--- a/spec/index-respec.html Tue Dec 06 19:09:57 2011 +0100
+++ b/spec/index-respec.html Tue Dec 06 19:36:27 2011 +0100
@@ -343,9 +343,16 @@
<p>
The WebID protocol enables secure, efficient and maximally user friendly authentication on the Web.
-It enables People using a Web Brower to authenticate onto any site by simply clicking on one of the certificates proposed to them by their browser. These certificates can be created by any Web Site for their users in one click.
-The identity, known as the <tref>WebID</tref> is a URL pointing into a <tref>Profile Page</tref>, which any Social Network user is currently familiar with. These pointers into the Web then allow Web of trust based authorizations, where services can allow access to resource depending on the protperties known of an agent, such that the he is known by some relevant people.</p>
-<p>WebID authentication can also be used for automatic authentication by robots, such as web crawlers of linked data repositories, which could be agents working on behalf of users to help them in their daily tasks. WebID is not limited to Web Authentication, but can work with any TLS based protocol.</p>
+It enables people to authenticate onto any site by simply clicking on one of the certificates proposed to them by their browser.
+These certificates can be created by any Web Site for their users in one click.
+The identity, known as the <tref>WebID</tref> is a URL pointing into a <tref>Profile Page</tref>, which any Social Network user is currently familiar with.</p>
+<p>
+These WebIDs then permit Web of trusts to be formed using vocabularies such as <a href="http://xmlns.com/foaf/0.1/">foaf</a> by allowing people to link together their profiles in a public or protected manner.
+Such a web of trust can then be used by a <tref>Service</tref> to make authorization decisions, by allowing access to resource depending on the properties of an agent, such that the he is known by some relevant people, works at a given company, is a family member, is part of some group, ...</p>
+<p>
+The WebId protcol specifies how a <tref>Service</tref> can authenticate a user after requesting his <tref>Certificate</tref> without needing to rely on this being signed by a well known Certificate Authority. This is done by dereferencing the <tref>WebID Profile</tref>, and checking if it describes the user as being in control of the the private key related to the <tref>Public Key</tref> published in the <tref>Certificate</tref> she used to authenticate.
+</p>
+<p>WebID authentication can also be used for automatic authentication by robots, such as web crawlers of linked data repositories, which could be agents working on behalf of users to help them in their daily tasks. WebID is not limited to authentication on the World Wide Web, but can work with any TLS based protocol.</p>
<section>
<h1>Outline</h1>
<p>This specification is divided in the following sections.</p>