</a></li>
+<li>The Client asks Bob to choose a certificate if the choice has not been automated. We will assume that Bob does choose a <tref>WebID Certificate</tref> and sends it to the client.</li>
+<li>The <tref>TLS Agent</tref> MUST verify that the client is indeed in posession of the private key. What is important here is that the TLS Agent need not know the Issuer of the Certificate, or need not have any trust relation with the Issuer. Indeed if the TLS Layer could verify the signature of the Issuer and trusted the statements it signed, then step 4 and 5 would not be needed - other than perhaps as a way to verify that the key was still valid.</li>
+<li>The <tref>WebID Certificate</tref> is then passed on to the <tref>Guard</tref> with the proviso that the WebIDs still needs to be verified.</li>
+</ol>
 </li>
-
-<li>If the <tref>public key</tref> in the
-<tref>Identification Certificate</tref> is found in the list of
-<tref>public key</tref>s associated with the claimed <tref>WebID URI</tref>, the
-<tref>Verification Agent</tref> MUST assume that the client intends to use
-this <tref>public key</tref> to verify their ownership of the
-<tref>WebID URI</tref>.
-On the other hand, if no matching <tref>public key</tref> is found in the list
-of <tref>public key</tref>s associated with the claimed <tref>WebID URI</tref>,
-the <tref>Verification Agent</tref> MUST attempt to verify another claimed
-<tref>WebID URI</tref>. The authentication MUST fail if no matching
-<tref>public key</tref> is found among all the claimed
-<tref>WebID URI</tref>s.</li>
-
-<li>The <tref>Verification Agent</tref> verifies that the
-<tref>Identification Agent</tref> owns the private key corresponding to the
-public key  sent in the <tref>Identification Certificate</tref>.
-This SHOULD be fulfilled by performing TLS mutual-authentication
-between the <tref>Verification Agent</tref> and the
-<tref>Identification Agent</tref>.
-If the <tref>Verification Agent</tref> does not have access to the TLS layer,
-a digital signature challenge MUST be provided by the
-<tref>Verification Agent</tref>. These processes are detailed in the sections
-titled <a href="#authorization">Authorization</a> and
-<a href="#secure-communication">Secure Communication</a>.</li>
-
-<li>If the <tref>public key</tref> in the
-<tref>Identification Certificate</tref> matches one in the set given by the
-profile document graph given above then the <tref>Verification Agent</tref>
-knows that the <tref>Identification Agent</tref> is indeed identified by the
-<tref>WebID URI</tref>. The verification is done by querying the
-Personal Profile graph as specified in
-<a href="#extracting-webid-uri-details">querying the RDF graph</a>.</li>
+<li>The <tref>Guard</tref> then MUST ask the <tref>Verfication Agent</tref> to verify that the WebIDs do identify the agent who knows the given public key.</li>
+<li>The WebID is verified by looking up the definition of the URL at its canonical location. This can be done by dereferencing it. The <tref>Verification Agent</tref> MUST extract the <tref>public key</tref> and all the URI entries contained in the <code>Subject Alternative Name</code> extension of the <tref>WebID Certificate</tref>.  A <tref>WebID Certificate</tref> MAY contain multiple URI entries
+which are considered claimed <tref>WebID</tref>s at this point, since they have not been verified. The <tref>Verification Agent</tref> may verify as many or as few WebIDs it has time for. It may do it in parallel and asynchronously. However that is done, a claimed WebIDs can only be considered verified if the following steps have been accomplished successfully:</li>
+<ol>
+<li>If the <tref>WebID Verifier</tref> does not have an up to date version of the WebID profile in the cache, then it MUST dereference the WebID using the canonical method for dereferencing a URL of that scheme. For an https://... WebID this would be done using the [[!HTTP-TLS]] protocol. </li>
+<li>The returned representation is then transformed into an RDF graph as specified in <a href="#processing-the-webid-profile">Processing the WebID Profile</a> </li>
+<li>That graph is then queried as explained in <a href="#querying-the-graph">Querying the Graph</a>. If the query succeeds, then that WebID is verified.
+</li>
 </ol>
-
-<p>
-The <tref>Identification Agent</tref> MAY re-establish a different identity at
-any time by executing all of the steps in the Authentication Sequence again.
-Additional algorithms, detailed in the next section, MAY be performed to
-determine if the <tref>Verification Agent</tref> can access a particular
-resource after the last step of the Authentication Sequence has been
-completed.
-</p>
-
+<li>With the set of verified WebIds the Guard can then check its access control rules using information from the web and other information available to it, to verify if the referent of the WebID is indeed allowed access to the protected resource. The exact nature of those Access Control Rules is left for another specification. Suffice it to say that it can be something as simple as a lookup in a table.</li>
+<li>If access is granted, then the guard can pass on the request to the protected resource, which can then interact unimpeded with the client.</li>
+</ol>
+<ol>
 </section>
 
 <section class='normative'>
@@ -840,128 +785,105 @@
 <section class='normative'>
 <h2>Initiating a TLS Connection</h2>
 
-<p class="issue">This section will detail how the TLS connection process is
-started and used by WebID to create a secure channel between the
-Identification Agent and the Verification Agent.</p>
-</section>
+<p>Standard SSLv3 and TLSv1 and upwards can be used to establish the connection between
+the Client and the TLS Agent listening on the Service's port. </p>
+<p class="note">Many servers allow a simple form of TLS client side authentication to be setup when configuring a <tref>TLS Agent</tref>: they permit the agent to be authenticated in WANT or NEED mode.
+If the client sends a certificate, then neither of these have an impact on the <tref>WebID Verification</tref> steps (4) and (5).
+Nevertheless, from a user interaction perspective both of these are problematic as they either force (NEED) or ask the user to authenticate himself even if the resource he wishes to interact with is public and requires no authentication. 
+People don't usually feel comfortable authenticating to a web site on the basis of a certificate alone. 
+They prefer human readable text, and detailed error messages which the HTTP layer deliver.
 
-<section class='normative'>
-<h2>Exchanging the Identification Certificate</h2>
-
-<p class="issue">This section will detail how the certificate is selected and
-sent to the Verification Agent.</p>
+It is better to move the authentication to the application layer <tref>Guard</tref> as it has a lot more information about the application state. 
+Please see the <a href="http://www.w3.org/2005/Incubator/webid/wiki/">WebID Wiki</a> for implementation pointers in different programming languages and platforms to learn about how this can be done and to share your experience.</p>
 </section>
 
 <section class='normative'>
+<h2>Connecting at the Application Layer</h2>
+
+<p>Once the TLS connection has been setup, the application layer protocol interaction can start.
+This could be an HTTP GET request on the protected resource for example.
+<p>If the protocol permits it, the Client can let the Application layer, and especially the <tref>Guard</tref> know that the client can authenticate with a WebID Certificate, and even if it wishes to do so. This may be useful both to allow the Server to know that it can request the client certificate, and also in order to make life easier for Robots that may find it a lot more convenient to be authenticated at the TLS layer.
+</p>
+<p class="issue">Bergi proposed a header for HTTP which could do this. Please summarise it. </p>
+</section>
+
+
+<section class='normative'>
+<h2>Requesting the Client Certificate</h2>
+
+<p>TLS allows the server to request a Certificate from the Client using the <code>CertificateRequest</code> message [section 7.4.4] of TLS v1.1 [[!RFC5246]].  Since WebID TLS authentication does not rely on CA's signing the certificate to verify the WebID Claims made therein, the Server does not need to restrict the certificate it receives by the CA's they were signed by. It can therefore leave the  <code>certificate_authorities</code> field blank in the request. </p>
+<p class="note">From our experience leaving the certificate_authorities field empty leads to the correct behavior on all browsers and all TLS versions.</p>
+<p class="note">A security issue with TLS renegotiation was discovered in 2009, and an IETF fix was proposed in [[!RFC5746]] which is widely implemented.</p>
+<p>If the Client does not send a certificate, because either it does not have one or it does not wish to send one, other authentication procedures can be pursued at the application layer with protocols such as OpenID, OAuth, BrowserID, etc... </p>
+<p>As far as possible it is important for the server to request the client certificate in <code>WANT</code> mode, not in <code>NEED</code> mode. 
+If the request is made in <code>NEED</code> mode then connections will be broken off if the client does not send a certificate. 
+This will break the connection at the application protocol layer, and so will lead to a very bad user experience.  The server should therfore avoid doing this unless it can be confident that the client has a certificate - which it may be because the client advertised that in some other way to the server. 
+</p>
+<p class="issue">Is there some normative spec about what NEED and WANT refer to?</p>
+
+</section>
+<section class='normative'>
+<h2>Verifiying the WebIDs</h2>
+<p>The <tref>Verification Agent</tref> is given a list of WebIDs associated with a public key. It needs to verify that the agent identified by that WebID is indeed the agent that controls the private key of the given public key. It does this by looking up the definition of the WebID. A WebID is a URI, and it's meaning can be had by dereferencing it using the protocol indicated in its scheme. </p>
+<p>If we first consider WebIDs with fragment identifiers, we can explain the logic of this as follows. As is explained in the  RFC defining URIs [[!RFC3986]]
+<blockquote>
+The fragment identifier component of a URI allows indirect identification of a secondary resource by reference to a primary resource and additional identifying information.  
+The identified secondary resource may be some portion or subset of the primary resource, some view on representations of the primary resource, or some other resource defined or described by those representations. 
+[...]
+The semantics of a fragment identifier are defined by the set of representations that might result from a retrieval action on the primary resource.
+</blockquote>
+<p>In order therefore to know the meaning of WebID containing a fragment identifier, one needs to dereference the resource referred to without the fragment identifier. 
+This resource will describe the referent of the WebID in some way. 
+If it says that the referent of the WebID is the agent that controls the private key of the given public key, then this is a  definite description that can be considered to be a definition of the WebID: it gives its meaning.
+</p>
+<p>The trust that can be had in that statement is therefore the trust that one can have in one's having received the correct representation of the document that defined that WebID. 
+An https WebID will therefore be a lot more trustworthy than an https WebID by a factor of the likelyhood of man in the middle attacks.</p>
+<p>Once that is proven then the trust one can have in the agent at the end of the TLS connection being the referent of the WebID is related to the trust one has in the cryptography, and the likelyhood that the private key could have been stolen.</p>
+<p class="issue">Add explanation for URI with redirect.</p>
+<section class='normative'>
 <h2>Processing the WebID Profile</h2>
 
-<p>A <tref>Verification Agent</tref> MUST be able to process documents in
-RDF/XML [[!RDF-SYNTAX-GRAMMAR]] and XHTML+RDFa [[!XHTML-RDFA]].
-A server responding to a <tref>WebID Profile</tref> request SHOULD be able
-to deliver at least RDF/XML or RDFa.
-The <tref>Verification Agent</tref> MUST set the Accept-Header to request
-<code>application/rdf+xml</code> with a higher priority than
-<code>text/html</code> and <code>application/xhtml+xml</code>. If the server
-answers such a request with an HTML representation of the resource, this SHOULD
-describe the WebID Profile with RDFa.
+<p>So the Verification Agent needs to fetch the document, if it does not have a valid one in cache.   <tref>Verification Agent</tref> MUST be able to process documents in RDF/XML [[!RDF-SYNTAX-GRAMMAR]] and RDFa in XHTML [[!XHTML-RDFA]]. The result of this processing should be a graph of RDF relations that is queryable, as explained in the next section.</p>
+<p class="note">
+It is suggested that the <tref>Verification Agent</tref> should set the Accept-Header to request <code>application/rdf+xml</code> with a higher priority than <code>text/html</code> and <code>application/xhtml+xml</code>.  The reason is that it is quite likely that many sites will produce non marked up html and leave the graph to the pure rdf formats.
 </p>
-
-<p class="issue">This section will explain how a Verification Agent extracts
-semantic data describing the identification credentials from a WebID Profile.</p>
 </section>
 
 <section class='normative'>
 <h2>Verifying the WebID is identified by that public key</h2>
 
 <p>
-There are number of different ways to check that the public key given in the
-X.509 certificate against the one provided by the <tref>WebID Profile</tref> or
-another trusted source, the essence is checking that the graph of relations in
-the Profile contains a pattern of relations.
+There are number of different ways to check that the public key given in the X.509 certificate against the one provided by the <tref>WebID Profile</tref>, but the simplest way to explain it is to say that they all have to be equivalent to the following SPARQL queries.
 </p>
-<p>Assuming the public key is an RSA key, and that its modulus is
-"9D79BFE2498..." and exponent "65537" then the following SPARQL query could
-be used:
+<p>Assuming the public key is an RSA key, and that its modulus is "9D79BFE2498..." and exponent "65537" then the following query should be used:
 </p>
-<pre class='example'>
-PREFIX cert: &lt;http://www.w3.org/ns/auth/cert#&gt;
-PREFIX rsa: &lt;http://www.w3.org/ns/auth/rsa#&gt;
+<pre class='example' style="word-wrap: break-word; white-space: pre-wrap;">
+PREFIX : &lt;http://www.w3.org/ns/auth/cert#&gt;
 ASK {
-   &lt;http://example.org/webid#public&gt; cert:key [
-      rsa:modulus  "9D79BFE2498..."^^cert:hex;
-      rsa:public_exponent "65537"^^cert:int;
+   &lt;https://bob.example/webid#public&gt; :key [
+      :modulus "cb24ed85d64d794b69c701c186acc059501e856000f661c93204d8380e07191c5c8b368d2ac32a428acb970398664368dc2a867320220f755e99ca2eecdae62e8d15fb58e1b76ae59cb7ace8838394d59e7250b449176e51a494951a1c366c6217d8768d682dde78dd4d55e613f8839cf275d4c8403743e7862601f3c49a6366e12bb8f498262c3c77de19bce40b32f89ae62c3780f5b6275be337e2b3153ae2ba72a9975ae71ab724649497066b660fcf774b7543d980952d2e8586200eda4158b014e75465d91ecf93efc7ac170c11fc7246fc6ded79c37780000ac4e079f671fd4f207ad770809e0e2d7b0ef5493befe73544d8e1be3dddb52455c61391a1"^^xsd:hexBinary;
+      :exponent 65537;
    ] .
 }
 </pre>
-<p>If the query returns true, then the graph has validated the associated
-public key with the WebID.</p>
-<p>The above requires the sparql endpoint (or the underlying triple store
-to be able to do inferencing on dataytypes. This is because the numerical
-values may be expressed with different xsd and cert datatypes which must all
-be supported by <tref>VerificationAgent</tref>s. The cert datatypes allow
-the numerical expression to be spread over a number of lines, or contain
-arbitrary characters such as "9D ☮ 79 ☮ BF ☮ E2 ☮ F4 ☮ 98 ☮..." . The datatype
-itself need not necessarily be expressed in cert:hex, but could use a number of
-xsd integer datatype notations, cert:int or future base64 notations.
-</p>
-<p class="issue">Should we define the base64 notation?</p>
-<p>If the SPARQL endpoint doesn't provide a literal inferencing engine, then
-the modulus should be extracted from the graph, normalised into a big integer
-(integers without an upper bound), and compared with the values given in the
-public key certificate. After replacing the <code>?webid</code> variable in the
-following query with the required value the <tref>Verifying Agent</tref> can
-query the Profile Graph with</p>
-<pre class='example'>
-PREFIX cert: &lt;http://www.w3.org/ns/auth/cert#&gt;
-PREFIX rsa: &lt;http://www.w3.org/ns/auth/rsa#&gt;
-SELECT ?m ?e
-WHERE {
-   ?webid cert:key [
-        rsa:modulus ?m ;
-        rsa:public_exponent ?e ;
-   ] .
-}
-</pre>
-<p>Here the verification agent must check that one of the answers for ?m and ?e
-matches the integer values of the modulus and exponent given in the public key
-in the certificate.</p>
 <p class="issue"> The public key could be a DSA key. We need to add an ontology
-for DSA too. What other cryptographic ontologies should we add?</p>
+for DSA too.</p>
 
 </section>
-
+</section>
 <section class='normative'>
 <h2>Authorization</h2>
 
-<p class="issue">This section will explain how a Verification Agent may
-use the information discovered via a WebID URI to determine if one should
-be able to access a particular resource. It will explain how a Verification
-Agent can use links to other RDFa documents to build knowledge about the
-given WebID.</p>
-
-</section>
-
-<section class='normative'>
-<h2>Secure Communication</h2>
-
-<p class="issue">This section will explain how an Identification Agent and
-a Verification Agent may communicate securely using a set of verified
-identification credentials.</p>
-
-<p>
-If the <tref>Verification Agent</tref> has verified that the
-<tref>WebID Profile</tref> is owned by the <tref>Identification Agent</tref>,
-the <tref>Verification Agent</tref> SHOULD use the verified
-<tref>public key</tref> contained in the <tref>Identification Certificate</tref>
-for all TLS-based communication with the <tref>Identification Agent</tref>.
-This ensures that both the <tref>Verification Agent</tref> and the
-<tref>Identification Agent</tref>
-are communicating in a secure manner, ensuring cryptographically protected
-privacy for both sides.
+<p>The Authorization step may  be as simple as just allowing everybody read access. The authentication phase may then just have been useful in order to gain some extra information from the <tref>WebID Profile</tref> in order to personalise a site.</p>
+<p>Once the <tref>Guard</tref> has a WebID he can do a lookup in a database to see if the agent is allowed the required access to the given resource. 
+Up to this point we are not much more advanced that with a user name and password, except that the user did not have to create an account on Alice's server to identify himself and that the server has some claimed attributes to personalise the site for the requestor.
+But the interesting thing about such a WebID is that because it is a global linkable URI, one can  build webs of trust that can be crawled the same way the web can be crawled: by following links from one document to another. 
+It is therfore possible to have very flexible access control rules where parts of the space of the user's machine is given access to friend and those friends friends (FOAF), stated by them at their domains.
+It is even be possible to allow remote agents to define their own access control rules for parts of the machine's namespace.
+There are too many possibilities to list them all here.
 </p>
 
 </section>
-
 </section>
 
 <section class='normative'>
@@ -974,18 +896,6 @@
 by <tref>Verification Agent</tref>s and other entities that consume a
 <tref>WebID Profile</tref>.</p>
 
-<p>The following vocabularies are used in their shortened form in the
-subsequent sections:</p>
-
-<dl>
-  <dt>foaf</dt>
-  <dd>http://xmlns.com/foaf/0.1/</dd>
-  <dt>cert</dt>
-  <dd>http://www.w3.org/ns/auth/cert#</dd>
-  <dt>rsa</dt>
-  <dd>http://www.w3.org/ns/auth/rsa#</dd>
-</dl>
-
 <section class='normative'>
 <h2>Personal Information</h2>
 
@@ -1015,9 +925,9 @@
 <tref>WebID Profile</tref> documents:</p>
 
 <dl>
-  <dt>rsa:RSAPublicKey</dt>
+  <dt>cert:RSAPublicKey</dt>
   <dd>Expresses an RSA public key. The RSAPublicKey MUST specify the
-  rsa:modulus and rsa:public_exponent properties.</dd>
+  cert:modulus and cert:exponent properties.</dd>
   <dt>cert:key</dt>
   <dd>Used to associate a WebID URI with an RSAPublicKey. A WebID Profile
   MUST contain at least one RSAPublicKey that is associated with the