move spec related files into dedicated directory
authorscor <scorlosquet@gmail.com>
Wed, 02 Feb 2011 17:27:40 -0500
changeset 116 9564023406d3
parent 115 ad72200c7344
child 117 ec623a17cbc5
move spec related files into dedicated directory
README
drafts/ED-webid-20100711/index.html
drafts/ED-webid-20100718/diff-20100711.html
drafts/ED-webid-20100718/index.html
drafts/ED-webid-20100725/diff-20100718.html
drafts/ED-webid-20100725/index.html
drafts/ED-webid-20100809/diff-20100725.html
drafts/ED-webid-20100809/img/WebIdGraph.jpg
drafts/ED-webid-20100809/index.html
img/WebIdGraph.graffle
img/WebIdGraph.jpg
index-respec.html
spec/README
spec/drafts/ED-webid-20100711/index.html
spec/drafts/ED-webid-20100718/diff-20100711.html
spec/drafts/ED-webid-20100718/index.html
spec/drafts/ED-webid-20100725/diff-20100718.html
spec/drafts/ED-webid-20100725/index.html
spec/drafts/ED-webid-20100809/diff-20100725.html
spec/drafts/ED-webid-20100809/img/WebIdGraph.jpg
spec/drafts/ED-webid-20100809/index.html
spec/img/WebIdGraph.graffle
spec/img/WebIdGraph.jpg
spec/index-respec.html
spec/webid-related.respec.html
webid-related.respec.html
--- a/README	Tue Jan 25 09:51:23 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,59 +0,0 @@
-Abstract
---------
-WebID 1.0
-Web Identification and Discovery
-
-Identification and privacy have been at the center of how we interact
-with sites on the Web. The explosion of Websites over the last decade
-and a half has created a point of pain for anyone that uses the Web on a
-regular basis. Remembering login details, passwords, and sharing private
-information across the many websites that people use on a daily basis
-has become more difficult and complicated than necessary. This
-specification outlines a simple universal identification mechanism that
-is distributed, openly extensible, improves privacy, security and
-control over how one can identify themselves and control access to their
-information on the Web.
-
-Source
-------
-
-You can read, branch and modify the source code for this specification via
-github:
-
-https://github.com/webid-community/webid-spec
-
-Feedback
---------
-
-Don't e-mail patches to the editors, don't send tweets, IMs, or e-mails.
-Log bugs if you want to request changes to the spec, it is the only way
-you can make sure that your input will be tracked and considered by
-the group:
-
-https://github.com/webid-community/webid-spec/issues
-
-When logging an issue, be very specific about the problem and the
-exact change and wording that you would like to suggest. The easier
-you make changing the spec, the more likely that your change will be
-placed into the specification.
-
-Contributing
-------------
-
-To directly contribute to the specification:
-
-1. You MUST modify the 'index-respec.html' file via github - it is the
-   primary source document.
-2. You MUST agree to transferring the specification text to a governing
-   specification body such as the IETF or W3C when the time comes to
-   transition the documents to an official specification.
-3. You MUST NOT add in any text that you know to be in violation of a trade
-   secret, patent or other form of intellectual property.
-4. Understand that this will be a patent and royalty-free specification and
-   no payment will be made to any of the editors, authors or contributors. That
-   said, millions of people will be thankful for your contribution in ensuring
-   that the web continutes to be accessible in a patent and royalty-free way.
-5. You will want to become familiar with ReSpec before you edit the
-   'index-respec.html' file. Documentation for respec is available here:
-   http://dev.w3.org/2009/dap/ReSpec.js/documentation.html
-
--- a/drafts/ED-webid-20100711/index.html	Tue Jan 25 09:51:23 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,492 +0,0 @@
-<?xml version='1.0' encoding='UTF-8'?>
-<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML+RDFa 1.0//EN' 'http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd'>
-<html dir="ltr" about="" property="dcterms:language" content="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:dcterms='http://purl.org/dc/terms/' xmlns:bibo='http://purl.org/ontology/bibo/' xmlns:foaf='http://xmlns.com/foaf/0.1/' xmlns:xsd='http://www.w3.org/2001/XMLSchema#'>
-<head>
-    <title>WebID 1.0</title>
-    <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
-    
-<!--  
-      === NOTA BENE ===
-      For the three scripts below, if your spec resides on dev.w3 you can check them
-      out in the same tree and use relative links so that they'll work offline,
-      -->
-
-<style type="text/css">
-code           { font-family: monospace; }
-
-span.hilite { color: red; /* font-weight: bold */ }
-
-li p           { margin-top: 0.3em;
-                 margin-bottom: 0.3em; }
-
-div.explanation { background-color: #ADD8E6;
-                   width: 80%;
-                   margin: 12px; padding: 8px; }
-div.explanation li { margin-top: 8px; }
-div.explanation dd { margin: 4px; }
-
-.adef { 
-	font-family: monospace; 
-	font-weight: bold; 
-    color: #ff4500 !important;
-}
-
-.aref { 
-	font-family: monospace; 
-	font-weight: bold; 
-    color: #ff4500 !important;
-}
-
-span.entity { color: red; }
-
-span.element { color: green; }
-</style>
-
-     
-
-<!--     <script src='/ReSpec.js/js/respec.js' class='remove'></script>  -->
-
-    
-  <link href="http://dev.w3.org/2009/dap/ReSpec.js/css/respec.css" rel="stylesheet" type="text/css" charset="utf-8" /><link href="http://www.w3.org/StyleSheets/TR/w3c-unofficial" rel="stylesheet" type="text/css" charset="utf-8" /></head><body style="display: inherit; "><div class="head"><p></p><h1 rel="dcterms:title" class="title" id="title">WebID 1.0</h1><h2 rel="bibo:subtitle" id="subtitle">Web Identification and Discovery</h2><h2 property="dcterms:issued" datatype="xsd:dateTime" content="2010-07-12T01:01:38+0000" id="unofficial-draft-11-july-2010">Unofficial Draft 11 July 2010</h2><dl><dt>Editor:</dt><dd rel="bibo:editor"><span typeof="foaf:Person"><span property="foaf:name">Manu Sporny</span>, <a rel="foaf:workplaceHomepage" href="http://blog.digitalbazaar.com/">Digital Bazaar, Inc.</a> <a rel="foaf:mbox" href="mailto:[email protected]">[email protected]</a> </span>
-</dd>
-<dt>Authors:</dt><dd><span><span>Toby Inkster</span></span>
-</dd>
-<dd><span><a content="Henry Story" href="http://bblfish.net/">Henry Story</a></span>
-</dd>
-</dl><p class="copyright">This document is licensed under a <a class="subfoot" href="http://creativecommons.org/licenses/by/3.0/" rel="license">Creative Commons Attribution 3.0 License</a>.</p><hr></hr></div>
-    <div id="abstract" class="introductory section" property="dcterms:abstract" datatype="" typeof="bibo:Chapter" about="#abstract"><h2>Abstract</h2>
-
-<p>Identification and privacy have been at the center of how we
-interact with sites on the Web. The explosion of Websites over the last decade
-and a half has created a point of pain for anyone that uses the Web on a
-regular basis. Remembering login details, passwords,
-and sharing private information across the many websites that people use on a
-daily basis has become more difficult and complicated than necessary. This 
-specification outlines a simple universal identification mechanism that is
-distributed, openly extensible, improves privacy, security and control over how 
-one can identify themselves and control access to their information on the Web.
-</p>
-  
-<div typeof="bibo:Chapter" about="#how-to-read-this-document" class="section">
-<h3 id="how-to-read-this-document">How to Read this Document</h3>
-  
-<p>There are a number of concepts that are covered in this document that the
-reader may want to be aware of before continuing. General knowledge of
-<a href="http://en.wikipedia.org/wiki/Public_key_cryptography">public key cryptography</a> 
-is necessary to understand how to implement this specification. 
-WebID also uses HTTP over TLS [<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">HTTP-TLS</a>], X.509 certificates
-[<a class="bibref" rel="biblioentry" href="#bib-X509V3">X509V3</a>], and RDFa [<a class="bibref" rel="biblioentry" href="#bib-RDFA-CORE">RDFA-CORE</a>].</p>
-
-<p>A general <a href="#introduction">Introduction</a> is provided for all that
-would like to understand why this specification is necessary to simplify usage
-of the Web.</p>
-
-<p>The terms used throughout this specification are listed in the section
-titled <a href="#terminology">Terminology</a>.</p>
-
-<p>Developers that are interested in implementing this specification will be
-most interested in the sections titled 
-<a href="#authentication-sequence">Authentication Sequence</a> and 
-<a href="#authentication-sequence-details">Authentication Sequence Details</a>.
-  
-</p></div>
-</div><div id="sotd" class="introductory section" typeof="bibo:Chapter" about="#sotd"><h2>Status of This Document</h2><p>This document is merely a public working draft of a potential specification. It has no official standing of any kind and does not represent the support or consensus of any standards organisation.</p>
-
-<!--  <p>This document has been reviewed by W3C Members, by software
-developers, and by other W3C groups and interested parties, and is
-endorsed by the Director as a W3C Recommendation. It is a stable
-document and may be used as reference material or cited from another
-document. W3C's role in making the Recommendation is to draw attention
-to the specification and to promote its widespread deployment. This
-enhances the functionality and interoperability of the Web.</p>  -->
-
-
-The source code for this document is available via Github at the following
-URL: <a href="http://github.com/msporny/webid-spec">http://github.com/msporny/webid-spec</a>
-
-</div><div id="toc" typeof="bibo:Chapter" about="#toc" class="section"><h2 class="introductory">Table of Contents</h2><ul class="toc"><li class="tocline"><a href="#introduction" class="tocxref"><span class="secno">1. </span>Introduction</a><ul class="toc"><li class="tocline"><a href="#motivation" class="tocxref"><span class="secno">1.1 </span>Motivation</a></li><li class="tocline"><a href="#relation-to-openid" class="tocxref"><span class="secno">1.2 </span>Relation to OpenID</a></li><li class="tocline"><a href="#relation-to-oauth" class="tocxref"><span class="secno">1.3 </span>Relation to OAuth</a></li></ul></li><li class="tocline"><a href="#the-webid-protocol" class="tocxref"><span class="secno">2. </span>The WebID Protocol</a><ul class="toc"><li class="tocline"><a href="#terminology" class="tocxref"><span class="secno">2.1 </span>Terminology</a></li><li class="tocline"><a href="#authentication-sequence" class="tocxref"><span class="secno">2.2 </span>Authentication Sequence</a></li><li class="tocline"><a href="#authentication-sequence-details" class="tocxref"><span class="secno">2.3 </span>Authentication Sequence Details</a><ul class="toc"><li class="tocline"><a href="#initiating-a-tls-connection" class="tocxref"><span class="secno">2.3.1 </span>Initiating a TLS Connection</a></li><li class="tocline"><a href="#exchanging-the-identification-certificate" class="tocxref"><span class="secno">2.3.2 </span>Exchanging the Identification Certificate</a></li><li class="tocline"><a href="#processing-the-webid-profile" class="tocxref"><span class="secno">2.3.3 </span>Processing the WebID Profile</a></li><li class="tocline"><a href="#extracting-identification-url-details" class="tocxref"><span class="secno">2.3.4 </span>Extracting Identification URL Details</a></li><li class="tocline"><a href="#determining-access-privileges" class="tocxref"><span class="secno">2.3.5 </span>Determining Access Privileges</a></li></ul></li></ul></li><li class="tocline"><a href="#references" class="tocxref"><span class="secno">A. </span>References</a><ul class="toc"><li class="tocline"><a href="#normative-references" class="tocxref"><span class="secno">A.1 </span>Normative references</a></li><li class="tocline"><a href="#informative-references" class="tocxref"><span class="secno">A.2 </span>Informative references</a></li></ul></li></ul></div>
-
-
-
-<div class="informative section" id="introduction" typeof="bibo:Chapter" about="#introduction">
-
-<!-- OddPage -->
-<h2><span class="secno">1. </span>Introduction</h2><p><em>This section is non-normative.</em></p>
-
-<p>
-The WebID specification is designed to help alleviate the difficultly that
-remembering different logins, passwords and settings for websites has created. 
-It is also designed to provide a universal and extensible mechanism to express 
-public and private information about yourself. This section outlines the 
-motivation behind the specification and the relationship to other similar 
-specifications that are in active use today.
-</p>
-
-<div class="informative section" id="motivation" typeof="bibo:Chapter" about="#motivation">
-<h3><span class="secno">1.1 </span>Motivation</h3><p><em>This section is non-normative.</em></p>
-
-<p>
-It is a fundamental design criteria of the Web to enable individuals and
-organizations to control how they interact with the rest of society. This
-includes how one expresses their identity, public information and personal 
-details to social networks, Web sites and services.
-</p>
-
-<p>
-Semantic Web vocabularies such as Friend-of-a-Friend (FOAF) permit distributed 
-hyperlinked social networks to exist. This vocabulary, along with other 
-vocabularies, allow one to add information and services protection to 
-distributed social networks.
-</p>
-
-<p>
-One major criticism of open networks is that they seem to have no way of
-protecting the personal information distributed on the web or limiting
-access to resources. Few people are willing to make all their personal
-information public, many would like large pieces to be protected, making
-it available only to a select group of agents. Giving access to
-information is very similar to giving access to services. There are many
-occasions when people would like services to only be accessible to
-members of a group, such as allowing only friends, family members,
-colleagues to post an article, photo or comment on a blog. How does one do
-this in a flexible way, without requiring a central point of
-access control?
-</p>
-
-<p>
-Using an process made popular by OpenID, we show how one can tie a User
-Agent to a URL by proving that one has write access to the URL. WebID is
-a simpler alternative to OpenID (fewer connections), that uses X.509 
-certificates to tie a User Agent (Browser) to a Person identified via a URL. 
-WebID also provides a few additional features to OpenID. These
-features include trust management, via digital signatures, and free-form 
-extensibility via RDFa. By using the existing SSL certificate exchange
-mechanism, WebID integrates more smoothly with existing Web browsers, including
-browsers on mobile devices. WebID also permits automated session login
-in addition to interactive session login. Additionally, all data is encrypted
-and guaranteed to only be received by the person or organization that was 
-intended to receive it.
-</p>
-
-</div>
-
-<div class="informative section" id="relation-to-openid" typeof="bibo:Chapter" about="#relation-to-openid">
-<h3><span class="secno">1.2 </span>Relation to OpenID</h3><p><em>This section is non-normative.</em></p>
-
-<p>While some may say that OpenID and WebID conflict, WebID is 100% compatible
-with OpenID since both use a URL for identification. Therefore, WebID does not
-intend to replace OpenID, but can work beside OpenID just as easily as providing
-a complete solution. That said, there are a number of benefits that WebID
-achieves over OpenID:
-</p>
-
-<p>WebID gives people and other agents a Web ID URL for identification, just
-like OpenId does. However, in the case of WebID, the user does not need to
-remember the URL, the browser or User Agent does. A login button on a
-WebID web site is just a button. No need to enter any identifier like one
-has to for OpenID. Just click the button. Your browser will then ask you what 
-identity you wish to use. The person that is browsing does not need to 
-remember either the WebID URL or the website password. The only password one
-needs to remember is the one that is used to access their collection of
-WebIDs in their browser.</p>
-
-<p>The WebID protocol requires just one direct network connection to establish
-identity via the client. The server requires one connection to the client and
-one connection to retrieve the WebID Profile if it does not have the credential
-information cached. Compare this to the much more complex OpenID sequence, which
-requires six connections by the client to establish a login. In a world of 
-distributed data where each site can point to data on any other site, multiple 
-connections become costly to manage.</p>
-
-<p>WebID builds on well established Internet and Web standards;
-<a href="http://en.wikipedia.org/wiki/REST">REST</a>, 
-RDF [<a class="bibref" rel="biblioentry" href="#bib-RDF-PRIMER">RDF-PRIMER</a>], RDFa [<a class="bibref" rel="biblioentry" href="#bib-RDFA-CORE">RDFA-CORE</a>], TLS [<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">HTTP-TLS</a>], and X.509 
-[<a class="bibref" rel="biblioentry" href="#bib-X509V3">X509V3</a>]. By building on previous standards, it makes both explaining and 
-implementing WebID easier on developers.</p>
-
-<p>Since WebID is RESTful, you can perform basic HTTP operations to 
-<code>GET</code> your WebID, and if you needed update it, you can use
-HTTP <code>PUT</code> semantics. You can also create a WebID via 
-<code>POST</code>. This is improved from the OpenID specification, which
-requires a new set of operations described in the OpenID Attribute Exchange
-specification.</p>
-
-<p>It is easy to extend a WebID with new attributes via RDF. The power of
-RDF and RDFa allows developers to add extensions to WebID by defining new
-vocabularies that they publish. There is no authorization process necessary
-and thus WebID allows for distributed innovation. Every WebID property is
-a URI, which when clicked, can give you yet more information about what the
-property means. A developer can create new usage classes by extending their
-vocabulary at will. A developer can add relationships to a WebID by simply
-adding more HTML to the developer's page. OpenID does not provide any type of
-distributed innovation akin to RDF or RDFa.</p>
-
-<p>WebID is built on RDF and thus enables all of the advanced semantic web
-concepts that RDF enables. For example, a developer may perform machine
-reasoning with a WebID. One can construct machine-executable statements like
-"If this WebID claims to be a friend of one of our partner WebIDs that is
-trusted and the relationship is bi-directional, trust the WebID." 
-While OpenID attempts to support this use case by mapping OpenID to RDF, it's
-far easier to do with WebID because WebID is natively RDF-aware.</p>
-
-<p>Implementing WebID is easier than OpenID because all of the basic 
-technologies have been working and integrated into Web browsers for many years. 
-There were already three interoperable implementations of WebID before this 
-specification was written.</p>
-
-<p>WebID is truly decentralized - with WebID you get a web of trust. 
-OpenID only supports the Web of Trust model if you indirectly trust the
-OpenID provider. In other words - OpenID is not truly decentralized. In OpenID
-you must trust OpenID providers. With WebID you only have to trust the people
-and the organizations with which you are communicating. In other words, you
-don't have to ask anyone whether or not you can trust your friends. You can
-query people that you trust directly to see if someone is trustworthy or not.
-There is no need for a central WebID authority.
-</p>
-
-<p>WebID is fully distributed, anyone can setup a WebID by placing a single
-file on a web server of their choosing. There is no need for a special 
-OpenID-like provider service. The only thing anyone that wants a WebID needs
-is a web account where you can post your WebID file, ideally on your own domain 
-name. You can also use a WebID hosting provider, but it's not necessary for
-WebID to work. While it is possible to run an OpenID server, other
-OpenID applications may not trust you and thus you won't be able to fully
-utilize your private OpenID credentials. The reason that there are a few
-large OpenID providers and very few small OpenID providers is because of this
-trust design issue related to OpenID.</p>
-
-<p>WebID does not require HTTP redirects. Redirects are are problematic on many
-cell phones, because telecoms heavily rely on proxys, which selectively block
-redirects.</p>
-
-<p>A WebID provider is 100% compatible with an OpenID provider and thus can 
-inter-operate with OpenID-powered networks.</p>
-
-</div>
-
-<div class="informative section" id="relation-to-oauth" typeof="bibo:Chapter" about="#relation-to-oauth">
-<h3><span class="secno">1.3 </span>Relation to OAuth</h3><p><em>This section is non-normative.</em></p>
-
-<p>
-OAuth and WebID are mutually beneficial when used together. WebID can be
-used to provide RSA parameters to the RSA-SHA1 signature method required by
-OAuth 1.0. WebID can also be used to establish the consumer_key and HTTPS 
-connection that will be used to transmit OAuth Tokens in OAuth 2.0.
-</p>
-
-</div>
-</div>
-
-<div class="normative section" id="the-webid-protocol" typeof="bibo:Chapter" about="#the-webid-protocol">
-
-<!-- OddPage -->
-<h2><span class="secno">2. </span>The WebID Protocol</h2>
-
-<div class="normative section" id="terminology" typeof="bibo:Chapter" about="#terminology">
-<h3><span class="secno">2.1 </span>Terminology</h3>
-
-<dl>
-
-<dt><dfn title="Verification_Agent" id="dfn-verification_agent">Verification Agent</dfn></dt>
-<dd>Performs authentication on provided WebID credentials and determines if
-an <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> can have access to a particular 
-resource. A <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> is typically a Web server, but 
-may also be a peer on a peer-to-peer network.</dd>
-
-<dt><dfn title="Identification_Agent" id="dfn-identification_agent">Identification Agent</dfn></dt>
-<dd>Provides identification credentials to a Verification Agent. The
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> is typically also a User Agent.</dd>
-
-<dt><dfn title="Identification_Certificate" id="dfn-identification_certificate">Identification Certificate</dfn></dt>
-<dd>An X.509 [<a class="bibref" rel="biblioentry" href="#bib-X509V3">X509V3</a>] Certificate that <em class="rfc2119" title="must">must</em> contain the 
-<code>Subject Alternative Name</code> field pointing to a URL that is
-dereference-able and results in a document containing RDF data. For example 
-the certificate would contain <code>http://example.org/webid#public</code>,
-known as a <a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a>, as
-the <code>Subject Alternative Name</code>:
-<code><pre>
-X509v3 extensions:
-   ...
-   X509v3 Subject Alternative Name:
-      URI:http://example.org/webid#public
-</pre></code>
-
-</dd><dt><dfn title="WebID_URL" id="dfn-webid_url">WebID URL</dfn></dt>
-<dd>A URL specified in the <code>Subject Alternative Name</code> field of the
-<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> that identifies a 
-<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a> document.</dd>
-
-<dt><dfn title="WebID_Profile" id="dfn-webid_profile">WebID Profile</dfn></dt>
-<dd>
-A structured document that contains identification credentials for the 
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> expressed using the Resource Description
-Framework [<a class="bibref" rel="biblioentry" href="#bib-RDF-CONCEPTS">RDF-CONCEPTS</a>]. The XHTML+RDFa 1.1 [<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">XHTML-RDFA</a>] serialization
-format <em class="rfc2119" title="must">must</em> be supported by the mechanism, e.g. a Web Service, providing the
-WebID Profile document. Alternate RDF serialization
-formats, such as N3 [<a class="bibref" rel="biblioentry" href="#bib-N3">N3</a>], Turtle [<a class="bibref" rel="biblioentry" href="#bib-TURTLE">TURTLE</a>], or RDF/XML 
-[<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">RDF-SYNTAX-GRAMMAR</a>] <em class="rfc2119" title="may">may</em> be supported by the mechanism providing the 
-WebID Profile document.
-</dd>
-
-</dl>
-
-</div>
-
-<div class="normative section" id="authentication-sequence" typeof="bibo:Chapter" about="#authentication-sequence">
-<h3><span class="secno">2.2 </span>Authentication Sequence</h3>
-
-<p>The following steps are executed by Verification Agents and Identification
-Agents to determine if access should be granted to a particular resource.
-</p>
-
-<ol>
-<li>The <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> attempts to access a resource
-using HTTP over TLS [<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">HTTP-TLS</a>] via the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>.</li>
-
-<li>The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="must">must</em> request the 
-<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> of the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>
-as a part of the TLS client-cerificate retrieval protocol.</li>
-
-<li>The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="must">must</em> extract the <a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a> 
-contained in the <code>Subject Alternative Name</code> field of the 
-<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a>. The <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a> document
-<em class="rfc2119" title="must">must</em> be dereferenced and all triples pertaining to the public key associated 
-with the <a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a> <em class="rfc2119" title="must">must</em> be extracted.
-</li>
-
-<li>The remote document triples <em class="rfc2119" title="must">must</em> be queried for information about the 
-public key contained in the <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a>. 
-If the public key in the certificate is found in the list of public keys 
-associated with the <a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a>, the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>
-<em class="rfc2119" title="must">must</em> assume that the client has write access to the <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a> and
-therefore owns the document.</li>
-
-<li>At this point, the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> has verified that the
-<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a> is owned by the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>. The
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="must">must</em> use the now verified public key contained 
-in the <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> for all TLS-based communication
-with the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>.
-</li></ol>
-
-<p>
-The <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> <em class="rfc2119" title="may">may</em> re-establish a different identity at 
-any time by executing all of the steps in the Authentication Sequence again. 
-Additional algorithms, detailed in the next section, <em class="rfc2119" title="may">may</em> be performed to 
-determine if the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> can access a particular 
-resource after the last step of the Authentication Sequence has been
-completed.
-</p>
-
-</div>
-
-<div class="normative section" id="authentication-sequence-details" typeof="bibo:Chapter" about="#authentication-sequence-details">
-<h3><span class="secno">2.3 </span>Authentication Sequence Details</h3>
-
-<p>This section covers details about each step in the authentication process.
-</p>
-
-<div class="normative section" id="initiating-a-tls-connection" typeof="bibo:Chapter" about="#initiating-a-tls-connection">
-<h4><span class="secno">2.3.1 </span>Initiating a TLS Connection</h4>
-
-<p class="issue">This section will detail how the TLS connection process is
-started and used by WebID to create a secure channel between the 
-Identification Agent and the Verification Agent.</p>
-</div>
-
-<div class="normative section" id="exchanging-the-identification-certificate" typeof="bibo:Chapter" about="#exchanging-the-identification-certificate">
-<h4><span class="secno">2.3.2 </span>Exchanging the Identification Certificate</h4>
-
-<p class="issue">This section will detail how the certificate is selected and
-sent to the Verification Agent.</p>
-</div>
-
-<div class="normative section" id="processing-the-webid-profile" typeof="bibo:Chapter" about="#processing-the-webid-profile">
-<h4><span class="secno">2.3.3 </span>Processing the WebID Profile</h4>
-
-<p>A server responding to a WebID Profile request <em class="rfc2119" title="must">must</em> support returning an
-XHTML+RDFa [<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">XHTML-RDFA</a>] document with either a <code>text/html</code> or
-<code>application/xhtml+xml</code> MIMEtype. A server <em class="rfc2119" title="may">may</em> support HTTP content
-negotiation and return a document that conforms to N3 [<a class="bibref" rel="biblioentry" href="#bib-N3">N3</a>], Turtle
-[<a class="bibref" rel="biblioentry" href="#bib-TURTLE">TURTLE</a>], or RDF/XML [<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">RDF-SYNTAX-GRAMMAR</a>].
-
-</p><p class="issue">This section will explain how a Verification Agent extracts 
-semantic data describing the identification credentials from a WebID Profile.</p>
-</div>
-
-<div class="normative section" id="extracting-identification-url-details" typeof="bibo:Chapter" about="#extracting-identification-url-details">
-<h4><span class="secno">2.3.4 </span>Extracting Identification URL Details</h4>
-
-<p>
-The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> may use a number of different methods to
-extract the public key information from the <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a>.
-</p>
-The following SPARQL query outlines one way in which the public key
-could be extracted from the <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a>:
-<code><pre>
-PREFIX cert: &lt;http://www.w3.org/ns/auth/cert#&gt;
-PREFIX rsa: &lt;http://www.w3.org/ns/auth/rsa#&gt;
-SELECT ?modulus ?exp
-WHERE {
-   ?key cert:identity &lt;http://example.org/webid#public&gt;;
-      a rsa:RSAPublicKey;
-      rsa:modulus [ cert:hex ?modulus; ];
-      rsa:public_exponent [ cert:decimal ?exp ] .
-}
-</pre></code>
-
-<p class="issue">This section still needs more information.</p>
-
-</div>
-
-<div class="normative section" id="determining-access-privileges" typeof="bibo:Chapter" about="#determining-access-privileges">
-<h4><span class="secno">2.3.5 </span>Determining Access Privileges</h4>
-
-<p class="issue">This section will explain how a Verification Agent may
-use the information discovered via a WebID URL to determine if one should
-be able to access a particular resource. It will explain how a Verification
-Agent can use links to other RDFa documents to build knowledge about the
-given WebID.</p>
-
-</div>
-
-</div>
-
-<div id="appendix" typeof="bibo:Chapter" about="#appendix" class="section">
-
-<div class="informative section" id="history" typeof="bibo:Chapter" about="#history">
-<h4>Change History</h4><p><em>This section is non-normative.</em></p>
-<p>2010-07-11 Initial version.</p>
-</div>
-
-<div class="informative section" id="acknowledgements" typeof="bibo:Chapter" about="#acknowledgements">
-<h4>Acknowledgments</h4><p><em>This section is non-normative.</em></p>
-
-<p>The following people have been instrumental in providing thoughts, feedback,
-reviews, criticism and input in the creation of this specification:</p>
-
-<ul>
-<li>Melvin Carvalho</li>
-<li>Bruno Harbulot</li>
-<li>Toby Inkster</li>
-<li>Ian Jacobi</li>
-<li>Jeff Sayre</li>
-<li>Henry Story</li>
-</ul>
-
-</div>
-</div>
-  
-
-
-</div><div id="references" class="appendix section" typeof="bibo:Chapter" about="#references">
-<!-- OddPage -->
-<h2><span class="secno">A. </span>References</h2><div id="normative-references" typeof="bibo:Chapter" about="#normative-references" class="section"><h3><span class="secno">A.1 </span>Normative references</h3><dl class="bibliography" about=""><dt id="bib-HTTP-TLS">[HTTP-TLS]</dt><dd rel="dcterms:requires">E. Rescorla. <a href="http://www.ietf.org/rfc/rfc2818.txt"><cite>HTTP Over TLS.</cite></a> May 2000. Internet RFC 2818. URL: <a href="http://www.ietf.org/rfc/rfc2818.txt">http://www.ietf.org/rfc/rfc2818.txt</a> 
-</dd><dt id="bib-N3">[N3]</dt><dd rel="dcterms:requires">Tim Berners-Lee; Dan Connolly. <a href="http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/"><cite>Notation3 (N3): A readable RDF syntax.</cite></a> 14 January 2008. W3C Team Submission. URL: <a href="http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/">http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/</a> 
-</dd><dt id="bib-RDF-SYNTAX-GRAMMAR">[RDF-SYNTAX-GRAMMAR]</dt><dd rel="dcterms:requires">Dave Beckett. <a href="http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210"><cite>RDF/XML Syntax Specification (Revised).</cite></a> 10 February 2004. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210">http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210</a> 
-</dd><dt id="bib-RDFA-CORE">[RDFA-CORE]</dt><dd rel="dcterms:requires">Shane McCarron; et al. <a href="http://www.w3.org/TR/2010/WD-rdfa-core-20100422"><cite>RDFa Core 1.1: Syntax and processing rules for embedding RDF through attributes.</cite></a>22 April 2010. W3C Working Draft. URL: <a href="http://www.w3.org/TR/2010/WD-rdfa-core-20100422">http://www.w3.org/TR/2010/WD-rdfa-core-20100422</a> 
-</dd><dt id="bib-TURTLE">[TURTLE]</dt><dd rel="dcterms:requires">David Beckett, Tim Berners-Lee. <a href="http://www.w3.org/TeamSubmission/turtle/">Turtle: Terse RDF Triple Language</a> January 2008. W3C Team Submission. URL: <a href="http://www.w3.org/TeamSubmission/turtle/">http://www.w3.org/TeamSubmission/turtle/</a> 
-</dd><dt id="bib-X509V3">[X509V3]</dt><dd rel="dcterms:requires"><cite>ITU-T Recommendation X.509 version 3 (1997). "Information Technology - Open Systems Interconnection - The Directory Authentication Framework"  ISO/IEC 9594-8:1997</cite>.
-</dd><dt id="bib-XHTML-RDFA">[XHTML-RDFA]</dt><dd rel="dcterms:requires">Shane McCarron; et. al. <a href="http://www.w3.org/TR/2010/WD-xhtml-rdfa-20100422"><cite>XHTML+RDFa 1.1.</cite></a> 22 April 2010. W3C Working Draft. URL: <a href="http://www.w3.org/TR/2010/WD-xhtml-rdfa-20100422">http://www.w3.org/TR/WD-xhtml-rdfa-20100422</a> 
-</dd></dl></div><div id="informative-references" typeof="bibo:Chapter" about="#informative-references" class="section"><h3><span class="secno">A.2 </span>Informative references</h3><dl class="bibliography" about=""><dt id="bib-RDF-CONCEPTS">[RDF-CONCEPTS]</dt><dd rel="dcterms:references">Graham Klyne; Jeremy J. Carroll. <a href="http://www.w3.org/TR/2004/REC-rdf-concepts-20040210"><cite>Resource Description Framework (RDF): Concepts and Abstract Syntax.</cite></a> 10 February 2004. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2004/REC-rdf-concepts-20040210">http://www.w3.org/TR/2004/REC-rdf-concepts-20040210</a> 
-</dd><dt id="bib-RDF-PRIMER">[RDF-PRIMER]</dt><dd rel="dcterms:references">Frank Manola; Eric Miller. <a href="http://www.w3.org/TR/2004/REC-rdf-primer-20040210/"><cite>RDF Primer.</cite></a> 10 February 2004. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2004/REC-rdf-primer-20040210/">http://www.w3.org/TR/2004/REC-rdf-primer-20040210/</a> 
-</dd></dl></div></div></body></html>
--- a/drafts/ED-webid-20100718/diff-20100711.html	Tue Jan 25 09:51:23 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,4224 +0,0 @@
-<?xml version='1.0' encoding='UTF-8'?>
-<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML+RDFa 1.0//EN' 'http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd'>
-<html dir="ltr" about="" property="dcterms:language" content="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:dcterms='http://purl.org/dc/terms/' xmlns:bibo='http://purl.org/ontology/bibo/' xmlns:foaf='http://xmlns.com/foaf/0.1/' xmlns:xsd='http://www.w3.org/2001/XMLSchema#'>
-<head>
-    <title>WebID 1.0</title>
-    <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
-    
-<!--  
-      === NOTA BENE ===
-      For the three scripts below, if your spec resides on dev.w3 you can check them
-      out in the same tree and use relative links so that they'll work offline,
-      -->
-
-<style type="text/css">
-code           { font-family: monospace; }
-
-span.hilite { color: red; /* font-weight: bold */ }
-
-li p           { margin-top: 0.3em;
-                 margin-bottom: 0.3em; }
-
-div.explanation { background-color: #ADD8E6;
-                   width: 80%;
-                   margin: 12px; padding: 8px; }
-div.explanation li { margin-top: 8px; }
-div.explanation dd { margin: 4px; }
-
-.adef { 
-	font-family: monospace; 
-	font-weight: bold; 
-    color: #ff4500 !important;
-}
-
-.aref { 
-	font-family: monospace; 
-	font-weight: bold; 
-    color: #ff4500 !important;
-}
-
-span.entity { color: red; }
-
-span.element { color: green; }
-</style>
-
-     
-
-<!--     <script src='/ReSpec.js/js/respec.js' class='remove'></script>  -->
-
-    
-  <link href="http://dev.w3.org/2009/dap/ReSpec.js/css/respec.css" rel="stylesheet" type="text/css" charset="utf-8" /><link href="http://www.w3.org/StyleSheets/TR/w3c-unofficial" rel="stylesheet" type="text/css" charset="utf-8" /><style type='text/css'>
-.diff-old-a {
-  font-size: smaller;
-  color: red;
-}
-
-.diff-new { background-color: yellow; }
-.diff-chg { background-color: lime; }
-.diff-new:before,
-.diff-new:after
-    { content: "\2191" }
-.diff-chg:before, .diff-chg:after
-    { content: "\2195" }
-.diff-old { text-decoration: line-through; background-color: #FBB; }
-.diff-old:before,
-.diff-old:after
-    { content: "\2193" }
-:focus { border: thin red solid}
-</style>
-</head>
-<body style="display: inherit; ">
-<div class="head">
-<p>
-</p>
-<h1 rel="dcterms:title" class="title" id="title">
-WebID
-1.0
-</h1>
-<h2 rel="bibo:subtitle" id="subtitle">
-Web
-Identification
-and
-Discovery
-</h2>
-<h2 property="dcterms:issued" datatype="xsd:dateTime" content="2010-07-18T14:10:06+0000" id="unofficial-draft-18-july-2010">
-Unofficial
-Draft
-<del class="diff-old">11
-</del>
-<ins class="diff-chg">18
-</ins>
-July
-2010
-</h2>
-<dl>
-<dt>
-Editor:
-</dt>
-<dd rel="bibo:editor">
-<span typeof="foaf:Person">
-<span property="foaf:name">
-Manu
-Sporny
-</span>,
-<a rel="foaf:workplaceHomepage" href="http://blog.digitalbazaar.com/">
-Digital
-Bazaar,
-Inc.
-</a>
-<a rel="foaf:mbox" href="mailto:[email protected]">
[email protected]
-</a>
-</span>
-</dd>
-<dt>
-Authors:
-</dt>
-<dd>
-<span>
-<a content="Toby Inkster" href="http://tobyinkster.co.uk/">
-Toby
-Inkster
-</a>
-</span>
-</dd>
-<dd>
-<span>
-<a content="Henry Story" href="http://bblfish.net/">
-Henry
-Story
-</a>
-</span>
-</dd>
-<dd>
-<span>
-<a content="Bruno Harbulot" href="http://blog.distributedmatter.net/">
-<ins class="diff-new">Bruno
-Harbulot
-</ins></a></span></dd><dd><span><a content="Reto Bachmann-Gmür" href="http://www.facebook.com/farewellutopia"><ins class="diff-new">
-Reto
-Bachmann-Gmür
-</ins></a></span></dd>
-</dl>
-<p>
-<ins class="diff-new">This
-document
-is
-also
-available
-in
-this
-non-normative
-format:
-</ins><a href="diff-20100711.html"><ins class="diff-new">
-Diff
-from
-previous
-Editors
-Draft
-</ins></a>.</p>
-<p class="copyright">
-This
-document
-is
-licensed
-under
-a
-<a class="subfoot" href="http://creativecommons.org/licenses/by/3.0/" rel="license">
-Creative
-Commons
-Attribution
-3.0
-License
-</a>.
-</p>
-<hr>
-</hr>
-</div>
-<div id="abstract" class="introductory section" property="dcterms:abstract" datatype="" typeof="bibo:Chapter" about="#abstract">
-<h2>
-Abstract
-</h2>
-<p>
-<del class="diff-old">Identification
-</del>
-<ins class="diff-chg">Social
-networking,
-identity
-</ins>
-and
-privacy
-have
-been
-at
-the
-center
-of
-how
-we
-interact
-with
-<del class="diff-old">sites
-on
-</del>
-the
-<del class="diff-old">Web.
-</del>
-<ins class="diff-chg">Web
-in
-the
-last
-decade.
-</ins>
-The
-explosion
-of
-<del class="diff-old">Websites
-over
-the
-last
-decade
-and
-a
-half
-</del>
-<ins class="diff-chg">social
-networking
-sites
-</ins>
-has
-<ins class="diff-new">brought
-the
-world
-closer
-together
-as
-well
-as
-</ins>
-created
-<del class="diff-old">a
-point
-</del>
-<ins class="diff-chg">new
-points
-</ins>
-of
-pain
-<del class="diff-old">for
-anyone
-that
-uses
-</del>
-<ins class="diff-chg">regarding
-ease
-of
-use
-and
-</ins>
-the
-<del class="diff-old">Web
-on
-a
-regular
-basis.
-</del>
-<ins class="diff-chg">Web.
-</ins>
-Remembering
-login
-details,
-passwords,
-and
-sharing
-private
-information
-across
-the
-many
-websites
-<ins class="diff-new">and
-social
-groups
-</ins>
-that
-<del class="diff-old">people
-use
-on
-</del>
-<ins class="diff-chg">we
-are
-</ins>
-a
-<del class="diff-old">daily
-basis
-</del>
-<ins class="diff-chg">part
-of
-</ins>
-has
-become
-more
-difficult
-and
-complicated
-than
-necessary.
-<ins class="diff-new">The
-Social
-Web
-is
-designed
-to
-ensure
-that
-control
-of
-identity
-and
-privacy
-settings
-is
-always
-simple
-and
-under
-one's
-control.
-WebID
-is
-a
-key
-enabler
-of
-the
-Social
-Web.
-</ins>
-This
-specification
-outlines
-a
-simple
-universal
-identification
-mechanism
-that
-is
-distributed,
-openly
-extensible,
-improves
-privacy,
-security
-and
-control
-over
-how
-one
-can
-identify
-themselves
-and
-control
-access
-to
-their
-information
-on
-the
-Web.
-</p>
-<div typeof="bibo:Chapter" about="#how-to-read-this-document" class="section">
-<h3 id="how-to-read-this-document">
-How
-to
-Read
-this
-Document
-</h3>
-<p>
-There
-are
-a
-number
-of
-concepts
-that
-are
-covered
-in
-this
-document
-that
-the
-reader
-may
-want
-to
-be
-aware
-of
-before
-continuing.
-General
-knowledge
-of
-<a href="http://en.wikipedia.org/wiki/Public_key_cryptography">
-public
-key
-cryptography
-</a>
-<ins class="diff-new">and
-RDF
-[
-</ins><a class="bibref" rel="biblioentry" href="#bib-RDF-PRIMER"><ins class="diff-new">
-RDF-PRIMER
-</ins></a><ins class="diff-new">
-]
-and
-RDFa
-[
-</ins><a class="bibref" rel="biblioentry" href="#bib-RDFA-CORE"><ins class="diff-new">
-RDFA-CORE
-</ins></a><ins class="diff-new">
-]
-</ins>
-is
-necessary
-to
-understand
-how
-to
-implement
-this
-specification.
-WebID
-<del class="diff-old">also
-</del>
-uses
-<ins class="diff-new">a
-number
-of
-specific
-technologies
-like
-</ins>
-HTTP
-over
-TLS
-[
-<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">
-HTTP-TLS
-</a>
-],
-X.509
-certificates
-[
-<a class="bibref" rel="biblioentry" href="#bib-X509V3">
-X509V3
-</a>
-],
-<ins class="diff-new">RDF/XML
-[
-</ins><a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR"><ins class="diff-new">
-RDF-SYNTAX-GRAMMAR
-</ins></a><ins class="diff-new">
-]
-</ins>
-and
-<del class="diff-old">RDFa
-</del>
-<ins class="diff-chg">XHTML+RDFa
-</ins>
-[
-<del class="diff-old">RDFA-CORE
-</del>
-<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">
-<ins class="diff-chg">XHTML-RDFA
-</ins>
-</a>
-].
-</p>
-<p>
-A
-general
-<a href="#introduction">
-Introduction
-</a>
-is
-provided
-for
-all
-that
-would
-like
-to
-understand
-why
-this
-specification
-is
-necessary
-to
-simplify
-usage
-of
-the
-Web.
-</p>
-<p>
-The
-terms
-used
-throughout
-this
-specification
-are
-listed
-in
-the
-section
-titled
-<a href="#terminology">
-Terminology
-</a>.
-</p>
-<p>
-Developers
-that
-are
-interested
-in
-implementing
-this
-specification
-will
-be
-most
-interested
-in
-the
-sections
-titled
-<a href="#authentication-sequence">
-Authentication
-Sequence
-</a>
-and
-<a href="#authentication-sequence-details">
-Authentication
-Sequence
-Details
-</a>.
-</p>
-</div>
-</div>
-<div id="sotd" class="introductory section" typeof="bibo:Chapter" about="#sotd">
-<h2>
-Status
-of
-This
-Document
-</h2>
-<p>
-This
-document
-is
-merely
-a
-public
-working
-draft
-of
-a
-potential
-specification.
-It
-has
-no
-official
-standing
-of
-any
-kind
-and
-does
-not
-represent
-the
-support
-or
-consensus
-of
-any
-standards
-organisation.
-</p>
-The
-source
-code
-for
-this
-document
-is
-available
-via
-Github
-at
-the
-following
-URL:
-<a href="http://github.com/msporny/webid-spec">
-http://github.com/msporny/webid-spec
-</a>
-</div>
-<div id="toc" typeof="bibo:Chapter" about="#toc" class="section">
-<h2 class="introductory">
-Table
-of
-Contents
-</h2>
-<ul class="toc">
-<li class="tocline">
-<a href="#introduction" class="tocxref">
-<span class="secno">
-1.
-</span>
-Introduction
-</a>
-<ul class="toc">
-<li class="tocline">
-<a href="#motivation" class="tocxref">
-<span class="secno">
-1.1
-</span>
-Motivation
-</a>
-</li>
-<li class="tocline">
-<a href="#relation-to-openid" class="tocxref">
-<span class="secno">
-1.2
-</span>
-Relation
-to
-OpenID
-</a>
-</li>
-<li class="tocline">
-<a href="#relation-to-oauth" class="tocxref">
-<span class="secno">
-1.3
-</span>
-Relation
-to
-OAuth
-</a>
-</li>
-</ul>
-</li>
-<li class="tocline">
-<a href="#the-webid-protocol" class="tocxref">
-<span class="secno">
-2.
-</span>
-The
-WebID
-Protocol
-</a>
-<ul class="toc">
-<li class="tocline">
-<a href="#terminology" class="tocxref">
-<span class="secno">
-2.1
-</span>
-Terminology
-</a>
-</li>
-<li class="tocline">
-<a href="#authentication-sequence" class="tocxref">
-<span class="secno">
-2.2
-</span>
-Authentication
-Sequence
-</a>
-</li>
-<li class="tocline">
-<a href="#authentication-sequence-details" class="tocxref">
-<span class="secno">
-2.3
-</span>
-Authentication
-Sequence
-Details
-</a>
-<ul class="toc">
-<li class="tocline">
-<a href="#initiating-a-tls-connection" class="tocxref">
-<span class="secno">
-2.3.1
-</span>
-Initiating
-a
-TLS
-Connection
-</a>
-</li>
-<li class="tocline">
-<a href="#exchanging-the-identification-certificate" class="tocxref">
-<span class="secno">
-2.3.2
-</span>
-Exchanging
-the
-Identification
-Certificate
-</a>
-</li>
-<li class="tocline">
-<a href="#processing-the-webid-profile" class="tocxref">
-<span class="secno">
-2.3.3
-</span>
-Processing
-the
-WebID
-Profile
-</a>
-</li>
-<li class="tocline">
-<a href="#extracting-webid-url-details" class="tocxref">
-<span class="secno">
-2.3.4
-</span>
-Extracting
-<del class="diff-old">Identification
-</del>
-<ins class="diff-chg">WebID
-</ins>
-URL
-Details
-</a>
-</li>
-<li class="tocline">
-<a href="#determining-access-privileges" class="tocxref">
-<span class="secno">
-2.3.5
-</span>
-Determining
-Access
-Privileges
-</a>
-</li>
-</ul>
-</li>
-</ul>
-</li>
-<li class="tocline">
-<a href="#references" class="tocxref">
-<span class="secno">
-A.
-</span>
-References
-</a>
-<ul class="toc">
-<li class="tocline">
-<a href="#normative-references" class="tocxref">
-<span class="secno">
-A.1
-</span>
-Normative
-references
-</a>
-</li>
-<li class="tocline">
-<a href="#informative-references" class="tocxref">
-<span class="secno">
-A.2
-</span>
-Informative
-references
-</a>
-</li>
-</ul>
-</li>
-</ul>
-</div>
-<div class="informative section" id="introduction" typeof="bibo:Chapter" about="#introduction">
-<h2>
-<span class="secno">
-1.
-</span>
-Introduction
-</h2>
-<p>
-<em>
-This
-section
-is
-non-normative.
-</em>
-</p>
-<p>
-The
-WebID
-specification
-is
-designed
-to
-help
-alleviate
-the
-difficultly
-that
-remembering
-different
-logins,
-passwords
-and
-settings
-for
-websites
-has
-created.
-It
-is
-also
-designed
-to
-provide
-a
-universal
-and
-extensible
-mechanism
-to
-express
-public
-and
-private
-information
-about
-yourself.
-This
-section
-outlines
-the
-motivation
-behind
-the
-specification
-and
-the
-relationship
-to
-other
-similar
-specifications
-that
-are
-in
-active
-use
-today.
-</p>
-<div class="informative section" id="motivation" typeof="bibo:Chapter" about="#motivation">
-<h3>
-<span class="secno">
-1.1
-</span>
-Motivation
-</h3>
-<p>
-<em>
-This
-section
-is
-non-normative.
-</em>
-</p>
-<p>
-It
-is
-a
-fundamental
-design
-criteria
-of
-the
-Web
-to
-enable
-individuals
-and
-organizations
-to
-control
-how
-they
-interact
-with
-the
-rest
-of
-society.
-This
-includes
-how
-one
-expresses
-their
-identity,
-public
-information
-and
-personal
-details
-to
-social
-networks,
-Web
-sites
-and
-services.
-</p>
-<p>
-Semantic
-Web
-vocabularies
-such
-as
-Friend-of-a-Friend
-(FOAF)
-permit
-distributed
-hyperlinked
-social
-networks
-to
-exist.
-This
-vocabulary,
-along
-with
-other
-vocabularies,
-allow
-one
-to
-add
-information
-and
-services
-protection
-to
-distributed
-social
-networks.
-</p>
-<p>
-One
-major
-criticism
-of
-open
-networks
-is
-that
-they
-seem
-to
-have
-no
-way
-of
-protecting
-the
-personal
-information
-distributed
-on
-the
-web
-or
-limiting
-access
-to
-resources.
-Few
-people
-are
-willing
-to
-make
-all
-their
-personal
-information
-public,
-many
-would
-like
-large
-pieces
-to
-be
-protected,
-making
-it
-available
-only
-to
-a
-select
-group
-of
-agents.
-Giving
-access
-to
-information
-is
-very
-similar
-to
-giving
-access
-to
-services.
-There
-are
-many
-occasions
-when
-people
-would
-like
-services
-to
-only
-be
-accessible
-to
-members
-of
-a
-group,
-such
-as
-allowing
-only
-friends,
-family
-members,
-colleagues
-to
-post
-an
-article,
-photo
-or
-comment
-on
-a
-blog.
-How
-does
-one
-do
-this
-in
-a
-flexible
-way,
-without
-requiring
-a
-central
-point
-of
-access
-control?
-</p>
-<p>
-Using
-an
-process
-made
-popular
-by
-OpenID,
-we
-show
-how
-one
-can
-tie
-a
-User
-Agent
-to
-a
-URL
-by
-proving
-that
-one
-has
-write
-access
-to
-the
-URL.
-WebID
-is
-a
-simpler
-alternative
-to
-OpenID
-(fewer
-connections),
-that
-uses
-X.509
-certificates
-to
-tie
-a
-User
-Agent
-(Browser)
-to
-a
-Person
-identified
-via
-a
-URL.
-WebID
-also
-provides
-a
-few
-additional
-features
-to
-OpenID.
-These
-features
-include
-trust
-management,
-via
-digital
-signatures,
-and
-free-form
-extensibility
-via
-RDFa.
-By
-using
-the
-existing
-SSL
-certificate
-exchange
-mechanism,
-WebID
-integrates
-more
-smoothly
-with
-existing
-Web
-browsers,
-including
-browsers
-on
-mobile
-devices.
-WebID
-also
-permits
-automated
-session
-login
-in
-addition
-to
-interactive
-session
-login.
-Additionally,
-all
-data
-is
-encrypted
-and
-guaranteed
-to
-only
-be
-received
-by
-the
-person
-or
-organization
-that
-was
-intended
-to
-receive
-it.
-</p>
-</div>
-<div class="informative section" id="relation-to-openid" typeof="bibo:Chapter" about="#relation-to-openid">
-<h3>
-<span class="secno">
-1.2
-</span>
-Relation
-to
-OpenID
-</h3>
-<p>
-<em>
-This
-section
-is
-non-normative.
-</em>
-</p>
-<del class="diff-old">While
-some
-may
-say
-that
-OpenID
-</del>
-<p class="issue">
-<ins class="diff-chg">This
-section
-needs
-to
-be
-re-written.
-The
-flow
-</ins>
-and
-<del class="diff-old">WebID
-conflict,
-</del>
-<ins class="diff-chg">grammar
-leaves
-much
-to
-be
-desired.
---
-manu
-</ins></p><p>
-WebID
-is
-<del class="diff-old">100%
-</del>
-compatible
-with
-<del class="diff-old">OpenID
-since
-both
-</del>
-<ins class="diff-chg">OpenID.
-Both
-protocols
-</ins>
-use
-a
-URL
-<del class="diff-old">for
-identification.
-</del>
-<ins class="diff-chg">that
-dereferences
-to
-a
-Personal
-Profile
-Document.
-This
-Personal
-Profile
-Document
-is
-where
-further
-information
-about
-an
-identity
-can
-be
-discovered.
-This
-mechanism
-is
-compatible
-with
-both
-WebID
-and
-OpenID.
-</ins>
-Therefore,
-WebID
-does
-not
-intend
-to
-replace
-OpenID,
-but
-can
-work
-beside
-OpenID
-<del class="diff-old">just
-as
-easily
-as
-providing
-a
-complete
-solution.
-</del>
-<ins class="diff-chg">by
-sharing
-the
-content
-in
-the
-Personal
-Profile
-Document.
-</ins></p><p>
-That
-said,
-there
-are
-a
-number
-of
-benefits
-that
-WebID
-achieves
-over
-OpenID:
-</p>
-<p>
-WebID
-gives
-people
-and
-other
-agents
-a
-<ins class="diff-new">WebID
-URL
-for
-identification.
-OpenID
-also
-provides
-a
-URL
-to
-a
-Personal
-Profile
-Document.
-However,
-in
-the
-case
-of
-WebID,
-one
-does
-not
-need
-to
-remember
-the
-URL
-since
-the
-User
-Agent
-remembers
-the
-URL
-on
-behalf
-of
-the
-person
-browsing.
-To
-log
-in
-on
-a
-WebID
-web
-site
-there
-is
-no
-need
-to
-enter
-any
-identifier
-like
-one
-has
-to
-do
-for
-OpenID.
-Just
-one
-click
-tells
-the
-browser
-to
-send
-the
-WebID
-URL.
-The
-person
-that
-is
-browsing
-does
-not
-need
-to
-remember
-either
-their
-WebID
-URL
-or
-the
-website
-password.
-The
-only
-password
-one
-may
-need
-to
-remember
-is
-the
-one
-that
-is
-used
-to
-access
-their
-collection
-of
-WebIDs
-in
-their
-browser,
-and
-that's
-only
-if
-they
-opt-in
-to
-password
-protect
-their
-WebIDs.
-</ins></p><p><ins class="diff-new">
-WebID
-gives
-people
-and
-other
-agents
-a
-</ins>
-Web
-ID
-URL
-for
-<del class="diff-old">identification,
-just
-like
-OpenId
-does.
-</del>
-<ins class="diff-chg">identification.
-OpenID
-also
-provides
-a
-URL
-to
-a
-Personal
-Profile
-Document.
-</ins>
-However,
-in
-the
-case
-of
-WebID,
-the
-user
-does
-not
-need
-to
-remember
-the
-URL,
-the
-browser
-or
-User
-Agent
-does.
-A
-login
-button
-on
-a
-WebID
-web
-site
-is
-just
-a
-button.
-No
-need
-to
-enter
-any
-identifier
-like
-one
-has
-to
-for
-OpenID.
-Just
-click
-the
-button.
-Your
-browser
-will
-then
-ask
-you
-what
-identity
-you
-wish
-to
-use.
-The
-person
-that
-is
-browsing
-does
-not
-need
-to
-remember
-either
-the
-WebID
-URL
-or
-the
-website
-password.
-The
-only
-password
-one
-needs
-to
-remember
-is
-the
-one
-that
-is
-used
-to
-access
-their
-collection
-of
-WebIDs
-in
-their
-browser.
-</p>
-<p>
-The
-WebID
-protocol
-requires
-just
-one
-direct
-network
-connection
-to
-establish
-identity
-via
-the
-client.
-The
-server
-requires
-one
-connection
-to
-the
-client
-and
-one
-connection
-to
-retrieve
-the
-WebID
-Profile
-if
-it
-does
-not
-have
-the
-credential
-information
-cached.
-Compare
-this
-to
-the
-much
-more
-complex
-OpenID
-sequence,
-which
-requires
-six
-connections
-by
-the
-client
-to
-establish
-a
-login.
-In
-a
-world
-of
-distributed
-data
-where
-each
-site
-can
-point
-to
-data
-on
-any
-other
-site,
-multiple
-connections
-become
-costly
-to
-manage.
-</p>
-<p>
-WebID
-builds
-on
-<ins class="diff-new">a
-number
-of
-</ins>
-well
-established
-Internet
-and
-Web
-standards;
-<a href="http://en.wikipedia.org/wiki/REST">
-REST
-</a>,
-RDF
-[
-<a class="bibref" rel="biblioentry" href="#bib-RDF-PRIMER">
-RDF-PRIMER
-</a>
-],
-RDFa
-[
-<a class="bibref" rel="biblioentry" href="#bib-RDFA-CORE">
-RDFA-CORE
-</a>
-],
-<ins class="diff-new">RDF/XML
-[
-</ins><a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR"><ins class="diff-new">
-RDF-SYNTAX-GRAMMAR
-</ins></a><ins class="diff-new">
-],
-</ins>
-TLS
-[
-<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">
-HTTP-TLS
-</a>
-],
-and
-X.509
-[
-<a class="bibref" rel="biblioentry" href="#bib-X509V3">
-X509V3
-</a>
-].
-By
-building
-on
-previous
-standards,
-it
-makes
-both
-explaining
-and
-implementing
-WebID
-easier
-on
-developers.
-</p>
-<p>
-Since
-WebID
-is
-RESTful,
-you
-can
-perform
-basic
-HTTP
-operations
-to
-<code>
-GET
-</code>
-your
-WebID,
-and
-if
-you
-needed
-update
-it,
-you
-can
-use
-HTTP
-<code>
-PUT
-</code>
-semantics.
-You
-can
-also
-create
-a
-WebID
-via
-<code>
-POST
-</code>.
-This
-is
-improved
-from
-the
-OpenID
-specification,
-which
-requires
-a
-new
-set
-of
-operations
-described
-in
-the
-OpenID
-Attribute
-Exchange
-specification.
-</p>
-<p>
-<ins class="diff-new">WebID
-is
-built
-on
-RDF
-and
-thus
-enables
-all
-of
-the
-advanced
-semantic
-web
-concepts
-that
-RDF
-enables.
-For
-example,
-a
-developer
-may
-perform
-machine
-reasoning
-with
-a
-WebID.
-One
-can
-construct
-machine-executable
-statements
-like
-"If
-this
-WebID
-claims
-to
-be
-a
-friend
-of
-one
-of
-our
-partner
-WebIDs
-that
-is
-trusted
-and
-the
-relationship
-is
-bi-directional,
-trust
-the
-WebID."
-While
-OpenID
-attempts
-to
-support
-this
-use
-case
-by
-mapping
-OpenID
-to
-RDF,
-it's
-far
-easier
-to
-do
-with
-WebID
-because
-WebID
-is
-natively
-RDF-aware.
-</ins></p><p>
-It
-is
-easy
-to
-extend
-a
-WebID
-with
-new
-attributes
-via
-RDF.
-The
-power
-of
-RDF
-<del class="diff-old">and
-RDFa
-</del>
-allows
-developers
-to
-add
-extensions
-to
-WebID
-by
-defining
-new
-vocabularies
-that
-they
-publish.
-There
-is
-no
-authorization
-process
-necessary
-and
-thus
-WebID
-allows
-for
-distributed
-innovation.
-Every
-WebID
-property
-is
-a
-URI,
-which
-when
-clicked,
-can
-give
-you
-yet
-more
-information
-about
-what
-the
-property
-means.
-A
-developer
-can
-create
-new
-usage
-classes
-by
-extending
-their
-vocabulary
-at
-will.
-A
-developer
-can
-add
-relationships
-to
-a
-WebID
-by
-simply
-adding
-more
-HTML
-to
-the
-developer's
-page.
-OpenID
-does
-not
-provide
-any
-type
-of
-distributed
-innovation
-akin
-to
-<del class="diff-old">RDF
-or
-RDFa.
-WebID
-is
-built
-on
-RDF
-and
-thus
-enables
-all
-of
-the
-advanced
-semantic
-web
-concepts
-that
-RDF
-enables.
-For
-example,
-a
-developer
-may
-perform
-machine
-reasoning
-with
-a
-WebID.
-One
-can
-construct
-machine-executable
-statements
-like
-"If
-this
-WebID
-claims
-to
-be
-a
-friend
-of
-one
-of
-our
-partner
-WebIDs
-that
-is
-trusted
-and
-the
-relationship
-is
-bi-directional,
-trust
-the
-WebID."
-While
-OpenID
-attempts
-to
-support
-this
-use
-case
-by
-mapping
-OpenID
-to
-RDF,
-it's
-far
-easier
-to
-do
-with
-WebID
-because
-WebID
-is
-natively
-RDF-aware.
-</del>
-<ins class="diff-chg">RDF.
-</ins>
-</p>
-<p>
-Implementing
-WebID
-is
-easier
-than
-OpenID
-because
-all
-of
-the
-basic
-technologies
-have
-been
-working
-and
-integrated
-into
-Web
-browsers
-for
-many
-years.
-There
-were
-already
-three
-interoperable
-implementations
-of
-WebID
-before
-this
-specification
-was
-written.
-</p>
-<p>
-WebID
-is
-truly
-decentralized
--
-with
-WebID
-you
-get
-a
-web
-of
-trust.
-OpenID
-only
-supports
-the
-Web
-of
-Trust
-model
-if
-you
-indirectly
-trust
-the
-OpenID
-provider.
-In
-other
-words
--
-OpenID
-is
-not
-truly
-decentralized.
-In
-OpenID
-you
-must
-trust
-OpenID
-providers.
-With
-WebID
-you
-only
-have
-to
-trust
-the
-people
-and
-the
-organizations
-with
-which
-you
-are
-communicating.
-In
-other
-words,
-you
-don't
-have
-to
-ask
-anyone
-whether
-or
-not
-you
-can
-trust
-your
-friends.
-You
-can
-query
-people
-that
-you
-trust
-directly
-to
-see
-if
-someone
-is
-trustworthy
-or
-not.
-There
-is
-no
-need
-for
-a
-central
-WebID
-authority.
-</p>
-<p>
-WebID
-is
-fully
-distributed,
-anyone
-can
-setup
-a
-WebID
-by
-placing
-a
-single
-file
-on
-a
-web
-server
-of
-their
-choosing.
-There
-is
-no
-need
-for
-a
-special
-OpenID-like
-provider
-service.
-The
-only
-thing
-anyone
-that
-wants
-a
-WebID
-needs
-is
-a
-web
-account
-where
-you
-can
-post
-your
-WebID
-file,
-ideally
-on
-your
-own
-domain
-name.
-You
-can
-also
-use
-a
-WebID
-hosting
-provider,
-but
-it's
-not
-necessary
-for
-WebID
-to
-work.
-While
-it
-is
-possible
-to
-run
-an
-OpenID
-server,
-other
-OpenID
-applications
-may
-not
-trust
-you
-and
-thus
-you
-won't
-be
-able
-to
-fully
-utilize
-your
-private
-OpenID
-credentials.
-The
-reason
-that
-there
-are
-a
-few
-large
-OpenID
-providers
-and
-very
-few
-small
-OpenID
-providers
-is
-because
-of
-this
-trust
-design
-issue
-related
-to
-OpenID.
-</p>
-<p>
-WebID
-does
-not
-require
-HTTP
-redirects.
-Redirects
-are
-<del class="diff-old">are
-</del>
-problematic
-on
-many
-cell
-phones,
-because
-telecoms
-heavily
-rely
-on
-proxys,
-which
-selectively
-block
-redirects.
-</p>
-<p>
-A
-WebID
-provider
-is
-100%
-compatible
-with
-an
-OpenID
-provider
-and
-thus
-can
-inter-operate
-with
-OpenID-powered
-networks.
-</p>
-</div>
-<div class="informative section" id="relation-to-oauth" typeof="bibo:Chapter" about="#relation-to-oauth">
-<h3>
-<span class="secno">
-1.3
-</span>
-Relation
-to
-OAuth
-</h3>
-<p>
-<em>
-This
-section
-is
-non-normative.
-</em>
-</p>
-<p>
-OAuth
-and
-WebID
-are
-mutually
-beneficial
-when
-used
-together.
-WebID
-can
-be
-used
-to
-provide
-RSA
-parameters
-to
-the
-RSA-SHA1
-signature
-method
-required
-by
-OAuth
-1.0.
-WebID
-can
-also
-be
-used
-to
-establish
-the
-consumer_key
-and
-HTTPS
-connection
-that
-will
-be
-used
-to
-transmit
-OAuth
-Tokens
-in
-OAuth
-2.0.
-</p>
-</div>
-</div>
-<div class="normative section" id="the-webid-protocol" typeof="bibo:Chapter" about="#the-webid-protocol">
-<h2>
-<span class="secno">
-2.
-</span>
-The
-WebID
-Protocol
-</h2>
-<div class="normative section" id="terminology" typeof="bibo:Chapter" about="#terminology">
-<h3>
-<span class="secno">
-2.1
-</span>
-Terminology
-</h3>
-<dl>
-<dt>
-<dfn title="Verification_Agent" id="dfn-verification_agent">
-Verification
-Agent
-</dfn>
-</dt>
-<dd>
-Performs
-authentication
-on
-provided
-WebID
-credentials
-and
-determines
-if
-an
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
-Identification
-Agent
-</a>
-can
-have
-access
-to
-a
-particular
-resource.
-A
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
-Verification
-Agent
-</a>
-is
-typically
-a
-Web
-server,
-but
-may
-also
-be
-a
-peer
-on
-a
-peer-to-peer
-network.
-</dd>
-<dt>
-<dfn title="Identification_Agent" id="dfn-identification_agent">
-Identification
-Agent
-</dfn>
-</dt>
-<dd>
-Provides
-identification
-credentials
-to
-a
-Verification
-Agent.
-The
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
-Identification
-Agent
-</a>
-is
-typically
-also
-a
-User
-Agent.
-</dd>
-<dt>
-<dfn title="Identification_Certificate" id="dfn-identification_certificate">
-Identification
-Certificate
-</dfn>
-</dt>
-<dd>
-An
-X.509
-[
-<a class="bibref" rel="biblioentry" href="#bib-X509V3">
-X509V3
-</a>
-]
-Certificate
-that
-<em class="rfc2119" title="must">
-must
-</em>
-contain
-<del class="diff-old">the
-</del>
-<ins class="diff-chg">a
-</ins>
-<code>
-Subject
-Alternative
-Name
-</code>
-<del class="diff-old">field
-pointing
-to
-</del>
-<ins class="diff-chg">extension
-with
-a
-URI
-entry.
-The
-URI
-</ins><em class="rfc2119" title="should"><ins class="diff-chg">
-should
-</ins></em><ins class="diff-chg">
-be
-a
-URL,
-and
-</ins><em class="rfc2119" title="should not"><ins class="diff-chg">
-should
-not
-</ins></em><ins class="diff-chg">
-be
-</ins>
-a
-<ins class="diff-new">URN.
-The
-</ins>
-URL
-<del class="diff-old">that
-is
-</del>
-<ins class="diff-chg">identifies
-the
-</ins><a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent"><ins class="diff-chg">
-Identification
-Agent
-</ins></a>.<ins class="diff-chg">
-The
-URL
-</ins><em class="rfc2119" title="must"><ins class="diff-chg">
-must
-</ins></em><ins class="diff-chg">
-be
-</ins>
-dereference-able
-and
-<del class="diff-old">results
-</del>
-<ins class="diff-chg">result
-</ins>
-in
-a
-document
-containing
-RDF
-data.
-For
-<del class="diff-old">example
-</del>
-<ins class="diff-chg">example,
-</ins>
-the
-certificate
-would
-contain
-<code>
-http://example.org/webid#public
-</code>,
-known
-as
-a
-<a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">
-WebID
-URL
-</a>,
-as
-the
-<code>
-Subject
-Alternative
-Name
-</code>:
-<code><pre>
-X509v3 extensions:
-   ...
-   X509v3 Subject Alternative Name:
-      URI:http://example.org/webid#public
-</pre>
-</code>
-</dd>
-<dt>
-<dfn title="WebID_URL" id="dfn-webid_url">
-WebID
-URL
-</dfn>
-</dt>
-<dd>
-A
-URL
-specified
-<del class="diff-old">in
-</del>
-<ins class="diff-chg">via
-</ins>
-the
-<code>
-Subject
-Alternative
-Name
-</code>
-<del class="diff-old">field
-</del>
-<ins class="diff-chg">extension
-</ins>
-of
-the
-<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">
-Identification
-Certificate
-</a>
-that
-identifies
-<ins class="diff-new">an
-</ins><a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent"><ins class="diff-new">
-Identification
-Agent
-</ins></a>.</dd><dt><dfn title="public_key" id="dfn-public_key"><ins class="diff-new">
-public
-key
-</ins></dfn></dt><dd><ins class="diff-new">
-A
-widely
-distributed
-crytographic
-key
-that
-can
-be
-used
-to
-verify
-digital
-signatures
-and
-encrypt
-data
-between
-</ins>
-a
-<del class="diff-old">WebID
-Profile
-</del>
-<ins class="diff-chg">sender
-and
-a
-receiver.
-A
-public
-key
-is
-always
-included
-in
-an
-</ins><a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate"><ins class="diff-chg">
-Identification
-Certificate
-</ins>
-</a>
-<del class="diff-old">document.
-</del>
-</dd>
-<dt>
-<dfn title="WebID_Profile" id="dfn-webid_profile">
-WebID
-Profile
-</dfn>
-</dt>
-<dd>
-A
-structured
-document
-that
-contains
-identification
-credentials
-for
-the
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
-Identification
-Agent
-</a>
-expressed
-using
-the
-Resource
-Description
-Framework
-[
-<a class="bibref" rel="biblioentry" href="#bib-RDF-CONCEPTS">
-RDF-CONCEPTS
-</a>
-].
-<del class="diff-old">The
-</del>
-<ins class="diff-chg">Either
-the
-</ins>
-XHTML+RDFa
-1.1
-[
-<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">
-XHTML-RDFA
-</a>
-]
-serialization
-format
-<ins class="diff-new">or
-the
-RDF/XML
-[
-</ins><a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR"><ins class="diff-new">
-RDF-SYNTAX-GRAMMAR
-</ins></a><ins class="diff-new">
-]
-serialization
-format
-</ins>
-<em class="rfc2119" title="must">
-must
-</em>
-be
-supported
-by
-the
-mechanism,
-e.g.
-a
-Web
-Service,
-providing
-the
-WebID
-Profile
-document.
-Alternate
-RDF
-serialization
-formats,
-such
-as
-N3
-[
-<a class="bibref" rel="biblioentry" href="#bib-N3">
-N3
-</a>
-<del class="diff-old">],
-</del>
-<ins class="diff-chg">]
-or
-</ins>
-Turtle
-[
-<a class="bibref" rel="biblioentry" href="#bib-TURTLE">
-TURTLE
-</a>
-],
-<del class="diff-old">or
-RDF/XML
-[
-RDF-SYNTAX-GRAMMAR
-]
-</del>
-<em class="rfc2119" title="may">
-may
-</em>
-be
-supported
-by
-the
-mechanism
-providing
-the
-WebID
-Profile
-document.
-</dd>
-</dl>
-<p class="issue">
-<ins class="diff-new">Whether
-or
-not
-RDF/XML,
-XHTML+RDFa
-1.1,
-both
-or
-neither
-serialization
-of
-RDF
-should
-be
-required
-serialization
-formats
-in
-the
-specification
-is
-currently
-under
-heavy
-debate.
-</ins></p>
-</div>
-<div class="normative section" id="authentication-sequence" typeof="bibo:Chapter" about="#authentication-sequence">
-<h3>
-<span class="secno">
-2.2
-</span>
-Authentication
-Sequence
-</h3>
-<p>
-The
-following
-steps
-are
-executed
-by
-Verification
-Agents
-and
-Identification
-Agents
-to
-determine
-if
-access
-should
-be
-granted
-to
-a
-particular
-resource.
-</p>
-<ol>
-<li>
-The
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
-Identification
-Agent
-</a>
-attempts
-to
-access
-a
-resource
-using
-HTTP
-over
-TLS
-[
-<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">
-HTTP-TLS
-</a>
-]
-via
-the
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
-Verification
-Agent
-</a>.
-</li>
-<li>
-The
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
-Verification
-Agent
-</a>
-<em class="rfc2119" title="must">
-must
-</em>
-request
-the
-<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">
-Identification
-Certificate
-</a>
-of
-the
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
-Identification
-Agent
-</a>
-as
-a
-part
-of
-the
-TLS
-client-cerificate
-retrieval
-protocol.
-</li>
-<li>
-The
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
-Verification
-Agent
-</a>
-<em class="rfc2119" title="must">
-must
-</em>
-extract
-the
-<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
-<ins class="diff-new">public
-key
-</ins></a><ins class="diff-new">
-and
-the
-</ins>
-<a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">
-WebID
-URL
-</a>
-contained
-in
-the
-<code>
-Subject
-Alternative
-Name
-</code>
-<del class="diff-old">field
-</del>
-<ins class="diff-chg">extension
-</ins>
-of
-the
-<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">
-Identification
-Certificate
-</a>.
-</li>
-<li>
-The
-<del class="diff-old">WebID
-Profile
-document
-must
-be
-dereferenced
-and
-all
-triples
-pertaining
-to
-the
-</del>
-<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
-public
-key
-</a>
-<ins class="diff-new">information
-</ins>
-associated
-with
-the
-<a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">
-WebID
-URL
-</a>
-<em class="rfc2119" title="must">
-must
-</em>
-be
-<del class="diff-old">extracted.
-The
-remote
-document
-triples
-</del>
-<ins class="diff-chg">verified
-by
-the
-</ins><a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent"><ins class="diff-chg">
-Verification
-Agent
-</ins></a>.<ins class="diff-chg">
-This
-</ins>
-<em class="rfc2119" title="must">
-must
-</em>
-be
-<del class="diff-old">queried
-for
-information
-about
-</del>
-<ins class="diff-chg">performed
-by
-validating
-</ins>
-the
-<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
-public
-key
-</a>
-<ins class="diff-new">associated
-with
-the
-</ins><a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url"><ins class="diff-new">
-WebID
-URL
-</ins></a>.<ins class="diff-new">
-This
-process
-</ins><em class="rfc2119" title="should"><ins class="diff-new">
-should
-</ins></em><ins class="diff-new">
-occur
-either
-by
-dereferencing
-the
-</ins><a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url"><ins class="diff-new">
-WebID
-URL
-</ins></a><ins class="diff-new">
-and
-extracting
-RDF
-data
-from
-the
-resulting
-document,
-or
-by
-utilizing
-a
-cached
-version
-of
-the
-RDF
-data
-</ins>
-contained
-in
-the
-<del class="diff-old">Identification
-Certificate
-</del>
-<ins class="diff-chg">document
-or
-other
-data
-source
-that
-is
-up-to-date
-and
-trusted
-by
-the
-</ins><a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent"><ins class="diff-chg">
-Verification
-Agent
-</ins></a>.<ins class="diff-chg">
-The
-processing
-and
-extraction
-mechanism
-is
-further
-detailed
-in
-the
-sections
-titled
-</ins><a href="#processing-the-webid-profile"><ins class="diff-chg">
-Processing
-the
-WebID
-Profile
-</ins></a><ins class="diff-chg">
-and
-</ins><a href="#extracting-webid-url-details"><ins class="diff-chg">
-Extracting
-WebID
-URL
-Details
-</ins>
-</a>.
-</li>
-<li>
-If
-the
-<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
-public
-key
-</a>
-in
-the
-<del class="diff-old">certificate
-</del>
-<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">
-<ins class="diff-chg">Identification
-Certificate
-</ins></a>
-is
-found
-in
-the
-list
-of
-<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
-public
-<del class="diff-old">keys
-</del>
-<ins class="diff-chg">key
-</ins></a><ins class="diff-chg">
-s
-</ins>
-associated
-with
-the
-<a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">
-WebID
-URL
-</a>,
-the
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
-Verification
-Agent
-</a>
-<em class="rfc2119" title="must">
-must
-</em>
-assume
-that
-the
-client
-has
-write
-access
-to
-the
-<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">
-WebID
-Profile
-</a>
-and
-therefore
-owns
-the
-document.
-</li>
-<li>
-<del class="diff-old">At
-this
-point,
-</del>
-<ins class="diff-chg">If
-</ins>
-the
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
-Verification
-Agent
-</a>
-has
-verified
-that
-the
-<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">
-WebID
-Profile
-</a>
-is
-owned
-by
-the
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
-Identification
-Agent
-<del class="diff-old">.
-The
-</del>
-</a>,
-<ins class="diff-chg">the
-</ins>
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
-Verification
-Agent
-</a>
-<em class="rfc2119" title="must">
-must
-</em>
-use
-the
-<del class="diff-old">now
-</del>
-verified
-<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
-public
-key
-</a>
-contained
-in
-the
-<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">
-Identification
-Certificate
-</a>
-for
-all
-TLS-based
-communication
-with
-the
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
-Identification
-Agent
-</a>.
-</li>
-</ol>
-<p>
-The
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
-Identification
-Agent
-</a>
-<em class="rfc2119" title="may">
-may
-</em>
-re-establish
-a
-different
-identity
-at
-any
-time
-by
-executing
-all
-of
-the
-steps
-in
-the
-Authentication
-Sequence
-again.
-Additional
-algorithms,
-detailed
-in
-the
-next
-section,
-<em class="rfc2119" title="may">
-may
-</em>
-be
-performed
-to
-determine
-if
-the
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
-Verification
-Agent
-</a>
-can
-access
-a
-particular
-resource
-after
-the
-last
-step
-of
-the
-Authentication
-Sequence
-has
-been
-completed.
-</p>
-</div>
-<div class="normative section" id="authentication-sequence-details" typeof="bibo:Chapter" about="#authentication-sequence-details">
-<h3>
-<span class="secno">
-2.3
-</span>
-Authentication
-Sequence
-Details
-</h3>
-<p>
-This
-section
-covers
-details
-about
-each
-step
-in
-the
-authentication
-process.
-</p>
-<div class="normative section" id="initiating-a-tls-connection" typeof="bibo:Chapter" about="#initiating-a-tls-connection">
-<h4>
-<span class="secno">
-2.3.1
-</span>
-Initiating
-a
-TLS
-Connection
-</h4>
-<p class="issue">
-This
-section
-will
-detail
-how
-the
-TLS
-connection
-process
-is
-started
-and
-used
-by
-WebID
-to
-create
-a
-secure
-channel
-between
-the
-Identification
-Agent
-and
-the
-Verification
-Agent.
-</p>
-</div>
-<div class="normative section" id="exchanging-the-identification-certificate" typeof="bibo:Chapter" about="#exchanging-the-identification-certificate">
-<h4>
-<span class="secno">
-2.3.2
-</span>
-Exchanging
-the
-Identification
-Certificate
-</h4>
-<p class="issue">
-This
-section
-will
-detail
-how
-the
-certificate
-is
-selected
-and
-sent
-to
-the
-Verification
-Agent.
-</p>
-</div>
-<div class="normative section" id="processing-the-webid-profile" typeof="bibo:Chapter" about="#processing-the-webid-profile">
-<h4>
-<span class="secno">
-2.3.3
-</span>
-Processing
-the
-WebID
-Profile
-</h4>
-<p>
-A
-<ins class="diff-new">Verification
-Agent
-</ins><em class="rfc2119" title="must"><ins class="diff-new">
-must
-</ins></em><ins class="diff-new">
-be
-able
-to
-process
-documents
-in
-RDF/XML
-[
-</ins><a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR"><ins class="diff-new">
-RDF-SYNTAX-GRAMMAR
-</ins></a><ins class="diff-new">
-]
-and
-XHTML+RDFa
-[
-</ins><a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA"><ins class="diff-new">
-XHTML-RDFA
-</ins></a><ins class="diff-new">
-].
-A
-</ins>
-server
-responding
-to
-a
-WebID
-Profile
-request
-<em class="rfc2119" title="should">
-<ins class="diff-new">should
-</ins></em><ins class="diff-new">
-support
-HTTP
-content
-negotiation.
-The
-server
-</ins>
-<em class="rfc2119" title="must">
-must
-</em>
-<del class="diff-old">support
-returning
-an
-XHTML+RDFa
-[
-XHTML-RDFA
-]
-document
-with
-either
-</del>
-<ins class="diff-chg">return
-</ins>
-a
-<ins class="diff-new">representation
-in
-RDF/XML
-for
-media
-type
-</ins><code><ins class="diff-new">
-application/rdf+xml
-</ins></code>.<ins class="diff-new">
-The
-server
-</ins><em class="rfc2119" title="must"><ins class="diff-new">
-must
-</ins></em><ins class="diff-new">
-return
-a
-representation
-in
-XHTML+RDFa
-for
-media
-type
-</ins>
-<code>
-text/html
-</code>
-or
-<ins class="diff-new">media
-type
-</ins>
-<code>
-application/xhtml+xml
-<del class="diff-old">MIMEtype.
-A
-server
-</del>
-</code>.
-<a class="tref" title="Verification_Agents">
-<ins class="diff-chg">Verification
-Agents
-</ins></a><ins class="diff-chg">
-and
-</ins><a class="tref" title="Identification_Agents"><ins class="diff-chg">
-Identification
-Agents
-</ins></a>
-<em class="rfc2119" title="may">
-may
-</em>
-support
-<ins class="diff-new">any
-other
-RDF
-format
-via
-</ins>
-HTTP
-content
-<del class="diff-old">negotiation
-and
-return
-a
-document
-that
-conforms
-to
-N3
-[
-N3
-],
-Turtle
-[
-TURTLE
-],
-or
-RDF/XML
-[
-RDF-SYNTAX-GRAMMAR
-].
-</del>
-<ins class="diff-chg">negotiation.
-</ins>
-</p>
-<p class="issue">
-This
-section
-will
-explain
-how
-a
-Verification
-Agent
-extracts
-semantic
-data
-describing
-the
-identification
-credentials
-from
-a
-WebID
-Profile.
-</p>
-</div>
-<div class="normative section" id="extracting-webid-url-details" typeof="bibo:Chapter" about="#extracting-webid-url-details">
-<h4>
-<span class="secno">
-2.3.4
-</span>
-Extracting
-<del class="diff-old">Identification
-</del>
-<ins class="diff-chg">WebID
-</ins>
-URL
-Details
-</h4>
-<p>
-The
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
-Verification
-Agent
-</a>
-may
-use
-a
-number
-of
-different
-methods
-to
-extract
-the
-<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
-public
-key
-</a>
-information
-from
-the
-<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">
-WebID
-Profile
-</a>.
-</p>
-The
-following
-SPARQL
-query
-outlines
-one
-way
-in
-which
-the
-<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
-public
-key
-</a>
-could
-be
-extracted
-from
-the
-<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">
-WebID
-Profile
-</a>:
-<code><pre>
-PREFIX cert: &lt;http://www.w3.org/ns/auth/cert#&gt;
-PREFIX rsa: &lt;http://www.w3.org/ns/auth/rsa#&gt;
-SELECT ?modulus ?exp
-WHERE {
-   ?key cert:identity &lt;http://example.org/webid#public&gt;;
-      a rsa:RSAPublicKey;
-      rsa:modulus [ cert:hex ?modulus; ];
-      rsa:public_exponent [ cert:decimal ?exp ] .
-}
-</pre>
-</code>
-<p class="issue">
-This
-section
-still
-needs
-more
-information.
-</p>
-</div>
-<div class="normative section" id="determining-access-privileges" typeof="bibo:Chapter" about="#determining-access-privileges">
-<h4>
-<span class="secno">
-2.3.5
-</span>
-Determining
-Access
-Privileges
-</h4>
-<p class="issue">
-This
-section
-will
-explain
-how
-a
-Verification
-Agent
-may
-use
-the
-information
-discovered
-via
-a
-WebID
-URL
-to
-determine
-if
-one
-should
-be
-able
-to
-access
-a
-particular
-resource.
-It
-will
-explain
-how
-a
-Verification
-Agent
-can
-use
-links
-to
-other
-RDFa
-documents
-to
-build
-knowledge
-about
-the
-given
-WebID.
-</p>
-</div>
-</div>
-<div id="appendix" typeof="bibo:Chapter" about="#appendix" class="section">
-<div class="informative section" id="history" typeof="bibo:Chapter" about="#history">
-<h4>
-Change
-History
-</h4>
-<p>
-<em>
-This
-section
-is
-non-normative.
-</em>
-</p>
-<p>
-2010-07-11
-Initial
-version.
-</p>
-</div>
-<div class="informative section" id="acknowledgements" typeof="bibo:Chapter" about="#acknowledgements">
-<h4>
-Acknowledgments
-</h4>
-<p>
-<em>
-This
-section
-is
-non-normative.
-</em>
-</p>
-<p>
-The
-following
-people
-have
-been
-instrumental
-in
-providing
-thoughts,
-feedback,
-reviews,
-criticism
-and
-input
-in
-the
-creation
-of
-this
-specification:
-</p>
-<ul>
-<li>
-Melvin
-Carvalho
-</li>
-<li>
-Bruno
-Harbulot
-</li>
-<li>
-Toby
-Inkster
-</li>
-<li>
-Ian
-Jacobi
-</li>
-<li>
-Jeff
-Sayre
-</li>
-<li>
-Henry
-Story
-</li>
-</ul>
-</div>
-</div>
-</div>
-<div id="references" class="appendix section" typeof="bibo:Chapter" about="#references">
-<h2>
-<span class="secno">
-A.
-</span>
-References
-</h2>
-<div id="normative-references" typeof="bibo:Chapter" about="#normative-references" class="section">
-<h3>
-<span class="secno">
-A.1
-</span>
-Normative
-references
-</h3>
-<dl class="bibliography" about="">
-<dt id="bib-HTTP-TLS">
-[HTTP-TLS]
-</dt>
-<dd rel="dcterms:requires">
-E.
-Rescorla.
-<a href="http://www.ietf.org/rfc/rfc2818.txt">
-<cite>
-HTTP
-Over
-TLS.
-</cite>
-</a>
-May
-2000.
-Internet
-RFC
-2818.
-URL:
-<a href="http://www.ietf.org/rfc/rfc2818.txt">
-http://www.ietf.org/rfc/rfc2818.txt
-</a>
-</dd>
-<dt id="bib-N3">
-[N3]
-</dt>
-<dd rel="dcterms:requires">
-Tim
-Berners-Lee;
-Dan
-Connolly.
-<a href="http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/">
-<cite>
-Notation3
-(N3):
-A
-readable
-RDF
-syntax.
-</cite>
-</a>
-14
-January
-2008.
-W3C
-Team
-Submission.
-URL:
-<a href="http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/">
-http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/
-</a>
-</dd>
-<dt id="bib-RDF-PRIMER">
-<ins class="diff-new">[RDF-PRIMER]
-</ins></dt><dd rel="dcterms:requires"><ins class="diff-new">
-Frank
-Manola;
-Eric
-Miller.
-</ins><a href="http://www.w3.org/TR/2004/REC-rdf-primer-20040210/"><cite><ins class="diff-new">
-RDF
-Primer.
-</ins></cite></a><ins class="diff-new">
-10
-February
-2004.
-W3C
-Recommendation.
-URL:
-</ins><a href="http://www.w3.org/TR/2004/REC-rdf-primer-20040210/"><ins class="diff-new">
-http://www.w3.org/TR/2004/REC-rdf-primer-20040210/
-</ins></a></dd>
-<dt id="bib-RDF-SYNTAX-GRAMMAR">
-[RDF-SYNTAX-GRAMMAR]
-</dt>
-<dd rel="dcterms:requires">
-Dave
-Beckett.
-<a href="http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210">
-<cite>
-RDF/XML
-Syntax
-Specification
-(Revised).
-</cite>
-</a>
-10
-February
-2004.
-W3C
-Recommendation.
-URL:
-<a href="http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210">
-http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210
-</a>
-</dd>
-<dt id="bib-RDFA-CORE">
-[RDFA-CORE]
-</dt>
-<dd rel="dcterms:requires">
-Shane
-McCarron;
-et
-al.
-<a href="http://www.w3.org/TR/2010/WD-rdfa-core-20100422">
-<cite>
-RDFa
-Core
-1.1:
-Syntax
-and
-processing
-rules
-for
-embedding
-RDF
-through
-attributes.
-</cite>
-</a>
-22
-April
-2010.
-W3C
-Working
-Draft.
-URL:
-<a href="http://www.w3.org/TR/2010/WD-rdfa-core-20100422">
-http://www.w3.org/TR/2010/WD-rdfa-core-20100422
-</a>
-</dd>
-<dt id="bib-TURTLE">
-[TURTLE]
-</dt>
-<dd rel="dcterms:requires">
-David
-Beckett,
-Tim
-Berners-Lee.
-<a href="http://www.w3.org/TeamSubmission/turtle/">
-Turtle:
-Terse
-RDF
-Triple
-Language
-</a>
-January
-2008.
-W3C
-Team
-Submission.
-URL:
-<a href="http://www.w3.org/TeamSubmission/turtle/">
-http://www.w3.org/TeamSubmission/turtle/
-</a>
-</dd>
-<dt id="bib-X509V3">
-[X509V3]
-</dt>
-<dd rel="dcterms:requires">
-<cite>
-ITU-T
-Recommendation
-X.509
-version
-3
-(1997).
-"Information
-Technology
--
-Open
-Systems
-Interconnection
--
-The
-Directory
-Authentication
-Framework"
-ISO/IEC
-9594-8:1997
-</cite>.
-</dd>
-<dt id="bib-XHTML-RDFA">
-[XHTML-RDFA]
-</dt>
-<dd rel="dcterms:requires">
-Shane
-McCarron;
-et.
-al.
-<a href="http://www.w3.org/TR/2010/WD-xhtml-rdfa-20100422">
-<cite>
-XHTML+RDFa
-1.1.
-</cite>
-</a>
-22
-April
-2010.
-W3C
-Working
-Draft.
-URL:
-<a href="http://www.w3.org/TR/2010/WD-xhtml-rdfa-20100422">
-http://www.w3.org/TR/WD-xhtml-rdfa-20100422
-</a>
-</dd>
-</dl>
-</div>
-<div id="informative-references" typeof="bibo:Chapter" about="#informative-references" class="section">
-<h3>
-<span class="secno">
-A.2
-</span>
-Informative
-references
-</h3>
-<dl class="bibliography" about="">
-<dt id="bib-RDF-CONCEPTS">
-[RDF-CONCEPTS]
-</dt>
-<dd rel="dcterms:references">
-Graham
-Klyne;
-Jeremy
-J.
-Carroll.
-<a href="http://www.w3.org/TR/2004/REC-rdf-concepts-20040210">
-<cite>
-Resource
-Description
-Framework
-(RDF):
-Concepts
-and
-Abstract
-Syntax.
-</cite>
-</a>
-10
-February
-2004.
-W3C
-Recommendation.
-URL:
-<a href="http://www.w3.org/TR/2004/REC-rdf-concepts-20040210">
-http://www.w3.org/TR/2004/REC-rdf-concepts-20040210
-<del class="diff-old">[RDF-PRIMER]
-Frank
-Manola;
-Eric
-Miller.
-RDF
-Primer.
-10
-February
-2004.
-W3C
-Recommendation.
-URL:
-http://www.w3.org/TR/2004/REC-rdf-primer-20040210/
-</del>
-</a>
-</dd>
-</dl>
-</div>
-</div>
-</body>
-</html>
--- a/drafts/ED-webid-20100718/index.html	Tue Jan 25 09:51:23 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,541 +0,0 @@
-<?xml version='1.0' encoding='UTF-8'?>
-<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML+RDFa 1.0//EN' 'http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd'>
-<html dir="ltr" about="" property="dcterms:language" content="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:dcterms='http://purl.org/dc/terms/' xmlns:bibo='http://purl.org/ontology/bibo/' xmlns:foaf='http://xmlns.com/foaf/0.1/' xmlns:xsd='http://www.w3.org/2001/XMLSchema#'>
-<head>
-    <title>WebID 1.0</title>
-    <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
-    
-<!--  
-      === NOTA BENE ===
-      For the three scripts below, if your spec resides on dev.w3 you can check them
-      out in the same tree and use relative links so that they'll work offline,
-      -->
-
-<style type="text/css">
-code           { font-family: monospace; }
-
-span.hilite { color: red; /* font-weight: bold */ }
-
-li p           { margin-top: 0.3em;
-                 margin-bottom: 0.3em; }
-
-div.explanation { background-color: #ADD8E6;
-                   width: 80%;
-                   margin: 12px; padding: 8px; }
-div.explanation li { margin-top: 8px; }
-div.explanation dd { margin: 4px; }
-
-.adef { 
-	font-family: monospace; 
-	font-weight: bold; 
-    color: #ff4500 !important;
-}
-
-.aref { 
-	font-family: monospace; 
-	font-weight: bold; 
-    color: #ff4500 !important;
-}
-
-span.entity { color: red; }
-
-span.element { color: green; }
-</style>
-
-     
-
-<!--     <script src='/ReSpec.js/js/respec.js' class='remove'></script>  -->
-
-    
-  <link href="http://dev.w3.org/2009/dap/ReSpec.js/css/respec.css" rel="stylesheet" type="text/css" charset="utf-8" /><link href="http://www.w3.org/StyleSheets/TR/w3c-unofficial" rel="stylesheet" type="text/css" charset="utf-8" /></head><body style="display: inherit; "><div class="head"><p></p><h1 rel="dcterms:title" class="title" id="title">WebID 1.0</h1><h2 rel="bibo:subtitle" id="subtitle">Web Identification and Discovery</h2><h2 property="dcterms:issued" datatype="xsd:dateTime" content="2010-07-18T14:10:06+0000" id="unofficial-draft-18-july-2010">Unofficial Draft 18 July 2010</h2><dl><dt>Editor:</dt><dd rel="bibo:editor"><span typeof="foaf:Person"><span property="foaf:name">Manu Sporny</span>, <a rel="foaf:workplaceHomepage" href="http://blog.digitalbazaar.com/">Digital Bazaar, Inc.</a> <a rel="foaf:mbox" href="mailto:[email protected]">[email protected]</a> </span>
-</dd>
-<dt>Authors:</dt><dd><span><a content="Toby Inkster" href="http://tobyinkster.co.uk/">Toby Inkster</a></span>
-</dd>
-<dd><span><a content="Henry Story" href="http://bblfish.net/">Henry Story</a></span>
-</dd>
-<dd><span><a content="Bruno Harbulot" href="http://blog.distributedmatter.net/">Bruno Harbulot</a></span>
-</dd>
-<dd><span><a content="Reto Bachmann-Gmür" href="http://www.facebook.com/farewellutopia">Reto Bachmann-Gmür</a></span>
-</dd>
-</dl><p>This document is also available in this non-normative format: <a href="diff-20100711.html">Diff from previous Editors Draft</a>.</p><p class="copyright">This document is licensed under a <a class="subfoot" href="http://creativecommons.org/licenses/by/3.0/" rel="license">Creative Commons Attribution 3.0 License</a>.</p><hr></hr></div>
-    <div id="abstract" class="introductory section" property="dcterms:abstract" datatype="" typeof="bibo:Chapter" about="#abstract"><h2>Abstract</h2>
-
-<p>Social networking, identity and privacy have been at the center of how we 
-interact with the Web in the last decade. The explosion of social networking 
-sites has brought the world closer together as well as created new points of
-pain regarding ease of use and the Web. Remembering login details, passwords,
-and sharing private information across the many websites and social groups
-that we are a part of has become more difficult and complicated than necessary. 
-The Social Web is designed to ensure that control of identity and privacy 
-settings is always simple and under one's control. WebID is a key enabler of the 
-Social Web. This specification outlines a simple universal identification 
-mechanism that is distributed, openly extensible, improves privacy, security 
-and control over how one can identify themselves and control access to their 
-information on the Web.
-</p>
-  
-<div typeof="bibo:Chapter" about="#how-to-read-this-document" class="section">
-<h3 id="how-to-read-this-document">How to Read this Document</h3>
-  
-<p>There are a number of concepts that are covered in this document that the
-reader may want to be aware of before continuing. General knowledge of
-<a href="http://en.wikipedia.org/wiki/Public_key_cryptography">public key cryptography</a> 
-and RDF [<a class="bibref" rel="biblioentry" href="#bib-RDF-PRIMER">RDF-PRIMER</a>] and RDFa [<a class="bibref" rel="biblioentry" href="#bib-RDFA-CORE">RDFA-CORE</a>] is necessary to understand how 
-to implement this specification. WebID uses a number of specific technologies 
-like HTTP over TLS [<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">HTTP-TLS</a>], X.509 certificates [<a class="bibref" rel="biblioentry" href="#bib-X509V3">X509V3</a>], 
-RDF/XML [<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">RDF-SYNTAX-GRAMMAR</a>] and XHTML+RDFa [<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">XHTML-RDFA</a>].</p>
-
-<p>A general <a href="#introduction">Introduction</a> is provided for all that
-would like to understand why this specification is necessary to simplify usage
-of the Web.</p>
-
-<p>The terms used throughout this specification are listed in the section
-titled <a href="#terminology">Terminology</a>.</p>
-
-<p>Developers that are interested in implementing this specification will be
-most interested in the sections titled 
-<a href="#authentication-sequence">Authentication Sequence</a> and 
-<a href="#authentication-sequence-details">Authentication Sequence Details</a>.
-  
-</p></div>
-</div><div id="sotd" class="introductory section" typeof="bibo:Chapter" about="#sotd"><h2>Status of This Document</h2><p>This document is merely a public working draft of a potential specification. It has no official standing of any kind and does not represent the support or consensus of any standards organisation.</p>
-
-<!--  <p>This document has been reviewed by W3C Members, by software
-developers, and by other W3C groups and interested parties, and is
-endorsed by the Director as a W3C Recommendation. It is a stable
-document and may be used as reference material or cited from another
-document. W3C's role in making the Recommendation is to draw attention
-to the specification and to promote its widespread deployment. This
-enhances the functionality and interoperability of the Web.</p>  -->
-
-
-The source code for this document is available via Github at the following
-URL: <a href="http://github.com/msporny/webid-spec">http://github.com/msporny/webid-spec</a>
-
-</div><div id="toc" typeof="bibo:Chapter" about="#toc" class="section"><h2 class="introductory">Table of Contents</h2><ul class="toc"><li class="tocline"><a href="#introduction" class="tocxref"><span class="secno">1. </span>Introduction</a><ul class="toc"><li class="tocline"><a href="#motivation" class="tocxref"><span class="secno">1.1 </span>Motivation</a></li><li class="tocline"><a href="#relation-to-openid" class="tocxref"><span class="secno">1.2 </span>Relation to OpenID</a></li><li class="tocline"><a href="#relation-to-oauth" class="tocxref"><span class="secno">1.3 </span>Relation to OAuth</a></li></ul></li><li class="tocline"><a href="#the-webid-protocol" class="tocxref"><span class="secno">2. </span>The WebID Protocol</a><ul class="toc"><li class="tocline"><a href="#terminology" class="tocxref"><span class="secno">2.1 </span>Terminology</a></li><li class="tocline"><a href="#authentication-sequence" class="tocxref"><span class="secno">2.2 </span>Authentication Sequence</a></li><li class="tocline"><a href="#authentication-sequence-details" class="tocxref"><span class="secno">2.3 </span>Authentication Sequence Details</a><ul class="toc"><li class="tocline"><a href="#initiating-a-tls-connection" class="tocxref"><span class="secno">2.3.1 </span>Initiating a TLS Connection</a></li><li class="tocline"><a href="#exchanging-the-identification-certificate" class="tocxref"><span class="secno">2.3.2 </span>Exchanging the Identification Certificate</a></li><li class="tocline"><a href="#processing-the-webid-profile" class="tocxref"><span class="secno">2.3.3 </span>Processing the WebID Profile</a></li><li class="tocline"><a href="#extracting-webid-url-details" class="tocxref"><span class="secno">2.3.4 </span>Extracting WebID URL Details</a></li><li class="tocline"><a href="#determining-access-privileges" class="tocxref"><span class="secno">2.3.5 </span>Determining Access Privileges</a></li></ul></li></ul></li><li class="tocline"><a href="#references" class="tocxref"><span class="secno">A. </span>References</a><ul class="toc"><li class="tocline"><a href="#normative-references" class="tocxref"><span class="secno">A.1 </span>Normative references</a></li><li class="tocline"><a href="#informative-references" class="tocxref"><span class="secno">A.2 </span>Informative references</a></li></ul></li></ul></div>
-
-
-
-<div class="informative section" id="introduction" typeof="bibo:Chapter" about="#introduction">
-
-<!-- OddPage -->
-<h2><span class="secno">1. </span>Introduction</h2><p><em>This section is non-normative.</em></p>
-
-<p>
-The WebID specification is designed to help alleviate the difficultly that
-remembering different logins, passwords and settings for websites has created. 
-It is also designed to provide a universal and extensible mechanism to express 
-public and private information about yourself. This section outlines the 
-motivation behind the specification and the relationship to other similar 
-specifications that are in active use today.
-</p>
-
-<div class="informative section" id="motivation" typeof="bibo:Chapter" about="#motivation">
-<h3><span class="secno">1.1 </span>Motivation</h3><p><em>This section is non-normative.</em></p>
-
-<p>
-It is a fundamental design criteria of the Web to enable individuals and
-organizations to control how they interact with the rest of society. This
-includes how one expresses their identity, public information and personal 
-details to social networks, Web sites and services.
-</p>
-
-<p>
-Semantic Web vocabularies such as Friend-of-a-Friend (FOAF) permit distributed 
-hyperlinked social networks to exist. This vocabulary, along with other 
-vocabularies, allow one to add information and services protection to 
-distributed social networks.
-</p>
-
-<p>
-One major criticism of open networks is that they seem to have no way of
-protecting the personal information distributed on the web or limiting
-access to resources. Few people are willing to make all their personal
-information public, many would like large pieces to be protected, making
-it available only to a select group of agents. Giving access to
-information is very similar to giving access to services. There are many
-occasions when people would like services to only be accessible to
-members of a group, such as allowing only friends, family members,
-colleagues to post an article, photo or comment on a blog. How does one do
-this in a flexible way, without requiring a central point of
-access control?
-</p>
-
-<p>
-Using an process made popular by OpenID, we show how one can tie a User
-Agent to a URL by proving that one has write access to the URL. WebID is
-a simpler alternative to OpenID (fewer connections), that uses X.509 
-certificates to tie a User Agent (Browser) to a Person identified via a URL. 
-WebID also provides a few additional features to OpenID. These
-features include trust management, via digital signatures, and free-form 
-extensibility via RDFa. By using the existing SSL certificate exchange
-mechanism, WebID integrates more smoothly with existing Web browsers, including
-browsers on mobile devices. WebID also permits automated session login
-in addition to interactive session login. Additionally, all data is encrypted
-and guaranteed to only be received by the person or organization that was 
-intended to receive it.
-</p>
-
-</div>
-
-<div class="informative section" id="relation-to-openid" typeof="bibo:Chapter" about="#relation-to-openid">
-<h3><span class="secno">1.2 </span>Relation to OpenID</h3><p><em>This section is non-normative.</em></p>
-
-<p class="issue">This section needs to be re-written. The flow and grammar
-leaves much to be desired. -- manu</p>
-
-<p>WebID is compatible with OpenID. Both protocols use a URL that dereferences
-to a Personal Profile Document. This Personal Profile Document is where further
-information about an identity can be discovered. This mechanism is compatible
-with both WebID and OpenID. Therefore, WebID does not intend to replace OpenID, 
-but can work beside OpenID by sharing the content in the Personal Profile
-Document.</p>
-
-<p>That said, there are a number of benefits that WebID achieves over OpenID:
-</p>
-
-<p>WebID gives people and other agents a WebID URL for identification. OpenID 
-also provides a URL to a Personal Profile Document. However, in the case of 
-WebID, one does not need to remember the URL since the User Agent remembers
-the URL on behalf of the person browsing. To log in on a WebID web site there 
-is no need to enter any identifier like one has to do for OpenID. Just one click 
-tells the browser to send the WebID URL. The person that is browsing does 
-not need to remember either their WebID URL or the website password. The only 
-password one may need to remember is the one that is used to access their 
-collection of WebIDs in their browser, and that's only if they opt-in to 
-password protect their WebIDs.
-</p>
-
-<p>WebID gives people and other agents a Web ID URL for identification. OpenID
-also provides a URL to a Personal Profile Document. However, in the case of 
-WebID, the user does not need to remember the URL, the browser or User Agent 
-does. A login button on a WebID web site is just a button. No need to enter any 
-identifier like one has to for OpenID. Just click the button. Your browser will 
-then ask you what identity you wish to use. The person that is browsing does 
-not need to remember either the WebID URL or the website password. The only 
-password one needs to remember is the one that is used to access their 
-collection of WebIDs in their browser.</p>
-
-<p>The WebID protocol requires just one direct network connection to establish
-identity via the client. The server requires one connection to the client and
-one connection to retrieve the WebID Profile if it does not have the credential
-information cached. Compare this to the much more complex OpenID sequence, which
-requires six connections by the client to establish a login. In a world of 
-distributed data where each site can point to data on any other site, multiple 
-connections become costly to manage.</p>
-
-<p>WebID builds on a number of well established Internet and Web standards;
-<a href="http://en.wikipedia.org/wiki/REST">REST</a>, 
-RDF [<a class="bibref" rel="biblioentry" href="#bib-RDF-PRIMER">RDF-PRIMER</a>], RDFa [<a class="bibref" rel="biblioentry" href="#bib-RDFA-CORE">RDFA-CORE</a>], RDF/XML [<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">RDF-SYNTAX-GRAMMAR</a>], 
-TLS [<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">HTTP-TLS</a>], and X.509 [<a class="bibref" rel="biblioentry" href="#bib-X509V3">X509V3</a>]. By building on previous standards, 
-it makes both explaining and implementing WebID easier on developers.</p>
-
-<p>Since WebID is RESTful, you can perform basic HTTP operations to 
-<code>GET</code> your WebID, and if you needed update it, you can use
-HTTP <code>PUT</code> semantics. You can also create a WebID via 
-<code>POST</code>. This is improved from the OpenID specification, which
-requires a new set of operations described in the OpenID Attribute Exchange
-specification.</p>
-
-<p>WebID is built on RDF and thus enables all of the advanced semantic web
-concepts that RDF enables. For example, a developer may perform machine
-reasoning with a WebID. One can construct machine-executable statements like
-"If this WebID claims to be a friend of one of our partner WebIDs that is
-trusted and the relationship is bi-directional, trust the WebID." 
-While OpenID attempts to support this use case by mapping OpenID to RDF, it's
-far easier to do with WebID because WebID is natively RDF-aware.</p>
-
-<p>It is easy to extend a WebID with new attributes via RDF. The power of
-RDF allows developers to add extensions to WebID by defining new
-vocabularies that they publish. There is no authorization process necessary
-and thus WebID allows for distributed innovation. Every WebID property is
-a URI, which when clicked, can give you yet more information about what the
-property means. A developer can create new usage classes by extending their
-vocabulary at will. A developer can add relationships to a WebID by simply
-adding more HTML to the developer's page. OpenID does not provide any type of
-distributed innovation akin to RDF.</p>
-
-<p>Implementing WebID is easier than OpenID because all of the basic 
-technologies have been working and integrated into Web browsers for many years. 
-There were already three interoperable implementations of WebID before this 
-specification was written.</p>
-
-<p>WebID is truly decentralized - with WebID you get a web of trust. 
-OpenID only supports the Web of Trust model if you indirectly trust the
-OpenID provider. In other words - OpenID is not truly decentralized. In OpenID
-you must trust OpenID providers. With WebID you only have to trust the people
-and the organizations with which you are communicating. In other words, you
-don't have to ask anyone whether or not you can trust your friends. You can
-query people that you trust directly to see if someone is trustworthy or not.
-There is no need for a central WebID authority.
-</p>
-
-<p>WebID is fully distributed, anyone can setup a WebID by placing a single
-file on a web server of their choosing. There is no need for a special 
-OpenID-like provider service. The only thing anyone that wants a WebID needs
-is a web account where you can post your WebID file, ideally on your own domain 
-name. You can also use a WebID hosting provider, but it's not necessary for
-WebID to work. While it is possible to run an OpenID server, other
-OpenID applications may not trust you and thus you won't be able to fully
-utilize your private OpenID credentials. The reason that there are a few
-large OpenID providers and very few small OpenID providers is because of this
-trust design issue related to OpenID.</p>
-
-<p>WebID does not require HTTP redirects. Redirects are problematic on many
-cell phones, because telecoms heavily rely on proxys, which selectively block
-redirects.</p>
-
-<p>A WebID provider is 100% compatible with an OpenID provider and thus can 
-inter-operate with OpenID-powered networks.</p>
-
-</div>
-
-<div class="informative section" id="relation-to-oauth" typeof="bibo:Chapter" about="#relation-to-oauth">
-<h3><span class="secno">1.3 </span>Relation to OAuth</h3><p><em>This section is non-normative.</em></p>
-
-<p>
-OAuth and WebID are mutually beneficial when used together. WebID can be
-used to provide RSA parameters to the RSA-SHA1 signature method required by
-OAuth 1.0. WebID can also be used to establish the consumer_key and HTTPS 
-connection that will be used to transmit OAuth Tokens in OAuth 2.0.
-</p>
-
-</div>
-</div>
-
-<div class="normative section" id="the-webid-protocol" typeof="bibo:Chapter" about="#the-webid-protocol">
-
-<!-- OddPage -->
-<h2><span class="secno">2. </span>The WebID Protocol</h2>
-
-<div class="normative section" id="terminology" typeof="bibo:Chapter" about="#terminology">
-<h3><span class="secno">2.1 </span>Terminology</h3>
-
-<dl>
-
-<dt><dfn title="Verification_Agent" id="dfn-verification_agent">Verification Agent</dfn></dt>
-<dd>Performs authentication on provided WebID credentials and determines if
-an <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> can have access to a particular 
-resource. A <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> is typically a Web server, but 
-may also be a peer on a peer-to-peer network.</dd>
-
-<dt><dfn title="Identification_Agent" id="dfn-identification_agent">Identification Agent</dfn></dt>
-<dd>Provides identification credentials to a Verification Agent. The
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> is typically also a User Agent.</dd>
-
-<dt><dfn title="Identification_Certificate" id="dfn-identification_certificate">Identification Certificate</dfn></dt>
-<dd>An X.509 [<a class="bibref" rel="biblioentry" href="#bib-X509V3">X509V3</a>] Certificate that <em class="rfc2119" title="must">must</em> contain a 
-<code>Subject Alternative Name</code> extension with a URI entry. The URI
-<em class="rfc2119" title="should">should</em> be a URL, and <em class="rfc2119" title="should not">should not</em> be a URN. The URL
-identifies the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>. The URL <em class="rfc2119" title="must">must</em> be 
-dereference-able and result in a document containing RDF data. For example, 
-the certificate would contain <code>http://example.org/webid#public</code>,
-known as a <a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a>, as the <code>Subject Alternative Name</code>:
-<code><pre>
-X509v3 extensions:
-   ...
-   X509v3 Subject Alternative Name:
-      URI:http://example.org/webid#public
-</pre></code>
-
-</dd><dt><dfn title="WebID_URL" id="dfn-webid_url">WebID URL</dfn></dt>
-<dd>A URL specified via the <code>Subject Alternative Name</code> extension 
-of the <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> that identifies an 
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>.</dd>
-
-<dt><dfn title="public_key" id="dfn-public_key">public key</dfn></dt>
-<dd>A widely distributed crytographic key that can be used to verify 
-digital signatures and encrypt data between a sender and a receiver. A public
-key is always included in an <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a></dd>
-
-<dt><dfn title="WebID_Profile" id="dfn-webid_profile">WebID Profile</dfn></dt>
-<dd>
-A structured document that contains identification credentials for the 
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> expressed using the Resource Description
-Framework [<a class="bibref" rel="biblioentry" href="#bib-RDF-CONCEPTS">RDF-CONCEPTS</a>]. Either the XHTML+RDFa 1.1 [<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">XHTML-RDFA</a>] 
-serialization format or the RDF/XML [<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">RDF-SYNTAX-GRAMMAR</a>] serialization
-format <em class="rfc2119" title="must">must</em> be supported by the mechanism, e.g. a Web Service, providing the
-WebID Profile document. Alternate RDF serialization
-formats, such as N3 [<a class="bibref" rel="biblioentry" href="#bib-N3">N3</a>] or Turtle [<a class="bibref" rel="biblioentry" href="#bib-TURTLE">TURTLE</a>], <em class="rfc2119" title="may">may</em> be supported by the 
-mechanism providing the WebID Profile document.
-</dd>
-
-</dl>
-
-<p class="issue">Whether or not RDF/XML, XHTML+RDFa 1.1, both or neither
-serialization of RDF should be required serialization formats in the 
-specification is currently under heavy debate.</p>
-
-</div>
-
-<div class="normative section" id="authentication-sequence" typeof="bibo:Chapter" about="#authentication-sequence">
-<h3><span class="secno">2.2 </span>Authentication Sequence</h3>
-
-<p>The following steps are executed by Verification Agents and Identification
-Agents to determine if access should be granted to a particular resource.
-</p>
-
-<ol>
-<li>The <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> attempts to access a resource
-using HTTP over TLS [<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">HTTP-TLS</a>] via the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>.</li>
-
-<li>The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="must">must</em> request the 
-<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> of the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>
-as a part of the TLS client-cerificate retrieval protocol.</li>
-
-<li>The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="must">must</em> extract the <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> and the
-<a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a> contained in the <code>Subject Alternative Name</code> 
-extension of the <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a>.</li>
-
-<li>The <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> information associated with the <a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a> <em class="rfc2119" title="must">must</em> 
-be verified by the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>. This <em class="rfc2119" title="must">must</em> be performed
-by validating the <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> associated with the <a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a>. This 
-process <em class="rfc2119" title="should">should</em> occur either by dereferencing the <a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a> and 
-extracting RDF data from the resulting document, or by utilizing a cached 
-version of the RDF data contained in the document or other data source that is 
-up-to-date and trusted by the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>. The processing
-and extraction mechanism is further detailed in the sections titled 
-<a href="#processing-the-webid-profile">Processing the WebID Profile</a> and
-<a href="#extracting-webid-url-details">Extracting WebID URL Details</a>.
-</li>
-
-<li>If the <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> in the <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> is found 
-in the list of <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a>s associated with the <a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a>, the 
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="must">must</em> assume that the client has write access to 
-the <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a> and therefore owns the document.</li>
-
-<li>If the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> has verified that the
-<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a> is owned by the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>, the
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="must">must</em> use the verified <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> contained 
-in the <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> for all TLS-based communication
-with the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>.
-</li></ol>
-
-<p>
-The <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> <em class="rfc2119" title="may">may</em> re-establish a different identity at 
-any time by executing all of the steps in the Authentication Sequence again. 
-Additional algorithms, detailed in the next section, <em class="rfc2119" title="may">may</em> be performed to 
-determine if the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> can access a particular 
-resource after the last step of the Authentication Sequence has been
-completed.
-</p>
-
-</div>
-
-<div class="normative section" id="authentication-sequence-details" typeof="bibo:Chapter" about="#authentication-sequence-details">
-<h3><span class="secno">2.3 </span>Authentication Sequence Details</h3>
-
-<p>This section covers details about each step in the authentication process.
-</p>
-
-<div class="normative section" id="initiating-a-tls-connection" typeof="bibo:Chapter" about="#initiating-a-tls-connection">
-<h4><span class="secno">2.3.1 </span>Initiating a TLS Connection</h4>
-
-<p class="issue">This section will detail how the TLS connection process is
-started and used by WebID to create a secure channel between the 
-Identification Agent and the Verification Agent.</p>
-</div>
-
-<div class="normative section" id="exchanging-the-identification-certificate" typeof="bibo:Chapter" about="#exchanging-the-identification-certificate">
-<h4><span class="secno">2.3.2 </span>Exchanging the Identification Certificate</h4>
-
-<p class="issue">This section will detail how the certificate is selected and
-sent to the Verification Agent.</p>
-</div>
-
-<div class="normative section" id="processing-the-webid-profile" typeof="bibo:Chapter" about="#processing-the-webid-profile">
-<h4><span class="secno">2.3.3 </span>Processing the WebID Profile</h4>
-
-<p>A Verification Agent <em class="rfc2119" title="must">must</em> be able to process documents in RDF/XML 
-[<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">RDF-SYNTAX-GRAMMAR</a>] and XHTML+RDFa [<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">XHTML-RDFA</a>]. A server responding to 
-a WebID Profile request <em class="rfc2119" title="should">should</em> support HTTP content negotiation. The server
-<em class="rfc2119" title="must">must</em> return a representation in RDF/XML for media type
-<code>application/rdf+xml</code>.
-The server <em class="rfc2119" title="must">must</em> return a representation in XHTML+RDFa for media type
-<code>text/html</code> or media type 
-<code>application/xhtml+xml</code>. <a class="tref" title="Verification_Agents">Verification Agents</a> and 
-<a class="tref" title="Identification_Agents">Identification Agents</a> <em class="rfc2119" title="may">may</em> support any other RDF format via 
-HTTP content negotiation.
-</p> 
-
-<p class="issue">This section will explain how a Verification Agent extracts 
-semantic data describing the identification credentials from a WebID Profile.</p>
-</div>
-
-<div class="normative section" id="extracting-webid-url-details" typeof="bibo:Chapter" about="#extracting-webid-url-details">
-<h4><span class="secno">2.3.4 </span>Extracting WebID URL Details</h4>
-
-<p>
-The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> may use a number of different methods to
-extract the <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> information from the <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a>.
-</p>
-The following SPARQL query outlines one way in which the <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a>
-could be extracted from the <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a>:
-<code><pre>
-PREFIX cert: &lt;http://www.w3.org/ns/auth/cert#&gt;
-PREFIX rsa: &lt;http://www.w3.org/ns/auth/rsa#&gt;
-SELECT ?modulus ?exp
-WHERE {
-   ?key cert:identity &lt;http://example.org/webid#public&gt;;
-      a rsa:RSAPublicKey;
-      rsa:modulus [ cert:hex ?modulus; ];
-      rsa:public_exponent [ cert:decimal ?exp ] .
-}
-</pre></code>
-
-<p class="issue">This section still needs more information.</p>
-
-</div>
-
-<div class="normative section" id="determining-access-privileges" typeof="bibo:Chapter" about="#determining-access-privileges">
-<h4><span class="secno">2.3.5 </span>Determining Access Privileges</h4>
-
-<p class="issue">This section will explain how a Verification Agent may
-use the information discovered via a WebID URL to determine if one should
-be able to access a particular resource. It will explain how a Verification
-Agent can use links to other RDFa documents to build knowledge about the
-given WebID.</p>
-
-</div>
-
-</div>
-
-<div id="appendix" typeof="bibo:Chapter" about="#appendix" class="section">
-
-<div class="informative section" id="history" typeof="bibo:Chapter" about="#history">
-<h4>Change History</h4><p><em>This section is non-normative.</em></p>
-<p>2010-07-11 Initial version.</p>
-</div>
-
-<div class="informative section" id="acknowledgements" typeof="bibo:Chapter" about="#acknowledgements">
-<h4>Acknowledgments</h4><p><em>This section is non-normative.</em></p>
-
-<p>The following people have been instrumental in providing thoughts, feedback,
-reviews, criticism and input in the creation of this specification:</p>
-
-<ul>
-<li>Melvin Carvalho</li>
-<li>Bruno Harbulot</li>
-<li>Toby Inkster</li>
-<li>Ian Jacobi</li>
-<li>Jeff Sayre</li>
-<li>Henry Story</li>
-</ul>
-
-</div>
-</div>
-  
-
-
-</div><div id="references" class="appendix section" typeof="bibo:Chapter" about="#references">
-<!-- OddPage -->
-<h2><span class="secno">A. </span>References</h2><div id="normative-references" typeof="bibo:Chapter" about="#normative-references" class="section"><h3><span class="secno">A.1 </span>Normative references</h3><dl class="bibliography" about=""><dt id="bib-HTTP-TLS">[HTTP-TLS]</dt><dd rel="dcterms:requires">E. Rescorla. <a href="http://www.ietf.org/rfc/rfc2818.txt"><cite>HTTP Over TLS.</cite></a> May 2000. Internet RFC 2818. URL: <a href="http://www.ietf.org/rfc/rfc2818.txt">http://www.ietf.org/rfc/rfc2818.txt</a> 
-</dd><dt id="bib-N3">[N3]</dt><dd rel="dcterms:requires">Tim Berners-Lee; Dan Connolly. <a href="http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/"><cite>Notation3 (N3): A readable RDF syntax.</cite></a> 14 January 2008. W3C Team Submission. URL: <a href="http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/">http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/</a> 
-</dd><dt id="bib-RDF-PRIMER">[RDF-PRIMER]</dt><dd rel="dcterms:requires">Frank Manola; Eric Miller. <a href="http://www.w3.org/TR/2004/REC-rdf-primer-20040210/"><cite>RDF Primer.</cite></a> 10 February 2004. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2004/REC-rdf-primer-20040210/">http://www.w3.org/TR/2004/REC-rdf-primer-20040210/</a> 
-</dd><dt id="bib-RDF-SYNTAX-GRAMMAR">[RDF-SYNTAX-GRAMMAR]</dt><dd rel="dcterms:requires">Dave Beckett. <a href="http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210"><cite>RDF/XML Syntax Specification (Revised).</cite></a> 10 February 2004. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210">http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210</a> 
-</dd><dt id="bib-RDFA-CORE">[RDFA-CORE]</dt><dd rel="dcterms:requires">Shane McCarron; et al. <a href="http://www.w3.org/TR/2010/WD-rdfa-core-20100422"><cite>RDFa Core 1.1: Syntax and processing rules for embedding RDF through attributes.</cite></a>22 April 2010. W3C Working Draft. URL: <a href="http://www.w3.org/TR/2010/WD-rdfa-core-20100422">http://www.w3.org/TR/2010/WD-rdfa-core-20100422</a> 
-</dd><dt id="bib-TURTLE">[TURTLE]</dt><dd rel="dcterms:requires">David Beckett, Tim Berners-Lee. <a href="http://www.w3.org/TeamSubmission/turtle/">Turtle: Terse RDF Triple Language</a> January 2008. W3C Team Submission. URL: <a href="http://www.w3.org/TeamSubmission/turtle/">http://www.w3.org/TeamSubmission/turtle/</a> 
-</dd><dt id="bib-X509V3">[X509V3]</dt><dd rel="dcterms:requires"><cite>ITU-T Recommendation X.509 version 3 (1997). "Information Technology - Open Systems Interconnection - The Directory Authentication Framework"  ISO/IEC 9594-8:1997</cite>.
-</dd><dt id="bib-XHTML-RDFA">[XHTML-RDFA]</dt><dd rel="dcterms:requires">Shane McCarron; et. al. <a href="http://www.w3.org/TR/2010/WD-xhtml-rdfa-20100422"><cite>XHTML+RDFa 1.1.</cite></a> 22 April 2010. W3C Working Draft. URL: <a href="http://www.w3.org/TR/2010/WD-xhtml-rdfa-20100422">http://www.w3.org/TR/WD-xhtml-rdfa-20100422</a> 
-</dd></dl></div><div id="informative-references" typeof="bibo:Chapter" about="#informative-references" class="section"><h3><span class="secno">A.2 </span>Informative references</h3><dl class="bibliography" about=""><dt id="bib-RDF-CONCEPTS">[RDF-CONCEPTS]</dt><dd rel="dcterms:references">Graham Klyne; Jeremy J. Carroll. <a href="http://www.w3.org/TR/2004/REC-rdf-concepts-20040210"><cite>Resource Description Framework (RDF): Concepts and Abstract Syntax.</cite></a> 10 February 2004. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2004/REC-rdf-concepts-20040210">http://www.w3.org/TR/2004/REC-rdf-concepts-20040210</a> 
-</dd></dl></div></div></body></html>
--- a/drafts/ED-webid-20100725/diff-20100718.html	Tue Jan 25 09:51:23 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,4531 +0,0 @@
-<?xml version='1.0' encoding='UTF-8'?>
-<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML+RDFa 1.0//EN' 'http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd'>
-<html dir="ltr" about="" property="dcterms:language" content="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:dcterms='http://purl.org/dc/terms/' xmlns:bibo='http://purl.org/ontology/bibo/' xmlns:foaf='http://xmlns.com/foaf/0.1/' xmlns:xsd='http://www.w3.org/2001/XMLSchema#'>
-<head>
-    <title>WebID 1.0</title>
-    <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
-    
-<!--  
-      === NOTA BENE ===
-      For the three scripts below, if your spec resides on dev.w3 you can check them
-      out in the same tree and use relative links so that they'll work offline,
-      -->
-
-<style type="text/css">
-code           { font-family: monospace; }
-
-span.hilite { color: red; /* font-weight: bold */ }
-
-li p           { margin-top: 0.3em;
-                 margin-bottom: 0.3em; }
-
-div.explanation { background-color: #ADD8E6;
-                   width: 80%;
-                   margin: 12px; padding: 8px; }
-div.explanation li { margin-top: 8px; }
-div.explanation dd { margin: 4px; }
-
-.adef { 
-	font-family: monospace; 
-	font-weight: bold; 
-    color: #ff4500 !important;
-}
-
-.aref { 
-	font-family: monospace; 
-	font-weight: bold; 
-    color: #ff4500 !important;
-}
-
-span.entity { color: red; }
-
-span.element { color: green; }
-</style>
-
-     
-
-<!--     <script src='/ReSpec.js/js/respec.js' class='remove'></script>  -->
-
-    
-  <link href="http://dev.w3.org/2009/dap/ReSpec.js/css/respec.css" rel="stylesheet" type="text/css" charset="utf-8" /><link href="http://www.w3.org/StyleSheets/TR/w3c-unofficial" rel="stylesheet" type="text/css" charset="utf-8" /><style type='text/css'>
-.diff-old-a {
-  font-size: smaller;
-  color: red;
-}
-
-.diff-new { background-color: yellow; }
-.diff-chg { background-color: lime; }
-.diff-new:before,
-.diff-new:after
-    { content: "\2191" }
-.diff-chg:before, .diff-chg:after
-    { content: "\2195" }
-.diff-old { text-decoration: line-through; background-color: #FBB; }
-.diff-old:before,
-.diff-old:after
-    { content: "\2193" }
-:focus { border: thin red solid}
-</style>
-</head>
-<body style="display: inherit; ">
-<div class="head">
-<p>
-</p>
-<h1 rel="dcterms:title" class="title" id="title">
-WebID
-1.0
-</h1>
-<h2 rel="bibo:subtitle" id="subtitle">
-Web
-Identification
-and
-Discovery
-</h2>
-<h2 property="dcterms:issued" datatype="xsd:dateTime" content="2010-07-25T22:59:59+0000" id="unofficial-draft-25-july-2010">
-Unofficial
-Draft
-<del class="diff-old">18
-</del>
-<ins class="diff-chg">25
-</ins>
-July
-2010
-</h2>
-<dl>
-<dt>
-Editor:
-</dt>
-<dd rel="bibo:editor">
-<span typeof="foaf:Person">
-<span property="foaf:name">
-Manu
-Sporny
-</span>,
-<a rel="foaf:workplaceHomepage" href="http://blog.digitalbazaar.com/">
-Digital
-Bazaar,
-Inc.
-</a>
-<a rel="foaf:mbox" href="mailto:[email protected]">
[email protected]com
-</a>
-</span>
-</dd>
-<dt>
-Authors:
-</dt>
-<dd>
-<span>
-<a content="Toby Inkster" href="http://tobyinkster.co.uk/">
-Toby
-Inkster
-</a>
-</span>
-</dd>
-<dd>
-<span>
-<a content="Henry Story" href="http://bblfish.net/">
-Henry
-Story
-</a>
-</span>
-</dd>
-<dd>
-<span>
-<a content="Bruno Harbulot" href="http://blog.distributedmatter.net/">
-Bruno
-Harbulot
-</a>
-</span>
-</dd>
-<dd>
-<span>
-<a content="Reto Bachmann-Gmür" href="http://www.facebook.com/farewellutopia">
-Reto
-Bachmann-Gmür
-</a>
-</span>
-</dd>
-</dl>
-<p>
-This
-document
-is
-also
-available
-in
-this
-non-normative
-format:
-<a href="diff-20100711.html">
-Diff
-from
-previous
-Editors
-Draft
-</a>.
-</p>
-<p class="copyright">
-This
-document
-is
-licensed
-under
-a
-<a class="subfoot" href="http://creativecommons.org/licenses/by/3.0/" rel="license">
-Creative
-Commons
-Attribution
-3.0
-License
-</a>.
-</p>
-<hr>
-</hr>
-</div>
-<div id="abstract" class="introductory section" property="dcterms:abstract" datatype="" typeof="bibo:Chapter" about="#abstract">
-<h2>
-Abstract
-</h2>
-<p>
-Social
-networking,
-identity
-and
-privacy
-have
-been
-at
-the
-center
-of
-how
-we
-interact
-with
-the
-Web
-in
-the
-last
-decade.
-The
-explosion
-of
-social
-networking
-sites
-has
-brought
-the
-world
-closer
-together
-as
-well
-as
-created
-new
-points
-of
-pain
-regarding
-ease
-of
-use
-and
-the
-Web.
-Remembering
-login
-details,
-passwords,
-and
-sharing
-private
-information
-across
-the
-many
-websites
-and
-social
-groups
-that
-we
-are
-a
-part
-of
-has
-become
-more
-difficult
-and
-complicated
-than
-necessary.
-The
-Social
-Web
-is
-designed
-to
-ensure
-that
-control
-of
-identity
-and
-privacy
-settings
-is
-always
-simple
-and
-under
-one's
-control.
-WebID
-is
-a
-key
-enabler
-of
-the
-Social
-Web.
-This
-specification
-outlines
-a
-simple
-universal
-identification
-mechanism
-that
-is
-distributed,
-openly
-extensible,
-improves
-privacy,
-security
-and
-control
-over
-how
-one
-can
-identify
-themselves
-and
-control
-access
-to
-their
-information
-on
-the
-Web.
-</p>
-<div typeof="bibo:Chapter" about="#how-to-read-this-document" class="section">
-<h3 id="how-to-read-this-document">
-How
-to
-Read
-this
-Document
-</h3>
-<p>
-There
-are
-a
-number
-of
-concepts
-that
-are
-covered
-in
-this
-document
-that
-the
-reader
-may
-want
-to
-be
-aware
-of
-before
-continuing.
-General
-knowledge
-of
-<a href="http://en.wikipedia.org/wiki/Public_key_cryptography">
-public
-key
-cryptography
-</a>
-and
-RDF
-[
-<a class="bibref" rel="biblioentry" href="#bib-RDF-PRIMER">
-RDF-PRIMER
-</a>
-]
-and
-RDFa
-[
-<a class="bibref" rel="biblioentry" href="#bib-RDFA-CORE">
-RDFA-CORE
-</a>
-]
-is
-necessary
-to
-understand
-how
-to
-implement
-this
-specification.
-WebID
-uses
-a
-number
-of
-specific
-technologies
-like
-HTTP
-over
-TLS
-[
-<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">
-HTTP-TLS
-</a>
-],
-X.509
-certificates
-[
-<a class="bibref" rel="biblioentry" href="#bib-X509V3">
-X509V3
-</a>
-],
-RDF/XML
-[
-<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">
-RDF-SYNTAX-GRAMMAR
-</a>
-]
-and
-XHTML+RDFa
-[
-<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">
-XHTML-RDFA
-</a>
-].
-</p>
-<p>
-A
-general
-<a href="#introduction">
-Introduction
-</a>
-is
-provided
-for
-all
-that
-would
-like
-to
-understand
-why
-this
-specification
-is
-necessary
-to
-simplify
-usage
-of
-the
-Web.
-</p>
-<p>
-The
-terms
-used
-throughout
-this
-specification
-are
-listed
-in
-the
-section
-titled
-<a href="#terminology">
-Terminology
-</a>.
-</p>
-<p>
-Developers
-that
-are
-interested
-in
-implementing
-this
-specification
-will
-be
-most
-interested
-in
-the
-sections
-titled
-<a href="#authentication-sequence">
-Authentication
-Sequence
-</a>
-and
-<a href="#authentication-sequence-details">
-Authentication
-Sequence
-Details
-</a>.
-</p>
-</div>
-</div>
-<div id="sotd" class="introductory section" typeof="bibo:Chapter" about="#sotd">
-<h2>
-Status
-of
-This
-Document
-</h2>
-<p>
-This
-document
-is
-merely
-a
-public
-working
-draft
-of
-a
-potential
-specification.
-It
-has
-no
-official
-standing
-of
-any
-kind
-and
-does
-not
-represent
-the
-support
-or
-consensus
-of
-any
-standards
-organisation.
-</p>
-The
-source
-code
-for
-this
-document
-is
-available
-via
-Github
-at
-the
-following
-URL:
-<a href="http://github.com/msporny/webid-spec">
-http://github.com/msporny/webid-spec
-</a>
-</div>
-<div id="toc" typeof="bibo:Chapter" about="#toc" class="section">
-<h2 class="introductory">
-Table
-of
-Contents
-</h2>
-<ul class="toc">
-<li class="tocline">
-<a href="#introduction" class="tocxref">
-<span class="secno">
-1.
-</span>
-Introduction
-</a>
-<ul class="toc">
-<li class="tocline">
-<a href="#motivation" class="tocxref">
-<span class="secno">
-1.1
-</span>
-Motivation
-</a>
-</li>
-<li class="tocline">
-<a href="#relation-to-openid" class="tocxref">
-<span class="secno">
-1.2
-</span>
-Relation
-to
-OpenID
-</a>
-</li>
-<li class="tocline">
-<a href="#relation-to-oauth" class="tocxref">
-<span class="secno">
-1.3
-</span>
-Relation
-to
-OAuth
-</a>
-</li>
-</ul>
-</li>
-<li class="tocline">
-<a href="#the-webid-protocol" class="tocxref">
-<span class="secno">
-2.
-</span>
-The
-WebID
-Protocol
-</a>
-<ul class="toc">
-<li class="tocline">
-<a href="#terminology" class="tocxref">
-<span class="secno">
-2.1
-</span>
-Terminology
-</a>
-</li>
-<li class="tocline">
-<a href="#authentication-sequence" class="tocxref">
-<span class="secno">
-2.2
-</span>
-Authentication
-Sequence
-</a>
-</li>
-<li class="tocline">
-<a href="#authentication-sequence-details" class="tocxref">
-<span class="secno">
-2.3
-</span>
-Authentication
-Sequence
-Details
-</a>
-<ul class="toc">
-<li class="tocline">
-<a href="#initiating-a-tls-connection" class="tocxref">
-<span class="secno">
-2.3.1
-</span>
-Initiating
-a
-TLS
-Connection
-</a>
-</li>
-<li class="tocline">
-<a href="#exchanging-the-identification-certificate" class="tocxref">
-<span class="secno">
-2.3.2
-</span>
-Exchanging
-the
-Identification
-Certificate
-</a>
-</li>
-<li class="tocline">
-<a href="#processing-the-webid-profile" class="tocxref">
-<span class="secno">
-2.3.3
-</span>
-Processing
-the
-WebID
-Profile
-</a>
-</li>
-<li class="tocline">
-<a href="#extracting-webid-url-details" class="tocxref">
-<span class="secno">
-2.3.4
-</span>
-Extracting
-WebID
-URL
-Details
-</a>
-</li>
-<li class="tocline">
-<a href="#authorization" class="tocxref">
-<span class="secno">
-2.3.5
-</span>
-<del class="diff-old">Determining
-Access
-Privileges
-</del>
-<ins class="diff-chg">Authorization
-</ins></a></li><li class="tocline"><a href="#secure-communication" class="tocxref"><span class="secno"><ins class="diff-chg">
-2.3.6
-</ins></span><ins class="diff-chg">
-Secure
-Communication
-</ins></a></li></ul></li><li class="tocline"><a href="#the-webid-profile" class="tocxref"><span class="secno"><ins class="diff-chg">
-2.4
-</ins></span><ins class="diff-chg">
-The
-WebID
-Profile
-</ins></a><ul class="toc"><li class="tocline"><a href="#personal-information" class="tocxref"><span class="secno"><ins class="diff-chg">
-2.4.1
-</ins></span><ins class="diff-chg">
-Personal
-Information
-</ins></a></li><li class="tocline"><a href="#cryptographic-details" class="tocxref"><span class="secno"><ins class="diff-chg">
-2.4.2
-</ins></span><ins class="diff-chg">
-Cryptographic
-Details
-</ins>
-</a>
-</li>
-</ul>
-</li>
-</ul>
-</li>
-<li class="tocline">
-<a href="#references" class="tocxref">
-<span class="secno">
-A.
-</span>
-References
-</a>
-<ul class="toc">
-<li class="tocline">
-<a href="#normative-references" class="tocxref">
-<span class="secno">
-A.1
-</span>
-Normative
-references
-</a>
-</li>
-<li class="tocline">
-<a href="#informative-references" class="tocxref">
-<span class="secno">
-A.2
-</span>
-Informative
-references
-</a>
-</li>
-</ul>
-</li>
-</ul>
-</div>
-<div class="informative section" id="introduction" typeof="bibo:Chapter" about="#introduction">
-<h2>
-<span class="secno">
-1.
-</span>
-Introduction
-</h2>
-<p>
-<em>
-This
-section
-is
-non-normative.
-</em>
-</p>
-<p>
-The
-WebID
-specification
-is
-designed
-to
-help
-alleviate
-the
-difficultly
-that
-remembering
-different
-logins,
-passwords
-and
-settings
-for
-websites
-has
-created.
-It
-is
-also
-designed
-to
-provide
-a
-universal
-and
-extensible
-mechanism
-to
-express
-public
-and
-private
-information
-about
-yourself.
-This
-section
-outlines
-the
-motivation
-behind
-the
-specification
-and
-the
-relationship
-to
-other
-similar
-specifications
-that
-are
-in
-active
-use
-today.
-</p>
-<div class="informative section" id="motivation" typeof="bibo:Chapter" about="#motivation">
-<h3>
-<span class="secno">
-1.1
-</span>
-Motivation
-</h3>
-<p>
-<em>
-This
-section
-is
-non-normative.
-</em>
-</p>
-<p>
-It
-is
-a
-fundamental
-design
-criteria
-of
-the
-Web
-to
-enable
-individuals
-and
-organizations
-to
-control
-how
-they
-interact
-with
-the
-rest
-of
-society.
-This
-includes
-how
-one
-expresses
-their
-identity,
-public
-information
-and
-personal
-details
-to
-social
-networks,
-Web
-sites
-and
-services.
-</p>
-<p>
-Semantic
-Web
-vocabularies
-such
-as
-Friend-of-a-Friend
-(FOAF)
-permit
-distributed
-hyperlinked
-social
-networks
-to
-exist.
-This
-vocabulary,
-along
-with
-other
-vocabularies,
-allow
-one
-to
-add
-information
-and
-services
-protection
-to
-distributed
-social
-networks.
-</p>
-<p>
-One
-major
-criticism
-of
-open
-networks
-is
-that
-they
-seem
-to
-have
-no
-way
-of
-protecting
-the
-personal
-information
-distributed
-on
-the
-web
-or
-limiting
-access
-to
-resources.
-Few
-people
-are
-willing
-to
-make
-all
-their
-personal
-information
-public,
-many
-would
-like
-large
-pieces
-to
-be
-protected,
-making
-it
-available
-only
-to
-a
-select
-group
-of
-agents.
-Giving
-access
-to
-information
-is
-very
-similar
-to
-giving
-access
-to
-services.
-There
-are
-many
-occasions
-when
-people
-would
-like
-services
-to
-only
-be
-accessible
-to
-members
-of
-a
-group,
-such
-as
-allowing
-only
-friends,
-family
-members,
-colleagues
-to
-post
-an
-article,
-photo
-or
-comment
-on
-a
-blog.
-How
-does
-one
-do
-this
-in
-a
-flexible
-way,
-without
-requiring
-a
-central
-point
-of
-access
-control?
-</p>
-<p>
-Using
-an
-process
-made
-popular
-by
-OpenID,
-we
-show
-how
-one
-can
-tie
-a
-User
-Agent
-to
-a
-URL
-by
-proving
-that
-one
-has
-write
-access
-to
-the
-URL.
-WebID
-is
-a
-simpler
-alternative
-to
-OpenID
-(fewer
-connections),
-that
-uses
-X.509
-certificates
-to
-tie
-a
-User
-Agent
-(Browser)
-to
-a
-Person
-identified
-via
-a
-URL.
-WebID
-also
-provides
-a
-few
-additional
-features
-to
-OpenID.
-These
-features
-include
-trust
-management,
-via
-digital
-signatures,
-and
-free-form
-extensibility
-via
-RDFa.
-By
-using
-the
-existing
-SSL
-certificate
-exchange
-mechanism,
-WebID
-integrates
-more
-smoothly
-with
-existing
-Web
-browsers,
-including
-browsers
-on
-mobile
-devices.
-WebID
-also
-permits
-automated
-session
-login
-in
-addition
-to
-interactive
-session
-login.
-Additionally,
-all
-data
-is
-encrypted
-and
-guaranteed
-to
-only
-be
-received
-by
-the
-person
-or
-organization
-that
-was
-intended
-to
-receive
-it.
-</p>
-</div>
-<div class="informative section" id="relation-to-openid" typeof="bibo:Chapter" about="#relation-to-openid">
-<h3>
-<span class="secno">
-1.2
-</span>
-Relation
-to
-OpenID
-</h3>
-<p>
-<em>
-This
-section
-is
-non-normative.
-</em>
-</p>
-<p class="issue">
-This
-section
-needs
-to
-be
-re-written.
-The
-flow
-and
-grammar
-leaves
-much
-to
-be
-desired.
---
-manu
-</p>
-<p>
-WebID
-is
-compatible
-with
-OpenID.
-Both
-protocols
-use
-a
-URL
-that
-dereferences
-to
-a
-Personal
-Profile
-Document.
-This
-Personal
-Profile
-Document
-is
-where
-further
-information
-about
-an
-identity
-can
-be
-discovered.
-This
-mechanism
-is
-compatible
-with
-both
-WebID
-and
-OpenID.
-Therefore,
-WebID
-does
-not
-intend
-to
-replace
-OpenID,
-but
-can
-work
-beside
-OpenID
-by
-sharing
-the
-content
-in
-the
-Personal
-Profile
-Document.
-</p>
-<p>
-That
-said,
-there
-are
-a
-number
-of
-benefits
-that
-WebID
-achieves
-over
-OpenID:
-</p>
-<p>
-WebID
-gives
-people
-and
-other
-agents
-a
-WebID
-URL
-for
-identification.
-OpenID
-also
-provides
-a
-URL
-to
-a
-Personal
-Profile
-Document.
-However,
-in
-the
-case
-of
-WebID,
-one
-does
-not
-need
-to
-remember
-the
-URL
-since
-the
-User
-Agent
-remembers
-the
-URL
-on
-behalf
-of
-the
-person
-browsing.
-To
-log
-in
-on
-a
-WebID
-web
-site
-there
-is
-no
-need
-to
-enter
-any
-identifier
-like
-one
-has
-to
-do
-for
-OpenID.
-Just
-one
-click
-tells
-the
-browser
-to
-send
-the
-WebID
-URL.
-The
-person
-that
-is
-browsing
-does
-not
-need
-to
-remember
-either
-their
-WebID
-URL
-or
-the
-website
-password.
-The
-only
-password
-one
-may
-need
-to
-remember
-is
-the
-one
-that
-is
-used
-to
-access
-their
-collection
-of
-WebIDs
-in
-their
-browser,
-and
-that's
-only
-if
-they
-opt-in
-to
-password
-protect
-their
-WebIDs.
-</p>
-<p>
-<ins class="diff-new">While
-</ins>
-WebID
-<del class="diff-old">gives
-people
-and
-other
-agents
-</del>
-<ins class="diff-chg">works
-well
-in
-</ins>
-a
-<del class="diff-old">Web
-ID
-URL
-for
-identification.
-OpenID
-</del>
-<ins class="diff-chg">browser
-environment,
-it
-is
-</ins>
-also
-<del class="diff-old">provides
-a
-URL
-to
-a
-Personal
-Profile
-Document.
-However,
-in
-the
-case
-</del>
-<ins class="diff-chg">very
-useful
-outside
-</ins>
-of
-<del class="diff-old">WebID,
-the
-user
-does
-not
-need
-to
-remember
-the
-URL,
-</del>
-the
-browser
-<del class="diff-old">or
-User
-Agent
-does.
-A
-login
-button
-on
-a
-</del>
-<ins class="diff-chg">environment.
-</ins>
-WebID
-<del class="diff-old">web
-site
-is
-just
-a
-button.
-No
-need
-to
-enter
-any
-identifier
-like
-one
-has
-to
-for
-OpenID.
-Just
-click
-</del>
-<ins class="diff-chg">can
-also
-operate
-without
-requiring
-</ins>
-the
-<del class="diff-old">button.
-Your
-browser
-will
-then
-ask
-you
-what
-identity
-you
-wish
-</del>
-<ins class="diff-chg">use
-of
-any
-passwords.
-This
-is
-useful
-</ins>
-to
-<del class="diff-old">use.
-The
-person
-</del>
-<ins class="diff-chg">developers
-</ins>
-that
-<del class="diff-old">is
-browsing
-does
-not
-need
-</del>
-<ins class="diff-chg">may
-want
-</ins>
-to
-<del class="diff-old">remember
-either
-the
-</del>
-<ins class="diff-chg">use
-</ins>
-WebID
-<del class="diff-old">URL
-or
-the
-website
-password.
-The
-only
-password
-one
-needs
-</del>
-to
-<del class="diff-old">remember
-is
-the
-one
-</del>
-<ins class="diff-chg">perform
-server-to-server
-or
-peer-to-peer
-verification
-of
-identity.
-WebID
-works
-for
-automated
-agents
-such
-as
-Search
-Agents,
-API
-Agents,
-and
-other
-automated
-mechanisms
-</ins>
-that
-<del class="diff-old">is
-used
-to
-access
-their
-collection
-</del>
-<ins class="diff-chg">are
-often
-found
-outside
-</ins>
-of
-<del class="diff-old">WebIDs
-in
-their
-browser.
-</del>
-<ins class="diff-chg">the
-browser
-environment.
-</ins>
-</p>
-<p>
-The
-WebID
-protocol
-requires
-just
-one
-direct
-network
-connection
-to
-establish
-identity
-via
-the
-client.
-The
-server
-requires
-one
-connection
-to
-the
-client
-and
-one
-connection
-to
-retrieve
-the
-WebID
-Profile
-if
-it
-does
-not
-have
-the
-credential
-information
-cached.
-Compare
-this
-to
-the
-much
-more
-complex
-OpenID
-sequence,
-which
-requires
-six
-connections
-by
-the
-client
-to
-establish
-a
-login.
-In
-a
-world
-of
-distributed
-data
-where
-each
-site
-can
-point
-to
-data
-on
-any
-other
-site,
-multiple
-connections
-become
-costly
-to
-manage.
-</p>
-<p>
-WebID
-builds
-on
-a
-number
-of
-well
-established
-Internet
-and
-Web
-standards;
-<a href="http://en.wikipedia.org/wiki/REST">
-REST
-</a>,
-RDF
-[
-<a class="bibref" rel="biblioentry" href="#bib-RDF-PRIMER">
-RDF-PRIMER
-</a>
-],
-RDFa
-[
-<a class="bibref" rel="biblioentry" href="#bib-RDFA-CORE">
-RDFA-CORE
-</a>
-],
-RDF/XML
-[
-<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">
-RDF-SYNTAX-GRAMMAR
-</a>
-],
-TLS
-[
-<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">
-HTTP-TLS
-</a>
-],
-and
-X.509
-[
-<a class="bibref" rel="biblioentry" href="#bib-X509V3">
-X509V3
-</a>
-].
-By
-building
-on
-previous
-standards,
-it
-makes
-both
-explaining
-and
-implementing
-WebID
-easier
-on
-developers.
-</p>
-<p>
-Since
-WebID
-is
-RESTful,
-you
-can
-perform
-basic
-HTTP
-operations
-to
-<code>
-GET
-</code>
-your
-WebID,
-and
-if
-you
-needed
-update
-it,
-you
-can
-use
-HTTP
-<code>
-PUT
-</code>
-semantics.
-You
-can
-also
-create
-a
-WebID
-via
-<code>
-POST
-</code>.
-This
-is
-improved
-from
-the
-OpenID
-specification,
-which
-requires
-a
-new
-set
-of
-operations
-described
-in
-the
-OpenID
-Attribute
-Exchange
-specification.
-</p>
-<p>
-WebID
-is
-built
-on
-RDF
-and
-thus
-enables
-all
-of
-the
-advanced
-semantic
-web
-concepts
-that
-RDF
-enables.
-For
-example,
-a
-developer
-may
-perform
-machine
-reasoning
-with
-a
-WebID.
-One
-can
-construct
-machine-executable
-statements
-like
-"If
-this
-WebID
-claims
-to
-be
-a
-friend
-of
-one
-of
-our
-partner
-WebIDs
-that
-is
-trusted
-and
-the
-relationship
-is
-bi-directional,
-trust
-the
-WebID."
-While
-OpenID
-attempts
-to
-support
-this
-use
-case
-by
-mapping
-OpenID
-to
-RDF,
-it's
-far
-easier
-to
-do
-with
-WebID
-because
-WebID
-is
-natively
-RDF-aware.
-</p>
-<p>
-It
-is
-easy
-to
-extend
-a
-WebID
-with
-new
-attributes
-via
-RDF.
-The
-power
-of
-RDF
-allows
-developers
-to
-add
-extensions
-to
-WebID
-by
-defining
-new
-vocabularies
-that
-they
-publish.
-There
-is
-no
-authorization
-process
-necessary
-and
-thus
-WebID
-allows
-for
-distributed
-innovation.
-Every
-WebID
-property
-is
-a
-URI,
-which
-when
-clicked,
-can
-give
-you
-yet
-more
-information
-about
-what
-the
-property
-means.
-A
-developer
-can
-create
-new
-usage
-classes
-by
-extending
-their
-vocabulary
-at
-will.
-A
-developer
-can
-add
-relationships
-to
-a
-WebID
-by
-simply
-adding
-more
-HTML
-to
-the
-developer's
-page.
-OpenID
-does
-not
-provide
-any
-type
-of
-distributed
-innovation
-akin
-to
-RDF.
-</p>
-<p>
-Implementing
-WebID
-is
-easier
-than
-OpenID
-because
-all
-of
-the
-basic
-technologies
-have
-been
-working
-and
-integrated
-into
-Web
-browsers
-for
-many
-years.
-There
-were
-already
-three
-interoperable
-implementations
-of
-WebID
-before
-this
-specification
-was
-written.
-</p>
-<p>
-WebID
-is
-truly
-decentralized
--
-with
-WebID
-you
-get
-a
-web
-of
-trust.
-OpenID
-only
-supports
-the
-Web
-of
-Trust
-model
-if
-you
-indirectly
-trust
-the
-OpenID
-provider.
-In
-other
-words
--
-OpenID
-is
-not
-truly
-decentralized.
-In
-OpenID
-you
-must
-trust
-OpenID
-providers.
-With
-WebID
-you
-only
-have
-to
-trust
-the
-people
-and
-the
-organizations
-with
-which
-you
-are
-communicating.
-In
-other
-words,
-you
-don't
-have
-to
-ask
-anyone
-whether
-or
-not
-you
-can
-trust
-your
-friends.
-You
-can
-query
-people
-that
-you
-trust
-directly
-to
-see
-if
-someone
-is
-trustworthy
-or
-not.
-There
-is
-no
-need
-for
-a
-central
-WebID
-authority.
-</p>
-<p>
-WebID
-is
-fully
-distributed,
-anyone
-can
-setup
-a
-WebID
-by
-placing
-a
-single
-file
-on
-a
-web
-server
-of
-their
-choosing.
-There
-is
-no
-need
-for
-a
-special
-OpenID-like
-provider
-service.
-The
-only
-thing
-anyone
-that
-wants
-a
-WebID
-needs
-is
-a
-web
-account
-where
-you
-can
-post
-your
-WebID
-file,
-ideally
-on
-your
-own
-domain
-name.
-You
-can
-also
-use
-a
-WebID
-hosting
-provider,
-but
-it's
-not
-necessary
-for
-WebID
-to
-work.
-While
-it
-is
-possible
-to
-run
-an
-OpenID
-server,
-other
-OpenID
-applications
-may
-not
-trust
-you
-and
-thus
-you
-won't
-be
-able
-to
-fully
-utilize
-your
-private
-OpenID
-credentials.
-The
-reason
-that
-there
-are
-a
-few
-large
-OpenID
-providers
-and
-very
-few
-small
-OpenID
-providers
-is
-because
-of
-this
-trust
-design
-issue
-related
-to
-OpenID.
-</p>
-<p>
-WebID
-does
-not
-require
-HTTP
-redirects.
-Redirects
-are
-problematic
-on
-many
-cell
-phones,
-because
-telecoms
-heavily
-rely
-on
-proxys,
-which
-selectively
-block
-redirects.
-</p>
-<p>
-A
-WebID
-provider
-is
-100%
-compatible
-with
-an
-OpenID
-provider
-and
-thus
-can
-inter-operate
-with
-OpenID-powered
-networks.
-</p>
-</div>
-<div class="informative section" id="relation-to-oauth" typeof="bibo:Chapter" about="#relation-to-oauth">
-<h3>
-<span class="secno">
-1.3
-</span>
-Relation
-to
-OAuth
-</h3>
-<p>
-<em>
-This
-section
-is
-non-normative.
-</em>
-</p>
-<p>
-OAuth
-and
-WebID
-are
-mutually
-beneficial
-when
-used
-together.
-WebID
-can
-be
-used
-to
-provide
-RSA
-parameters
-to
-the
-RSA-SHA1
-signature
-method
-required
-by
-OAuth
-1.0.
-WebID
-can
-also
-be
-used
-to
-establish
-the
-consumer_key
-and
-HTTPS
-connection
-that
-will
-be
-used
-to
-transmit
-OAuth
-Tokens
-in
-OAuth
-2.0.
-</p>
-</div>
-</div>
-<div class="normative section" id="the-webid-protocol" typeof="bibo:Chapter" about="#the-webid-protocol">
-<h2>
-<span class="secno">
-2.
-</span>
-The
-WebID
-Protocol
-</h2>
-<div class="normative section" id="terminology" typeof="bibo:Chapter" about="#terminology">
-<h3>
-<span class="secno">
-2.1
-</span>
-Terminology
-</h3>
-<dl>
-<dt>
-<dfn title="Verification_Agent" id="dfn-verification_agent">
-Verification
-Agent
-</dfn>
-</dt>
-<dd>
-Performs
-authentication
-on
-provided
-WebID
-credentials
-and
-determines
-if
-an
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
-Identification
-Agent
-</a>
-can
-have
-access
-to
-a
-particular
-resource.
-A
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
-Verification
-Agent
-</a>
-is
-typically
-a
-Web
-server,
-but
-may
-also
-be
-a
-peer
-on
-a
-peer-to-peer
-network.
-</dd>
-<dt>
-<dfn title="Identification_Agent" id="dfn-identification_agent">
-Identification
-Agent
-</dfn>
-</dt>
-<dd>
-Provides
-identification
-credentials
-to
-a
-Verification
-Agent.
-The
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
-Identification
-Agent
-</a>
-is
-typically
-also
-a
-User
-Agent.
-</dd>
-<dt>
-<dfn title="Identification_Certificate" id="dfn-identification_certificate">
-Identification
-Certificate
-</dfn>
-</dt>
-<dd>
-An
-X.509
-[
-<a class="bibref" rel="biblioentry" href="#bib-X509V3">
-X509V3
-</a>
-]
-Certificate
-that
-<em class="rfc2119" title="must">
-must
-</em>
-contain
-a
-<code>
-Subject
-Alternative
-Name
-</code>
-extension
-with
-a
-URI
-entry.
-The
-URI
-<em class="rfc2119" title="should">
-should
-</em>
-be
-a
-URL,
-and
-<em class="rfc2119" title="should not">
-should
-not
-</em>
-be
-a
-URN.
-The
-URL
-identifies
-the
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
-Identification
-Agent
-</a>.
-The
-URL
-<em class="rfc2119" title="must">
-must
-</em>
-be
-dereference-able
-and
-result
-in
-a
-document
-containing
-RDF
-data.
-For
-example,
-the
-certificate
-would
-contain
-<code>
-http://example.org/webid#public
-</code>,
-known
-as
-a
-<a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">
-WebID
-URL
-</a>,
-as
-the
-<code>
-Subject
-Alternative
-Name
-</code>:
-<code><pre>
-X509v3 extensions:
-   ...
-   X509v3 Subject Alternative Name:
-      URI:http://example.org/webid#public
-</pre>
-</code>
-</dd>
-<dt>
-<dfn title="WebID_URL" id="dfn-webid_url">
-WebID
-URL
-</dfn>
-</dt>
-<dd>
-A
-URL
-specified
-via
-the
-<code>
-Subject
-Alternative
-Name
-</code>
-extension
-of
-the
-<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">
-Identification
-Certificate
-</a>
-that
-identifies
-an
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
-Identification
-Agent
-</a>.
-</dd>
-<dt>
-<dfn title="public_key" id="dfn-public_key">
-public
-key
-</dfn>
-</dt>
-<dd>
-A
-widely
-distributed
-crytographic
-key
-that
-can
-be
-used
-to
-verify
-digital
-signatures
-and
-encrypt
-data
-between
-a
-sender
-and
-a
-receiver.
-A
-public
-key
-is
-always
-included
-in
-an
-<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">
-Identification
-Certificate
-</a>
-</dd>
-<dt>
-<dfn title="WebID_Profile" id="dfn-webid_profile">
-WebID
-Profile
-</dfn>
-</dt>
-<dd>
-A
-structured
-document
-that
-contains
-identification
-credentials
-for
-the
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
-Identification
-Agent
-</a>
-expressed
-using
-the
-Resource
-Description
-Framework
-[
-<a class="bibref" rel="biblioentry" href="#bib-RDF-CONCEPTS">
-RDF-CONCEPTS
-</a>
-].
-Either
-the
-XHTML+RDFa
-1.1
-[
-<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">
-XHTML-RDFA
-</a>
-]
-serialization
-format
-or
-the
-RDF/XML
-[
-<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">
-RDF-SYNTAX-GRAMMAR
-</a>
-]
-serialization
-format
-<em class="rfc2119" title="must">
-must
-</em>
-be
-supported
-by
-the
-mechanism,
-e.g.
-a
-Web
-Service,
-providing
-the
-WebID
-Profile
-document.
-Alternate
-RDF
-serialization
-formats,
-such
-as
-N3
-[
-<a class="bibref" rel="biblioentry" href="#bib-N3">
-N3
-</a>
-]
-or
-Turtle
-[
-<a class="bibref" rel="biblioentry" href="#bib-TURTLE">
-TURTLE
-</a>
-],
-<em class="rfc2119" title="may">
-may
-</em>
-be
-supported
-by
-the
-mechanism
-providing
-the
-WebID
-Profile
-document.
-</dd>
-</dl>
-<p class="issue">
-Whether
-or
-not
-RDF/XML,
-XHTML+RDFa
-1.1,
-both
-or
-neither
-serialization
-of
-RDF
-should
-be
-required
-serialization
-formats
-in
-the
-specification
-is
-currently
-under
-heavy
-debate.
-</p>
-</div>
-<div class="normative section" id="authentication-sequence" typeof="bibo:Chapter" about="#authentication-sequence">
-<h3>
-<span class="secno">
-2.2
-</span>
-Authentication
-Sequence
-</h3>
-<p>
-The
-following
-steps
-are
-executed
-by
-Verification
-Agents
-and
-Identification
-Agents
-to
-determine
-if
-access
-should
-be
-granted
-to
-a
-particular
-resource.
-</p>
-<ol>
-<li>
-The
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
-Identification
-Agent
-</a>
-attempts
-to
-access
-a
-resource
-using
-HTTP
-over
-TLS
-[
-<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">
-HTTP-TLS
-</a>
-]
-via
-the
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
-Verification
-Agent
-</a>.
-</li>
-<li>
-The
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
-Verification
-Agent
-</a>
-<em class="rfc2119" title="must">
-must
-</em>
-request
-the
-<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">
-Identification
-Certificate
-</a>
-of
-the
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
-Identification
-Agent
-</a>
-as
-a
-part
-of
-the
-TLS
-client-cerificate
-retrieval
-protocol.
-</li>
-<li>
-The
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
-Verification
-Agent
-</a>
-<em class="rfc2119" title="must">
-must
-</em>
-extract
-the
-<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
-public
-key
-</a>
-and
-the
-<a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">
-WebID
-URL
-</a>
-contained
-in
-the
-<code>
-Subject
-Alternative
-Name
-</code>
-extension
-of
-the
-<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">
-Identification
-Certificate
-</a>.
-</li>
-<li>
-The
-<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
-public
-key
-</a>
-information
-associated
-with
-the
-<a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">
-WebID
-URL
-</a>
-<em class="rfc2119" title="must">
-must
-</em>
-be
-<del class="diff-old">verified
-</del>
-<ins class="diff-chg">checked
-</ins>
-by
-the
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
-Verification
-Agent
-</a>.
-This
-<del class="diff-old">must
-be
-performed
-by
-validating
-the
-public
-key
-associated
-with
-the
-WebID
-URL
-.
-This
-</del>
-process
-<em class="rfc2119" title="should">
-should
-</em>
-occur
-either
-by
-dereferencing
-the
-<a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">
-WebID
-URL
-</a>
-and
-extracting
-RDF
-data
-from
-the
-resulting
-document,
-or
-by
-utilizing
-a
-cached
-version
-of
-the
-RDF
-data
-contained
-in
-the
-document
-or
-other
-data
-source
-that
-is
-up-to-date
-and
-trusted
-by
-the
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
-Verification
-Agent
-</a>.
-The
-processing
-and
-extraction
-mechanism
-is
-further
-detailed
-in
-the
-sections
-titled
-<a href="#processing-the-webid-profile">
-Processing
-the
-WebID
-Profile
-</a>
-and
-<a href="#extracting-webid-url-details">
-Extracting
-WebID
-URL
-Details
-</a>.
-</li>
-<li>
-If
-the
-<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
-public
-key
-</a>
-in
-the
-<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">
-Identification
-Certificate
-</a>
-is
-found
-in
-the
-list
-of
-<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
-public
-key
-</a>
-s
-associated
-with
-the
-<a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">
-WebID
-URL
-</a>,
-the
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
-Verification
-Agent
-</a>
-<em class="rfc2119" title="must">
-must
-</em>
-assume
-that
-the
-client
-<del class="diff-old">has
-write
-access
-</del>
-<ins class="diff-chg">intends
-</ins>
-to
-<ins class="diff-new">use
-</ins>
-the
-<del class="diff-old">WebID
-Profile
-</del>
-<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
-<ins class="diff-chg">public
-key
-</ins>
-</a>
-<del class="diff-old">and
-therefore
-owns
-</del>
-<ins class="diff-chg">to
-verify
-their
-ownership
-of
-</ins>
-the
-<del class="diff-old">document.
-</del>
-<ins class="diff-chg">WebID
-URL.
-</ins>
-</li>
-<li>
-<del class="diff-old">If
-the
-</del>
-<ins class="diff-chg">The
-</ins>
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
-Verification
-Agent
-</a>
-<del class="diff-old">has
-verified
-</del>
-<ins class="diff-chg">verifies
-</ins>
-that
-the
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
-<ins class="diff-new">Identification
-Agent
-</ins></a><ins class="diff-new">
-owns
-the
-</ins>
-<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">
-WebID
-Profile
-</a>
-<del class="diff-old">is
-owned
-</del>
-by
-<ins class="diff-new">using
-the
-</ins><a class="tref internalDFN" title="public_key" href="#dfn-public_key"><ins class="diff-new">
-public
-key
-</ins></a><ins class="diff-new">
-to
-create
-a
-cryptographic
-challenge.
-The
-challenge
-</ins><em class="rfc2119" title="should"><ins class="diff-new">
-should
-</ins></em><ins class="diff-new">
-be
-fulfilled
-by
-performing
-TLS
-mutual-authentication
-between
-the
-</ins><a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent"><ins class="diff-new">
-Verification
-Agent
-</ins></a><ins class="diff-new">
-and
-</ins>
-the
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
-Identification
-Agent
-<del class="diff-old">,
-</del>
-</a>.
-<ins class="diff-chg">If
-</ins>
-the
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
-Verification
-Agent
-</a>
-<ins class="diff-new">does
-not
-have
-access
-to
-the
-TLS
-layer,
-a
-digital
-signature
-challenge
-</ins>
-<em class="rfc2119" title="must">
-must
-</em>
-<del class="diff-old">use
-</del>
-<ins class="diff-chg">be
-provided
-by
-</ins>
-the
-<del class="diff-old">verified
-public
-key
-contained
-</del>
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
-<ins class="diff-chg">Verification
-Agent
-</ins></a>.<ins class="diff-chg">
-These
-processes
-are
-detailed
-</ins>
-in
-the
-<del class="diff-old">Identification
-Certificate
-</del>
-<ins class="diff-chg">sections
-titled
-</ins><a href="#authorization"><ins class="diff-chg">
-Authorization
-</ins>
-</a>
-<del class="diff-old">for
-all
-TLS-based
-communication
-with
-the
-Identification
-Agent
-</del>
-<ins class="diff-chg">and
-</ins><a href="#secure-communication"><ins class="diff-chg">
-Secure
-Communication
-</ins>
-</a>.
-</li>
-</ol>
-<p>
-The
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">
-Identification
-Agent
-</a>
-<em class="rfc2119" title="may">
-may
-</em>
-re-establish
-a
-different
-identity
-at
-any
-time
-by
-executing
-all
-of
-the
-steps
-in
-the
-Authentication
-Sequence
-again.
-Additional
-algorithms,
-detailed
-in
-the
-next
-section,
-<em class="rfc2119" title="may">
-may
-</em>
-be
-performed
-to
-determine
-if
-the
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
-Verification
-Agent
-</a>
-can
-access
-a
-particular
-resource
-after
-the
-last
-step
-of
-the
-Authentication
-Sequence
-has
-been
-completed.
-</p>
-</div>
-<div class="normative section" id="authentication-sequence-details" typeof="bibo:Chapter" about="#authentication-sequence-details">
-<h3>
-<span class="secno">
-2.3
-</span>
-Authentication
-Sequence
-Details
-</h3>
-<p>
-This
-section
-covers
-details
-about
-each
-step
-in
-the
-authentication
-process.
-</p>
-<div class="normative section" id="initiating-a-tls-connection" typeof="bibo:Chapter" about="#initiating-a-tls-connection">
-<h4>
-<span class="secno">
-2.3.1
-</span>
-Initiating
-a
-TLS
-Connection
-</h4>
-<p class="issue">
-This
-section
-will
-detail
-how
-the
-TLS
-connection
-process
-is
-started
-and
-used
-by
-WebID
-to
-create
-a
-secure
-channel
-between
-the
-Identification
-Agent
-and
-the
-Verification
-Agent.
-</p>
-</div>
-<div class="normative section" id="exchanging-the-identification-certificate" typeof="bibo:Chapter" about="#exchanging-the-identification-certificate">
-<h4>
-<span class="secno">
-2.3.2
-</span>
-Exchanging
-the
-Identification
-Certificate
-</h4>
-<p class="issue">
-This
-section
-will
-detail
-how
-the
-certificate
-is
-selected
-and
-sent
-to
-the
-Verification
-Agent.
-</p>
-</div>
-<div class="normative section" id="processing-the-webid-profile" typeof="bibo:Chapter" about="#processing-the-webid-profile">
-<h4>
-<span class="secno">
-2.3.3
-</span>
-Processing
-the
-WebID
-Profile
-</h4>
-<p>
-A
-Verification
-Agent
-<em class="rfc2119" title="must">
-must
-</em>
-be
-able
-to
-process
-documents
-in
-RDF/XML
-[
-<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">
-RDF-SYNTAX-GRAMMAR
-</a>
-]
-and
-XHTML+RDFa
-[
-<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">
-XHTML-RDFA
-</a>
-].
-A
-server
-responding
-to
-a
-WebID
-Profile
-request
-<em class="rfc2119" title="should">
-should
-</em>
-support
-HTTP
-content
-negotiation.
-The
-server
-<em class="rfc2119" title="must">
-must
-</em>
-return
-a
-representation
-in
-RDF/XML
-for
-media
-type
-<code>
-application/rdf+xml
-</code>.
-The
-server
-<em class="rfc2119" title="must">
-must
-</em>
-return
-a
-representation
-in
-XHTML+RDFa
-for
-media
-type
-<code>
-text/html
-</code>
-or
-media
-type
-<code>
-application/xhtml+xml
-</code>.
-<a class="tref" title="Verification_Agents">
-Verification
-Agents
-</a>
-and
-<a class="tref" title="Identification_Agents">
-Identification
-Agents
-</a>
-<em class="rfc2119" title="may">
-may
-</em>
-support
-any
-other
-RDF
-format
-via
-HTTP
-content
-negotiation.
-</p>
-<p class="issue">
-This
-section
-will
-explain
-how
-a
-Verification
-Agent
-extracts
-semantic
-data
-describing
-the
-identification
-credentials
-from
-a
-WebID
-Profile.
-</p>
-</div>
-<div class="normative section" id="extracting-webid-url-details" typeof="bibo:Chapter" about="#extracting-webid-url-details">
-<h4>
-<span class="secno">
-2.3.4
-</span>
-Extracting
-WebID
-URL
-Details
-</h4>
-<p>
-The
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
-Verification
-Agent
-</a>
-may
-use
-a
-number
-of
-different
-methods
-to
-extract
-the
-<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
-public
-key
-</a>
-information
-from
-the
-<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">
-WebID
-Profile
-</a>.
-</p>
-The
-following
-SPARQL
-query
-outlines
-one
-way
-in
-which
-the
-<a class="tref internalDFN" title="public_key" href="#dfn-public_key">
-public
-key
-</a>
-could
-be
-extracted
-from
-the
-<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">
-WebID
-Profile
-</a>:
-<code><pre>
-PREFIX cert: &lt;http://www.w3.org/ns/auth/cert#&gt;
-PREFIX rsa: &lt;http://www.w3.org/ns/auth/rsa#&gt;
-SELECT ?modulus ?exp
-WHERE {
-   ?key cert:identity &lt;http://example.org/webid#public&gt;;
-      a rsa:RSAPublicKey;
-      rsa:modulus [ cert:hex ?modulus; ];
-      rsa:public_exponent [ cert:decimal ?exp ] .
-}
-</pre>
-</code>
-<p class="issue">
-This
-section
-still
-needs
-more
-information.
-</p>
-</div>
-<div class="normative section" id="authorization" typeof="bibo:Chapter" about="#authorization">
-<h4>
-<span class="secno">
-2.3.5
-</span>
-<del class="diff-old">Determining
-Access
-Privileges
-</del>
-<ins class="diff-chg">Authorization
-</ins>
-</h4>
-<p class="issue">
-This
-section
-will
-explain
-how
-a
-Verification
-Agent
-may
-use
-the
-information
-discovered
-via
-a
-WebID
-URL
-to
-determine
-if
-one
-should
-be
-able
-to
-access
-a
-particular
-resource.
-It
-will
-explain
-how
-a
-Verification
-Agent
-can
-use
-links
-to
-other
-RDFa
-documents
-to
-build
-knowledge
-about
-the
-given
-WebID.
-</p>
-</div>
-<div class="normative section" id="secure-communication" typeof="bibo:Chapter" about="#secure-communication">
-<h4>
-<span class="secno">
-<ins class="diff-new">2.3.6
-</ins></span><ins class="diff-new">
-Secure
-Communication
-</ins></h4><p class="issue"><ins class="diff-new">
-This
-section
-will
-explain
-how
-an
-Identification
-Agent
-and
-a
-Verification
-Agent
-may
-communicate
-securely
-using
-a
-set
-of
-verified
-identification
-credentials.
-</ins></p><p><ins class="diff-new">
-If
-the
-</ins><a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent"><ins class="diff-new">
-Verification
-Agent
-</ins></a><ins class="diff-new">
-has
-verified
-that
-the
-</ins><a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile"><ins class="diff-new">
-WebID
-Profile
-</ins></a><ins class="diff-new">
-is
-owned
-by
-the
-</ins><a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent"><ins class="diff-new">
-Identification
-Agent
-</ins></a>,<ins class="diff-new">
-the
-</ins><a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent"><ins class="diff-new">
-Verification
-Agent
-</ins></a><em class="rfc2119" title="should"><ins class="diff-new">
-should
-</ins></em><ins class="diff-new">
-use
-the
-verified
-</ins><a class="tref internalDFN" title="public_key" href="#dfn-public_key"><ins class="diff-new">
-public
-key
-</ins></a><ins class="diff-new">
-contained
-in
-the
-</ins><a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate"><ins class="diff-new">
-Identification
-Certificate
-</ins></a><ins class="diff-new">
-for
-all
-TLS-based
-communication
-with
-the
-</ins><a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent"><ins class="diff-new">
-Identification
-Agent
-</ins></a>.<ins class="diff-new">
-This
-ensures
-that
-both
-the
-</ins><a class="tref" title="Authorization_Agent"><ins class="diff-new">
-Authorization
-Agent
-</ins></a><ins class="diff-new">
-and
-the
-</ins><a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent"><ins class="diff-new">
-Identification
-Agent
-</ins></a><ins class="diff-new">
-are
-communicating
-in
-a
-secure
-manner,
-ensuring
-cryptographically
-protected
-privacy
-for
-both
-sides.
-</ins></p></div></div><div class="normative section" id="the-webid-profile" typeof="bibo:Chapter" about="#the-webid-profile"><h3><span class="secno"><ins class="diff-new">
-2.4
-</ins></span><ins class="diff-new">
-The
-WebID
-Profile
-</ins></h3><p><ins class="diff-new">
-The
-</ins><a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile"><ins class="diff-new">
-WebID
-Profile
-</ins></a><ins class="diff-new">
-is
-a
-structured
-document
-that
-contains
-identification
-credentials
-for
-the
-</ins><a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent"><ins class="diff-new">
-Identification
-Agent
-</ins></a><ins class="diff-new">
-expressed
-using
-the
-Resource
-Description
-Framework
-[
-</ins><a class="bibref" rel="biblioentry" href="#bib-RDF-CONCEPTS"><ins class="diff-new">
-RDF-CONCEPTS
-</ins></a><ins class="diff-new">
-].
-The
-following
-sections
-describe
-how
-to
-express
-certain
-common
-properties
-that
-could
-be
-used
-by
-</ins><a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent"><ins class="diff-new">
-Verification
-Agent
-</ins></a><ins class="diff-new">
-s
-and
-other
-entities
-that
-consume
-a
-</ins><a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile"><ins class="diff-new">
-WebID
-Profile
-</ins></a>.</p><p><ins class="diff-new">
-The
-following
-vocabularies
-are
-used
-in
-their
-shortened
-form
-in
-the
-subsequent
-sections:
-</ins></p><dl><dt><ins class="diff-new">
-foaf
-</ins></dt><dd><ins class="diff-new">
-http://xmlns.com/foaf/0.1/
-</ins></dd><dt><ins class="diff-new">
-cert
-</ins></dt><dd><ins class="diff-new">
-http://www.w3.org/ns/auth/cert#
-</ins></dd><dt><ins class="diff-new">
-rsa
-</ins></dt><dd><ins class="diff-new">
-http://www.w3.org/ns/auth/rsa#
-</ins></dd></dl><div class="normative section" id="personal-information" typeof="bibo:Chapter" about="#personal-information"><h4><span class="secno"><ins class="diff-new">
-2.4.1
-</ins></span><ins class="diff-new">
-Personal
-Information
-</ins></h4><p><ins class="diff-new">
-Personal
-details
-are
-the
-most
-common
-requirement
-when
-registering
-an
-account
-with
-a
-website.
-Some
-of
-these
-pieces
-of
-information
-include
-an
-e-mail
-address,
-a
-name
-and
-perhaps
-an
-avatar
-image.
-This
-section
-includes
-properties
-that
-</ins><em class="rfc2119" title="should"><ins class="diff-new">
-should
-</ins></em><ins class="diff-new">
-be
-used
-when
-conveying
-key
-pieces
-of
-personal
-information
-but
-are
-</ins><em class="rfc2119" title="not required"><ins class="diff-new">
-not
-required
-</ins></em><ins class="diff-new">
-to
-be
-present
-in
-a
-WebID
-Profile:
-</ins></p><dl><dt><ins class="diff-new">
-foaf:mbox
-</ins></dt><dd><ins class="diff-new">
-The
-e-mail
-address
-that
-is
-associated
-with
-the
-WebID
-URL.
-</ins></dd><dt><ins class="diff-new">
-foaf:name
-</ins></dt><dd><ins class="diff-new">
-The
-name
-that
-is
-most
-commonly
-used
-to
-refer
-to
-the
-individual
-or
-agent.
-</ins></dd><dt><ins class="diff-new">
-foaf:depiction
-</ins></dt><dd><ins class="diff-new">
-An
-image
-representation
-of
-the
-individual
-or
-agent.
-</ins></dd></dl></div><div class="normative section" id="cryptographic-details" typeof="bibo:Chapter" about="#cryptographic-details"><h4><span class="secno"><ins class="diff-new">
-2.4.2
-</ins></span><ins class="diff-new">
-Cryptographic
-Details
-</ins></h4><p><ins class="diff-new">
-Cryptographic
-details
-are
-important
-when
-</ins><a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent"><ins class="diff-new">
-Verification
-Agent
-</ins></a><ins class="diff-new">
-s
-and
-</ins><a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent"><ins class="diff-new">
-Identification
-Agent
-</ins></a><ins class="diff-new">
-s
-interact.
-The
-following
-properties
-</ins><em class="rfc2119" title="should"><ins class="diff-new">
-should
-</ins></em><ins class="diff-new">
-be
-used
-when
-conveying
-cryptographic
-information
-in
-WebID
-Profile
-documents:
-</ins></p><dl><dt><ins class="diff-new">
-rsa:RSAPublicKey
-</ins></dt><dd><ins class="diff-new">
-Expresses
-an
-RSA
-public
-key.
-The
-RSAPublicKey
-</ins><em class="rfc2119" title="must"><ins class="diff-new">
-must
-</ins></em><ins class="diff-new">
-specify
-the
-rsa:modulus
-and
-rsa:public_exponent
-properties.
-</ins></dd><dt><ins class="diff-new">
-cert:identity
-</ins></dt><dd><ins class="diff-new">
-Used
-to
-associate
-an
-RSAPublicKey
-with
-a
-WebID
-URL.
-A
-WebID
-Profile
-</ins><em class="rfc2119" title="must"><ins class="diff-new">
-must
-</ins></em><ins class="diff-new">
-contain
-at
-least
-one
-RSAPublicKey
-that
-is
-associated
-with
-the
-corresponding
-WebID
-URL.
-</ins></dd></dl></div>
-</div>
-<div id="appendix" typeof="bibo:Chapter" about="#appendix" class="section">
-<div class="informative section" id="history" typeof="bibo:Chapter" about="#history">
-<h4>
-Change
-History
-</h4>
-<p>
-<em>
-This
-section
-is
-non-normative.
-</em>
-</p>
-<p>
-<a href="http://github.com/msporny/webid-spec/commit/b19d2812901b4511fdf9876c1be53bb36ee3201e">
-<ins class="diff-new">2010-07-25
-</ins></a><ins class="diff-new">
-Added
-WebID
-Profile
-section.
-</ins></p><p><a href="http://github.com/msporny/webid-spec/commit/211d197510ca119c21ae48f3e5aa3f931ea88672"><ins class="diff-new">
-2010-07-18
-</ins></a><ins class="diff-new">
-Updates
-from
-WebID
-community
-related
-to
-RDF/XML
-support,
-authentication
-sequence
-corrections,
-abstract
-and
-introduction
-updates.
-</ins></p><p><a href="http://github.com/msporny/webid-spec/commit/a54dee9c242b08edaac617d678215b389dd3556d">
-2010-07-11
-</a>
-Initial
-version.
-</p>
-</div>
-<div class="informative section" id="acknowledgements" typeof="bibo:Chapter" about="#acknowledgements">
-<h4>
-Acknowledgments
-</h4>
-<p>
-<em>
-This
-section
-is
-non-normative.
-</em>
-</p>
-<p>
-The
-following
-people
-have
-been
-instrumental
-in
-providing
-thoughts,
-feedback,
-reviews,
-criticism
-and
-input
-in
-the
-creation
-of
-this
-specification:
-</p>
-<ul>
-<li>
-Melvin
-Carvalho
-</li>
-<li>
-Bruno
-Harbulot
-</li>
-<li>
-Toby
-Inkster
-</li>
-<li>
-Ian
-Jacobi
-</li>
-<li>
-Jeff
-Sayre
-</li>
-<li>
-Henry
-Story
-</li>
-</ul>
-</div>
-</div>
-</div>
-<div id="references" class="appendix section" typeof="bibo:Chapter" about="#references">
-<h2>
-<span class="secno">
-A.
-</span>
-References
-</h2>
-<div id="normative-references" typeof="bibo:Chapter" about="#normative-references" class="section">
-<h3>
-<span class="secno">
-A.1
-</span>
-Normative
-references
-</h3>
-<dl class="bibliography" about="">
-<dt id="bib-HTTP-TLS">
-[HTTP-TLS]
-</dt>
-<dd rel="dcterms:requires">
-E.
-Rescorla.
-<a href="http://www.ietf.org/rfc/rfc2818.txt">
-<cite>
-HTTP
-Over
-TLS.
-</cite>
-</a>
-May
-2000.
-Internet
-RFC
-2818.
-URL:
-<a href="http://www.ietf.org/rfc/rfc2818.txt">
-http://www.ietf.org/rfc/rfc2818.txt
-</a>
-</dd>
-<dt id="bib-N3">
-[N3]
-</dt>
-<dd rel="dcterms:requires">
-Tim
-Berners-Lee;
-Dan
-Connolly.
-<a href="http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/">
-<cite>
-Notation3
-(N3):
-A
-readable
-RDF
-syntax.
-</cite>
-</a>
-14
-January
-2008.
-W3C
-Team
-Submission.
-URL:
-<a href="http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/">
-http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/
-</a>
-</dd>
-<dt id="bib-RDF-PRIMER">
-[RDF-PRIMER]
-</dt>
-<dd rel="dcterms:requires">
-Frank
-Manola;
-Eric
-Miller.
-<a href="http://www.w3.org/TR/2004/REC-rdf-primer-20040210/">
-<cite>
-RDF
-Primer.
-</cite>
-</a>
-10
-February
-2004.
-W3C
-Recommendation.
-URL:
-<a href="http://www.w3.org/TR/2004/REC-rdf-primer-20040210/">
-http://www.w3.org/TR/2004/REC-rdf-primer-20040210/
-</a>
-</dd>
-<dt id="bib-RDF-SYNTAX-GRAMMAR">
-[RDF-SYNTAX-GRAMMAR]
-</dt>
-<dd rel="dcterms:requires">
-Dave
-Beckett.
-<a href="http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210">
-<cite>
-RDF/XML
-Syntax
-Specification
-(Revised).
-</cite>
-</a>
-10
-February
-2004.
-W3C
-Recommendation.
-URL:
-<a href="http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210">
-http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210
-</a>
-</dd>
-<dt id="bib-RDFA-CORE">
-[RDFA-CORE]
-</dt>
-<dd rel="dcterms:requires">
-Shane
-McCarron;
-et
-al.
-<a href="http://www.w3.org/TR/2010/WD-rdfa-core-20100422">
-<cite>
-RDFa
-Core
-1.1:
-Syntax
-and
-processing
-rules
-for
-embedding
-RDF
-through
-attributes.
-</cite>
-</a>
-22
-April
-2010.
-W3C
-Working
-Draft.
-URL:
-<a href="http://www.w3.org/TR/2010/WD-rdfa-core-20100422">
-http://www.w3.org/TR/2010/WD-rdfa-core-20100422
-</a>
-</dd>
-<dt id="bib-TURTLE">
-[TURTLE]
-</dt>
-<dd rel="dcterms:requires">
-David
-Beckett,
-Tim
-Berners-Lee.
-<a href="http://www.w3.org/TeamSubmission/turtle/">
-Turtle:
-Terse
-RDF
-Triple
-Language
-</a>
-January
-2008.
-W3C
-Team
-Submission.
-URL:
-<a href="http://www.w3.org/TeamSubmission/turtle/">
-http://www.w3.org/TeamSubmission/turtle/
-</a>
-</dd>
-<dt id="bib-X509V3">
-[X509V3]
-</dt>
-<dd rel="dcterms:requires">
-<cite>
-ITU-T
-Recommendation
-X.509
-version
-3
-(1997).
-"Information
-Technology
--
-Open
-Systems
-Interconnection
--
-The
-Directory
-Authentication
-Framework"
-ISO/IEC
-9594-8:1997
-</cite>.
-</dd>
-<dt id="bib-XHTML-RDFA">
-[XHTML-RDFA]
-</dt>
-<dd rel="dcterms:requires">
-Shane
-McCarron;
-et.
-al.
-<a href="http://www.w3.org/TR/2010/WD-xhtml-rdfa-20100422">
-<cite>
-XHTML+RDFa
-1.1.
-</cite>
-</a>
-22
-April
-2010.
-W3C
-Working
-Draft.
-URL:
-<a href="http://www.w3.org/TR/2010/WD-xhtml-rdfa-20100422">
-http://www.w3.org/TR/WD-xhtml-rdfa-20100422
-</a>
-</dd>
-</dl>
-</div>
-<div id="informative-references" typeof="bibo:Chapter" about="#informative-references" class="section">
-<h3>
-<span class="secno">
-A.2
-</span>
-Informative
-references
-</h3>
-<dl class="bibliography" about="">
-<dt id="bib-RDF-CONCEPTS">
-[RDF-CONCEPTS]
-</dt>
-<dd rel="dcterms:references">
-Graham
-Klyne;
-Jeremy
-J.
-Carroll.
-<a href="http://www.w3.org/TR/2004/REC-rdf-concepts-20040210">
-<cite>
-Resource
-Description
-Framework
-(RDF):
-Concepts
-and
-Abstract
-Syntax.
-</cite>
-</a>
-10
-February
-2004.
-W3C
-Recommendation.
-URL:
-<a href="http://www.w3.org/TR/2004/REC-rdf-concepts-20040210">
-http://www.w3.org/TR/2004/REC-rdf-concepts-20040210
-</a>
-</dd>
-</dl>
-</div>
-</div>
-</body>
-</html>
--- a/drafts/ED-webid-20100725/index.html	Tue Jan 25 09:51:23 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,635 +0,0 @@
-<?xml version='1.0' encoding='UTF-8'?>
-<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML+RDFa 1.0//EN' 'http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd'>
-<html dir="ltr" about="" property="dcterms:language" content="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:dcterms='http://purl.org/dc/terms/' xmlns:bibo='http://purl.org/ontology/bibo/' xmlns:foaf='http://xmlns.com/foaf/0.1/' xmlns:xsd='http://www.w3.org/2001/XMLSchema#'>
-<head>
-    <title>WebID 1.0</title>
-    <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
-    
-<!--  
-      === NOTA BENE ===
-      For the three scripts below, if your spec resides on dev.w3 you can check them
-      out in the same tree and use relative links so that they'll work offline,
-      -->
-
-<style type="text/css">
-code           { font-family: monospace; }
-
-span.hilite { color: red; /* font-weight: bold */ }
-
-li p           { margin-top: 0.3em;
-                 margin-bottom: 0.3em; }
-
-div.explanation { background-color: #ADD8E6;
-                   width: 80%;
-                   margin: 12px; padding: 8px; }
-div.explanation li { margin-top: 8px; }
-div.explanation dd { margin: 4px; }
-
-.adef { 
-	font-family: monospace; 
-	font-weight: bold; 
-    color: #ff4500 !important;
-}
-
-.aref { 
-	font-family: monospace; 
-	font-weight: bold; 
-    color: #ff4500 !important;
-}
-
-span.entity { color: red; }
-
-span.element { color: green; }
-</style>
-
-     
-
-<!--     <script src='/ReSpec.js/js/respec.js' class='remove'></script>  -->
-
-    
-  <link href="http://dev.w3.org/2009/dap/ReSpec.js/css/respec.css" rel="stylesheet" type="text/css" charset="utf-8" /><link href="http://www.w3.org/StyleSheets/TR/w3c-unofficial" rel="stylesheet" type="text/css" charset="utf-8" /></head><body style="display: inherit; "><div class="head"><p></p><h1 rel="dcterms:title" class="title" id="title">WebID 1.0</h1><h2 rel="bibo:subtitle" id="subtitle">Web Identification and Discovery</h2><h2 property="dcterms:issued" datatype="xsd:dateTime" content="2010-07-25T22:59:59+0000" id="unofficial-draft-25-july-2010">Unofficial Draft 25 July 2010</h2><dl><dt>Editor:</dt><dd rel="bibo:editor"><span typeof="foaf:Person"><span property="foaf:name">Manu Sporny</span>, <a rel="foaf:workplaceHomepage" href="http://blog.digitalbazaar.com/">Digital Bazaar, Inc.</a> <a rel="foaf:mbox" href="mailto:[email protected]">[email protected]</a> </span>
-</dd>
-<dt>Authors:</dt><dd><span><a content="Toby Inkster" href="http://tobyinkster.co.uk/">Toby Inkster</a></span>
-</dd>
-<dd><span><a content="Henry Story" href="http://bblfish.net/">Henry Story</a></span>
-</dd>
-<dd><span><a content="Bruno Harbulot" href="http://blog.distributedmatter.net/">Bruno Harbulot</a></span>
-</dd>
-<dd><span><a content="Reto Bachmann-Gmür" href="http://www.facebook.com/farewellutopia">Reto Bachmann-Gmür</a></span>
-</dd>
-</dl><p>This document is also available in this non-normative format: <a href="diff-20100718.html">Diff from previous Editors Draft</a>.</p><p class="copyright">This document is licensed under a <a class="subfoot" href="http://creativecommons.org/licenses/by/3.0/" rel="license">Creative Commons Attribution 3.0 License</a>.</p><hr></hr></div>
-    <div id="abstract" class="introductory section" property="dcterms:abstract" datatype="" typeof="bibo:Chapter" about="#abstract"><h2>Abstract</h2>
-
-<p>Social networking, identity and privacy have been at the center of how we 
-interact with the Web in the last decade. The explosion of social networking 
-sites has brought the world closer together as well as created new points of
-pain regarding ease of use and the Web. Remembering login details, passwords,
-and sharing private information across the many websites and social groups
-that we are a part of has become more difficult and complicated than necessary. 
-The Social Web is designed to ensure that control of identity and privacy 
-settings is always simple and under one's control. WebID is a key enabler of the 
-Social Web. This specification outlines a simple universal identification 
-mechanism that is distributed, openly extensible, improves privacy, security 
-and control over how one can identify themselves and control access to their 
-information on the Web.
-</p>
-  
-<div typeof="bibo:Chapter" about="#how-to-read-this-document" class="section">
-<h3 id="how-to-read-this-document">How to Read this Document</h3>
-  
-<p>There are a number of concepts that are covered in this document that the
-reader may want to be aware of before continuing. General knowledge of
-<a href="http://en.wikipedia.org/wiki/Public_key_cryptography">public key cryptography</a> 
-and RDF [<a class="bibref" rel="biblioentry" href="#bib-RDF-PRIMER">RDF-PRIMER</a>] and RDFa [<a class="bibref" rel="biblioentry" href="#bib-RDFA-CORE">RDFA-CORE</a>] is necessary to understand how 
-to implement this specification. WebID uses a number of specific technologies 
-like HTTP over TLS [<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">HTTP-TLS</a>], X.509 certificates [<a class="bibref" rel="biblioentry" href="#bib-X509V3">X509V3</a>], 
-RDF/XML [<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">RDF-SYNTAX-GRAMMAR</a>] and XHTML+RDFa [<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">XHTML-RDFA</a>].</p>
-
-<p>A general <a href="#introduction">Introduction</a> is provided for all that
-would like to understand why this specification is necessary to simplify usage
-of the Web.</p>
-
-<p>The terms used throughout this specification are listed in the section
-titled <a href="#terminology">Terminology</a>.</p>
-
-<p>Developers that are interested in implementing this specification will be
-most interested in the sections titled 
-<a href="#authentication-sequence">Authentication Sequence</a> and 
-<a href="#authentication-sequence-details">Authentication Sequence Details</a>.
-  
-</p></div>
-</div><div id="sotd" class="introductory section" typeof="bibo:Chapter" about="#sotd"><h2>Status of This Document</h2><p>This document is merely a public working draft of a potential specification. It has no official standing of any kind and does not represent the support or consensus of any standards organisation.</p>
-
-<!--  <p>This document has been reviewed by W3C Members, by software
-developers, and by other W3C groups and interested parties, and is
-endorsed by the Director as a W3C Recommendation. It is a stable
-document and may be used as reference material or cited from another
-document. W3C's role in making the Recommendation is to draw attention
-to the specification and to promote its widespread deployment. This
-enhances the functionality and interoperability of the Web.</p>  -->
-
-
-The source code for this document is available via Github at the following
-URL: <a href="http://github.com/msporny/webid-spec">http://github.com/msporny/webid-spec</a>
-
-</div><div id="toc" typeof="bibo:Chapter" about="#toc" class="section"><h2 class="introductory">Table of Contents</h2><ul class="toc"><li class="tocline"><a href="#introduction" class="tocxref"><span class="secno">1. </span>Introduction</a><ul class="toc"><li class="tocline"><a href="#motivation" class="tocxref"><span class="secno">1.1 </span>Motivation</a></li><li class="tocline"><a href="#relation-to-openid" class="tocxref"><span class="secno">1.2 </span>Relation to OpenID</a></li><li class="tocline"><a href="#relation-to-oauth" class="tocxref"><span class="secno">1.3 </span>Relation to OAuth</a></li></ul></li><li class="tocline"><a href="#the-webid-protocol" class="tocxref"><span class="secno">2. </span>The WebID Protocol</a><ul class="toc"><li class="tocline"><a href="#terminology" class="tocxref"><span class="secno">2.1 </span>Terminology</a></li><li class="tocline"><a href="#authentication-sequence" class="tocxref"><span class="secno">2.2 </span>Authentication Sequence</a></li><li class="tocline"><a href="#authentication-sequence-details" class="tocxref"><span class="secno">2.3 </span>Authentication Sequence Details</a><ul class="toc"><li class="tocline"><a href="#initiating-a-tls-connection" class="tocxref"><span class="secno">2.3.1 </span>Initiating a TLS Connection</a></li><li class="tocline"><a href="#exchanging-the-identification-certificate" class="tocxref"><span class="secno">2.3.2 </span>Exchanging the Identification Certificate</a></li><li class="tocline"><a href="#processing-the-webid-profile" class="tocxref"><span class="secno">2.3.3 </span>Processing the WebID Profile</a></li><li class="tocline"><a href="#extracting-webid-url-details" class="tocxref"><span class="secno">2.3.4 </span>Extracting WebID URL Details</a></li><li class="tocline"><a href="#authorization" class="tocxref"><span class="secno">2.3.5 </span>Authorization</a></li><li class="tocline"><a href="#secure-communication" class="tocxref"><span class="secno">2.3.6 </span>Secure Communication</a></li></ul></li><li class="tocline"><a href="#the-webid-profile" class="tocxref"><span class="secno">2.4 </span>The WebID Profile</a><ul class="toc"><li class="tocline"><a href="#personal-information" class="tocxref"><span class="secno">2.4.1 </span>Personal Information</a></li><li class="tocline"><a href="#cryptographic-details" class="tocxref"><span class="secno">2.4.2 </span>Cryptographic Details</a></li></ul></li></ul></li><li class="tocline"><a href="#references" class="tocxref"><span class="secno">A. </span>References</a><ul class="toc"><li class="tocline"><a href="#normative-references" class="tocxref"><span class="secno">A.1 </span>Normative references</a></li><li class="tocline"><a href="#informative-references" class="tocxref"><span class="secno">A.2 </span>Informative references</a></li></ul></li></ul></div>
-
-
-
-<div class="informative section" id="introduction" typeof="bibo:Chapter" about="#introduction">
-
-<!-- OddPage -->
-<h2><span class="secno">1. </span>Introduction</h2><p><em>This section is non-normative.</em></p>
-
-<p>
-The WebID specification is designed to help alleviate the difficultly that
-remembering different logins, passwords and settings for websites has created. 
-It is also designed to provide a universal and extensible mechanism to express 
-public and private information about yourself. This section outlines the 
-motivation behind the specification and the relationship to other similar 
-specifications that are in active use today.
-</p>
-
-<div class="informative section" id="motivation" typeof="bibo:Chapter" about="#motivation">
-<h3><span class="secno">1.1 </span>Motivation</h3><p><em>This section is non-normative.</em></p>
-
-<p>
-It is a fundamental design criteria of the Web to enable individuals and
-organizations to control how they interact with the rest of society. This
-includes how one expresses their identity, public information and personal 
-details to social networks, Web sites and services.
-</p>
-
-<p>
-Semantic Web vocabularies such as Friend-of-a-Friend (FOAF) permit distributed 
-hyperlinked social networks to exist. This vocabulary, along with other 
-vocabularies, allow one to add information and services protection to 
-distributed social networks.
-</p>
-
-<p>
-One major criticism of open networks is that they seem to have no way of
-protecting the personal information distributed on the web or limiting
-access to resources. Few people are willing to make all their personal
-information public, many would like large pieces to be protected, making
-it available only to a select group of agents. Giving access to
-information is very similar to giving access to services. There are many
-occasions when people would like services to only be accessible to
-members of a group, such as allowing only friends, family members,
-colleagues to post an article, photo or comment on a blog. How does one do
-this in a flexible way, without requiring a central point of
-access control?
-</p>
-
-<p>
-Using an process made popular by OpenID, we show how one can tie a User
-Agent to a URL by proving that one has write access to the URL. WebID is
-a simpler alternative to OpenID (fewer connections), that uses X.509 
-certificates to tie a User Agent (Browser) to a Person identified via a URL. 
-WebID also provides a few additional features to OpenID. These
-features include trust management, via digital signatures, and free-form 
-extensibility via RDFa. By using the existing SSL certificate exchange
-mechanism, WebID integrates more smoothly with existing Web browsers, including
-browsers on mobile devices. WebID also permits automated session login
-in addition to interactive session login. Additionally, all data is encrypted
-and guaranteed to only be received by the person or organization that was 
-intended to receive it.
-</p>
-
-</div>
-
-<div class="informative section" id="relation-to-openid" typeof="bibo:Chapter" about="#relation-to-openid">
-<h3><span class="secno">1.2 </span>Relation to OpenID</h3><p><em>This section is non-normative.</em></p>
-
-<p class="issue">This section needs to be re-written. The flow and grammar
-leaves much to be desired. -- manu</p>
-
-<p>WebID is compatible with OpenID. Both protocols use a URL that dereferences
-to a Personal Profile Document. This Personal Profile Document is where further
-information about an identity can be discovered. This mechanism is compatible
-with both WebID and OpenID. Therefore, WebID does not intend to replace OpenID, 
-but can work beside OpenID by sharing the content in the Personal Profile
-Document.</p>
-
-<p>That said, there are a number of benefits that WebID achieves over OpenID:
-</p>
-
-<p>WebID gives people and other agents a WebID URL for identification. OpenID 
-also provides a URL to a Personal Profile Document. However, in the case of 
-WebID, one does not need to remember the URL since the User Agent remembers
-the URL on behalf of the person browsing. To log in on a WebID web site there 
-is no need to enter any identifier like one has to do for OpenID. Just one click 
-tells the browser to send the WebID URL. The person that is browsing does 
-not need to remember either their WebID URL or the website password. The only 
-password one may need to remember is the one that is used to access their 
-collection of WebIDs in their browser, and that's only if they opt-in to 
-password protect their WebIDs.
-</p>
-
-<p>
-While WebID works well in a browser environment, it is also very useful outside
-of the browser environment. WebID can also operate without requiring the use
-of any passwords. This is useful to developers that may 
-want to use WebID to perform server-to-server or peer-to-peer verification of 
-identity. WebID works for automated agents such as Search Agents, API Agents,
-and other automated mechanisms that are often found outside of the browser
-environment.
-</p>
-
-<p>The WebID protocol requires just one direct network connection to establish
-identity via the client. The server requires one connection to the client and
-one connection to retrieve the WebID Profile if it does not have the credential
-information cached. Compare this to the much more complex OpenID sequence, which
-requires six connections by the client to establish a login. In a world of 
-distributed data where each site can point to data on any other site, multiple 
-connections become costly to manage.</p>
-
-<p>WebID builds on a number of well established Internet and Web standards;
-<a href="http://en.wikipedia.org/wiki/REST">REST</a>, 
-RDF [<a class="bibref" rel="biblioentry" href="#bib-RDF-PRIMER">RDF-PRIMER</a>], RDFa [<a class="bibref" rel="biblioentry" href="#bib-RDFA-CORE">RDFA-CORE</a>], RDF/XML [<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">RDF-SYNTAX-GRAMMAR</a>], 
-TLS [<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">HTTP-TLS</a>], and X.509 [<a class="bibref" rel="biblioentry" href="#bib-X509V3">X509V3</a>]. By building on previous standards, 
-it makes both explaining and implementing WebID easier on developers.</p>
-
-<p>Since WebID is RESTful, you can perform basic HTTP operations to 
-<code>GET</code> your WebID, and if you needed update it, you can use
-HTTP <code>PUT</code> semantics. You can also create a WebID via 
-<code>POST</code>. This is improved from the OpenID specification, which
-requires a new set of operations described in the OpenID Attribute Exchange
-specification.</p>
-
-<p>WebID is built on RDF and thus enables all of the advanced semantic web
-concepts that RDF enables. For example, a developer may perform machine
-reasoning with a WebID. One can construct machine-executable statements like
-"If this WebID claims to be a friend of one of our partner WebIDs that is
-trusted and the relationship is bi-directional, trust the WebID." 
-While OpenID attempts to support this use case by mapping OpenID to RDF, it's
-far easier to do with WebID because WebID is natively RDF-aware.</p>
-
-<p>It is easy to extend a WebID with new attributes via RDF. The power of
-RDF allows developers to add extensions to WebID by defining new
-vocabularies that they publish. There is no authorization process necessary
-and thus WebID allows for distributed innovation. Every WebID property is
-a URI, which when clicked, can give you yet more information about what the
-property means. A developer can create new usage classes by extending their
-vocabulary at will. A developer can add relationships to a WebID by simply
-adding more HTML to the developer's page. OpenID does not provide any type of
-distributed innovation akin to RDF.</p>
-
-<p>Implementing WebID is easier than OpenID because all of the basic 
-technologies have been working and integrated into Web browsers for many years. 
-There were already three interoperable implementations of WebID before this 
-specification was written.</p>
-
-<p>WebID is truly decentralized - with WebID you get a web of trust. 
-OpenID only supports the Web of Trust model if you indirectly trust the
-OpenID provider. In other words - OpenID is not truly decentralized. In OpenID
-you must trust OpenID providers. With WebID you only have to trust the people
-and the organizations with which you are communicating. In other words, you
-don't have to ask anyone whether or not you can trust your friends. You can
-query people that you trust directly to see if someone is trustworthy or not.
-There is no need for a central WebID authority.
-</p>
-
-<p>WebID is fully distributed, anyone can setup a WebID by placing a single
-file on a web server of their choosing. There is no need for a special 
-OpenID-like provider service. The only thing anyone that wants a WebID needs
-is a web account where you can post your WebID file, ideally on your own domain 
-name. You can also use a WebID hosting provider, but it's not necessary for
-WebID to work. While it is possible to run an OpenID server, other
-OpenID applications may not trust you and thus you won't be able to fully
-utilize your private OpenID credentials. The reason that there are a few
-large OpenID providers and very few small OpenID providers is because of this
-trust design issue related to OpenID.</p>
-
-<p>WebID does not require HTTP redirects. Redirects are problematic on many
-cell phones, because telecoms heavily rely on proxys, which selectively block
-redirects.</p>
-
-<p>A WebID provider is 100% compatible with an OpenID provider and thus can 
-inter-operate with OpenID-powered networks.</p>
-
-</div>
-
-<div class="informative section" id="relation-to-oauth" typeof="bibo:Chapter" about="#relation-to-oauth">
-<h3><span class="secno">1.3 </span>Relation to OAuth</h3><p><em>This section is non-normative.</em></p>
-
-<p>
-OAuth and WebID are mutually beneficial when used together. WebID can be
-used to provide RSA parameters to the RSA-SHA1 signature method required by
-OAuth 1.0. WebID can also be used to establish the consumer_key and HTTPS 
-connection that will be used to transmit OAuth Tokens in OAuth 2.0.
-</p>
-
-</div>
-</div>
-
-<div class="normative section" id="the-webid-protocol" typeof="bibo:Chapter" about="#the-webid-protocol">
-
-<!-- OddPage -->
-<h2><span class="secno">2. </span>The WebID Protocol</h2>
-
-<div class="normative section" id="terminology" typeof="bibo:Chapter" about="#terminology">
-<h3><span class="secno">2.1 </span>Terminology</h3>
-
-<dl>
-
-<dt><dfn title="Verification_Agent" id="dfn-verification_agent">Verification Agent</dfn></dt>
-<dd>Performs authentication on provided WebID credentials and determines if
-an <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> can have access to a particular 
-resource. A <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> is typically a Web server, but 
-may also be a peer on a peer-to-peer network.</dd>
-
-<dt><dfn title="Identification_Agent" id="dfn-identification_agent">Identification Agent</dfn></dt>
-<dd>Provides identification credentials to a Verification Agent. The
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> is typically also a User Agent.</dd>
-
-<dt><dfn title="Identification_Certificate" id="dfn-identification_certificate">Identification Certificate</dfn></dt>
-<dd>An X.509 [<a class="bibref" rel="biblioentry" href="#bib-X509V3">X509V3</a>] Certificate that <em class="rfc2119" title="must">must</em> contain a 
-<code>Subject Alternative Name</code> extension with a URI entry. The URI
-<em class="rfc2119" title="should">should</em> be a URL, and <em class="rfc2119" title="should not">should not</em> be a URN. The URL
-identifies the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>. The URL <em class="rfc2119" title="must">must</em> be 
-dereference-able and result in a document containing RDF data. For example, 
-the certificate would contain <code>http://example.org/webid#public</code>,
-known as a <a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a>, as the <code>Subject Alternative Name</code>:
-<code><pre>
-X509v3 extensions:
-   ...
-   X509v3 Subject Alternative Name:
-      URI:http://example.org/webid#public
-</pre></code>
-
-</dd><dt><dfn title="WebID_URL" id="dfn-webid_url">WebID URL</dfn></dt>
-<dd>A URL specified via the <code>Subject Alternative Name</code> extension 
-of the <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> that identifies an 
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>.</dd>
-
-<dt><dfn title="public_key" id="dfn-public_key">public key</dfn></dt>
-<dd>A widely distributed crytographic key that can be used to verify 
-digital signatures and encrypt data between a sender and a receiver. A public
-key is always included in an <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a></dd>
-
-<dt><dfn title="WebID_Profile" id="dfn-webid_profile">WebID Profile</dfn></dt>
-<dd>
-A structured document that contains identification credentials for the 
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> expressed using the Resource Description
-Framework [<a class="bibref" rel="biblioentry" href="#bib-RDF-CONCEPTS">RDF-CONCEPTS</a>]. Either the XHTML+RDFa 1.1 [<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">XHTML-RDFA</a>] 
-serialization format or the RDF/XML [<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">RDF-SYNTAX-GRAMMAR</a>] serialization
-format <em class="rfc2119" title="must">must</em> be supported by the mechanism, e.g. a Web Service, providing the
-WebID Profile document. Alternate RDF serialization
-formats, such as N3 [<a class="bibref" rel="biblioentry" href="#bib-N3">N3</a>] or Turtle [<a class="bibref" rel="biblioentry" href="#bib-TURTLE">TURTLE</a>], <em class="rfc2119" title="may">may</em> be supported by the 
-mechanism providing the WebID Profile document.
-</dd>
-
-</dl>
-
-<p class="issue">Whether or not RDF/XML, XHTML+RDFa 1.1, both or neither
-serialization of RDF should be required serialization formats in the 
-specification is currently under heavy debate.</p>
-
-</div>
-
-<div class="normative section" id="authentication-sequence" typeof="bibo:Chapter" about="#authentication-sequence">
-<h3><span class="secno">2.2 </span>Authentication Sequence</h3>
-
-<p>The following steps are executed by Verification Agents and Identification
-Agents to determine if access should be granted to a particular resource.
-</p>
-
-<ol>
-<li>The <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> attempts to access a resource
-using HTTP over TLS [<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">HTTP-TLS</a>] via the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>.</li>
-
-<li>The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="must">must</em> request the 
-<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> of the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>
-as a part of the TLS client-cerificate retrieval protocol.</li>
-
-<li>The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="must">must</em> extract the <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> and the
-<a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a> contained in the <code>Subject Alternative Name</code> 
-extension of the <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a>.</li>
-
-<li>The <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> information associated with the 
-<a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a> <em class="rfc2119" title="must">must</em> be checked by the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>. 
-This process <em class="rfc2119" title="should">should</em> occur either by dereferencing the <a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a> and 
-extracting RDF data from the resulting document, or by utilizing a cached 
-version of the RDF data contained in the document or other data source that is 
-up-to-date and trusted by the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>. The processing
-and extraction mechanism is further detailed in the sections titled 
-<a href="#processing-the-webid-profile">Processing the WebID Profile</a> and
-<a href="#extracting-webid-url-details">Extracting WebID URL Details</a>.
-</li>
-
-<li>If the <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> in the 
-<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> is found in the list of 
-<a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a>s associated with the <a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a>, the 
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="must">must</em> assume that the client intends to use
-the <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> to verify their ownership of the WebID URL.</li>
-
-<li>
-The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> verifies that the 
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> owns the <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a> 
-by using the <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> to create a cryptographic challenge. 
-The challenge <em class="rfc2119" title="should">should</em> be fulfilled by performing TLS mutual-authentication
-between the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> and the 
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>. 
-If the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> does not have access to the TLS layer, 
-a digital signature challenge <em class="rfc2119" title="must">must</em> be provided by the 
-<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>. These processes are detailed in the sections 
-titled <a href="#authorization">Authorization</a> and 
-<a href="#secure-communication">Secure Communication</a>.</li>
-
-</ol>
-
-<p>
-The <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> <em class="rfc2119" title="may">may</em> re-establish a different identity at 
-any time by executing all of the steps in the Authentication Sequence again. 
-Additional algorithms, detailed in the next section, <em class="rfc2119" title="may">may</em> be performed to 
-determine if the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> can access a particular 
-resource after the last step of the Authentication Sequence has been
-completed.
-</p>
-
-</div>
-
-<div class="normative section" id="authentication-sequence-details" typeof="bibo:Chapter" about="#authentication-sequence-details">
-<h3><span class="secno">2.3 </span>Authentication Sequence Details</h3>
-
-<p>This section covers details about each step in the authentication process.
-</p>
-
-<div class="normative section" id="initiating-a-tls-connection" typeof="bibo:Chapter" about="#initiating-a-tls-connection">
-<h4><span class="secno">2.3.1 </span>Initiating a TLS Connection</h4>
-
-<p class="issue">This section will detail how the TLS connection process is
-started and used by WebID to create a secure channel between the 
-Identification Agent and the Verification Agent.</p>
-</div>
-
-<div class="normative section" id="exchanging-the-identification-certificate" typeof="bibo:Chapter" about="#exchanging-the-identification-certificate">
-<h4><span class="secno">2.3.2 </span>Exchanging the Identification Certificate</h4>
-
-<p class="issue">This section will detail how the certificate is selected and
-sent to the Verification Agent.</p>
-</div>
-
-<div class="normative section" id="processing-the-webid-profile" typeof="bibo:Chapter" about="#processing-the-webid-profile">
-<h4><span class="secno">2.3.3 </span>Processing the WebID Profile</h4>
-
-<p>A Verification Agent <em class="rfc2119" title="must">must</em> be able to process documents in RDF/XML 
-[<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">RDF-SYNTAX-GRAMMAR</a>] and XHTML+RDFa [<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">XHTML-RDFA</a>]. A server responding to 
-a WebID Profile request <em class="rfc2119" title="should">should</em> support HTTP content negotiation. The server
-<em class="rfc2119" title="must">must</em> return a representation in RDF/XML for media type
-<code>application/rdf+xml</code>.
-The server <em class="rfc2119" title="must">must</em> return a representation in XHTML+RDFa for media type
-<code>text/html</code> or media type 
-<code>application/xhtml+xml</code>. <a class="tref" title="Verification_Agents">Verification Agents</a> and 
-<a class="tref" title="Identification_Agents">Identification Agents</a> <em class="rfc2119" title="may">may</em> support any other RDF format via 
-HTTP content negotiation.
-</p> 
-
-<p class="issue">This section will explain how a Verification Agent extracts 
-semantic data describing the identification credentials from a WebID Profile.</p>
-</div>
-
-<div class="normative section" id="extracting-webid-url-details" typeof="bibo:Chapter" about="#extracting-webid-url-details">
-<h4><span class="secno">2.3.4 </span>Extracting WebID URL Details</h4>
-
-<p>
-The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> may use a number of different methods to
-extract the <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> information from the <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a>.
-</p>
-The following SPARQL query outlines one way in which the <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a>
-could be extracted from the <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a>:
-<code><pre>
-PREFIX cert: &lt;http://www.w3.org/ns/auth/cert#&gt;
-PREFIX rsa: &lt;http://www.w3.org/ns/auth/rsa#&gt;
-SELECT ?modulus ?exp
-WHERE {
-   ?key cert:identity &lt;http://example.org/webid#public&gt;;
-      a rsa:RSAPublicKey;
-      rsa:modulus [ cert:hex ?modulus; ];
-      rsa:public_exponent [ cert:decimal ?exp ] .
-}
-</pre></code>
-
-<p class="issue">This section still needs more information.</p>
-
-</div>
-
-<div class="normative section" id="authorization" typeof="bibo:Chapter" about="#authorization">
-<h4><span class="secno">2.3.5 </span>Authorization</h4>
-
-<p class="issue">This section will explain how a Verification Agent may
-use the information discovered via a WebID URL to determine if one should
-be able to access a particular resource. It will explain how a Verification
-Agent can use links to other RDFa documents to build knowledge about the
-given WebID.</p>
-
-</div>
-
-<div class="normative section" id="secure-communication" typeof="bibo:Chapter" about="#secure-communication">
-<h4><span class="secno">2.3.6 </span>Secure Communication</h4>
-
-<p class="issue">This section will explain how an Identification Agent and
-a Verification Agent may communicate securely using a set of verified
-identification credentials.</p>
-
-<p>
-If the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> has verified that the
-<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a> is owned by the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>, 
-the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="should">should</em> use the verified 
-<a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> contained in the <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> 
-for all TLS-based communication with the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>.
-This ensures that both the <a class="tref" title="Authorization_Agent">Authorization Agent</a> and the 
-<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>
-are communicating in a secure manner, ensuring cryptographically protected
-privacy for both sides.
-</p>
-
-</div>
-
-</div>
-
-<div class="normative section" id="the-webid-profile" typeof="bibo:Chapter" about="#the-webid-profile">
-<h3><span class="secno">2.4 </span>The WebID Profile</h3>
-
-<p>The <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a> is a structured document that contains 
-identification credentials for the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> expressed 
-using the Resource Description Framework [<a class="bibref" rel="biblioentry" href="#bib-RDF-CONCEPTS">RDF-CONCEPTS</a>]. The following 
-sections describe how to express certain common properties that could be used
-by <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>s and other entities that consume a 
-<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a>.</p>
-
-<p>The following vocabularies are used in their shortened form in the 
-subsequent sections:</p>
-
-<dl>
-  <dt>foaf</dt>
-  <dd>http://xmlns.com/foaf/0.1/</dd>
-  <dt>cert</dt>
-  <dd>http://www.w3.org/ns/auth/cert#</dd>
-  <dt>rsa</dt>
-  <dd>http://www.w3.org/ns/auth/rsa#</dd>
-</dl>
-
-<div class="normative section" id="personal-information" typeof="bibo:Chapter" about="#personal-information">
-<h4><span class="secno">2.4.1 </span>Personal Information</h4>
-
-<p>Personal details are the most common requirement when registering an 
-account with a website. Some of these pieces of information include an e-mail 
-address, a name and perhaps an avatar image. This section includes
-properties that <em class="rfc2119" title="should">should</em> be used when conveying key pieces of personal 
-information but are <em class="rfc2119" title="not required">not required</em> to be present in a WebID Profile:</p>
-
-<dl>
-  <dt>foaf:mbox</dt>
-  <dd>The e-mail address that is associated with the WebID URL.</dd>
-  <dt>foaf:name</dt>
-  <dd>The name that is most commonly used to refer to the individual 
-    or agent.</dd>
-  <dt>foaf:depiction</dt>
-  <dd>An image representation of the individual or agent.</dd>
-</dl>
-</div>
-
-<div class="normative section" id="cryptographic-details" typeof="bibo:Chapter" about="#cryptographic-details">
-<h4><span class="secno">2.4.2 </span>Cryptographic Details</h4>
-
-<p>Cryptographic details are important when <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>s
-and <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>s interact. The following properties 
-<em class="rfc2119" title="should">should</em> be used when conveying cryptographic information in WebID Profile
-documents:</p>
-
-<dl>
-  <dt>rsa:RSAPublicKey</dt>
-  <dd>Expresses an RSA public key. The RSAPublicKey <em class="rfc2119" title="must">must</em> specify the
-  rsa:modulus and rsa:public_exponent properties.</dd>
-  <dt>cert:identity</dt>
-  <dd>Used to associate an RSAPublicKey with a WebID URL. A WebID Profile
-  <em class="rfc2119" title="must">must</em> contain at least one RSAPublicKey that is associated with the
-  corresponding WebID URL.</dd>
-</dl>
-</div>
-
-</div>
-
-<div id="appendix" typeof="bibo:Chapter" about="#appendix" class="section">
-
-<div class="informative section" id="history" typeof="bibo:Chapter" about="#history">
-<h4>Change History</h4><p><em>This section is non-normative.</em></p>
-<p><a href="http://github.com/msporny/webid-spec/commit/b19d2812901b4511fdf9876c1be53bb36ee3201e">2010-07-25</a> Added WebID Profile section.</p>
-<p><a href="http://github.com/msporny/webid-spec/commit/211d197510ca119c21ae48f3e5aa3f931ea88672">2010-07-18</a> Updates from WebID community related to RDF/XML support, authentication sequence corrections, abstract and introduction updates.</p>
-<p><a href="http://github.com/msporny/webid-spec/commit/a54dee9c242b08edaac617d678215b389dd3556d">2010-07-11</a> Initial version.</p>
-</div>
-
-<div class="informative section" id="acknowledgements" typeof="bibo:Chapter" about="#acknowledgements">
-<h4>Acknowledgments</h4><p><em>This section is non-normative.</em></p>
-
-<p>The following people have been instrumental in providing thoughts, feedback,
-reviews, criticism and input in the creation of this specification:</p>
-
-<ul>
-<li>Melvin Carvalho</li>
-<li>Bruno Harbulot</li>
-<li>Toby Inkster</li>
-<li>Ian Jacobi</li>
-<li>Jeff Sayre</li>
-<li>Henry Story</li>
-</ul>
-
-</div>
-</div>
-  
-
-
-</div><div id="references" class="appendix section" typeof="bibo:Chapter" about="#references">
-<!-- OddPage -->
-<h2><span class="secno">A. </span>References</h2><div id="normative-references" typeof="bibo:Chapter" about="#normative-references" class="section"><h3><span class="secno">A.1 </span>Normative references</h3><dl class="bibliography" about=""><dt id="bib-HTTP-TLS">[HTTP-TLS]</dt><dd rel="dcterms:requires">E. Rescorla. <a href="http://www.ietf.org/rfc/rfc2818.txt"><cite>HTTP Over TLS.</cite></a> May 2000. Internet RFC 2818. URL: <a href="http://www.ietf.org/rfc/rfc2818.txt">http://www.ietf.org/rfc/rfc2818.txt</a> 
-</dd><dt id="bib-N3">[N3]</dt><dd rel="dcterms:requires">Tim Berners-Lee; Dan Connolly. <a href="http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/"><cite>Notation3 (N3): A readable RDF syntax.</cite></a> 14 January 2008. W3C Team Submission. URL: <a href="http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/">http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/</a> 
-</dd><dt id="bib-RDF-PRIMER">[RDF-PRIMER]</dt><dd rel="dcterms:requires">Frank Manola; Eric Miller. <a href="http://www.w3.org/TR/2004/REC-rdf-primer-20040210/"><cite>RDF Primer.</cite></a> 10 February 2004. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2004/REC-rdf-primer-20040210/">http://www.w3.org/TR/2004/REC-rdf-primer-20040210/</a> 
-</dd><dt id="bib-RDF-SYNTAX-GRAMMAR">[RDF-SYNTAX-GRAMMAR]</dt><dd rel="dcterms:requires">Dave Beckett. <a href="http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210"><cite>RDF/XML Syntax Specification (Revised).</cite></a> 10 February 2004. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210">http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210</a> 
-</dd><dt id="bib-RDFA-CORE">[RDFA-CORE]</dt><dd rel="dcterms:requires">Shane McCarron; et al. <a href="http://www.w3.org/TR/2010/WD-rdfa-core-20100422"><cite>RDFa Core 1.1: Syntax and processing rules for embedding RDF through attributes.</cite></a>22 April 2010. W3C Working Draft. URL: <a href="http://www.w3.org/TR/2010/WD-rdfa-core-20100422">http://www.w3.org/TR/2010/WD-rdfa-core-20100422</a> 
-</dd><dt id="bib-TURTLE">[TURTLE]</dt><dd rel="dcterms:requires">David Beckett, Tim Berners-Lee. <a href="http://www.w3.org/TeamSubmission/turtle/">Turtle: Terse RDF Triple Language</a> January 2008. W3C Team Submission. URL: <a href="http://www.w3.org/TeamSubmission/turtle/">http://www.w3.org/TeamSubmission/turtle/</a> 
-</dd><dt id="bib-X509V3">[X509V3]</dt><dd rel="dcterms:requires"><cite>ITU-T Recommendation X.509 version 3 (1997). "Information Technology - Open Systems Interconnection - The Directory Authentication Framework"  ISO/IEC 9594-8:1997</cite>.
-</dd><dt id="bib-XHTML-RDFA">[XHTML-RDFA]</dt><dd rel="dcterms:requires">Shane McCarron; et. al. <a href="http://www.w3.org/TR/2010/WD-xhtml-rdfa-20100422"><cite>XHTML+RDFa 1.1.</cite></a> 22 April 2010. W3C Working Draft. URL: <a href="http://www.w3.org/TR/2010/WD-xhtml-rdfa-20100422">http://www.w3.org/TR/WD-xhtml-rdfa-20100422</a> 
-</dd></dl></div><div id="informative-references" typeof="bibo:Chapter" about="#informative-references" class="section"><h3><span class="secno">A.2 </span>Informative references</h3><dl class="bibliography" about=""><dt id="bib-RDF-CONCEPTS">[RDF-CONCEPTS]</dt><dd rel="dcterms:references">Graham Klyne; Jeremy J. Carroll. <a href="http://www.w3.org/TR/2004/REC-rdf-concepts-20040210"><cite>Resource Description Framework (RDF): Concepts and Abstract Syntax.</cite></a> 10 February 2004. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2004/REC-rdf-concepts-20040210">http://www.w3.org/TR/2004/REC-rdf-concepts-20040210</a> 
-</dd></dl></div></div></body></html>
--- a/drafts/ED-webid-20100809/diff-20100725.html	Tue Jan 25 09:51:23 2011 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,6604 +0,0 @@
-<!DOCTYPE html PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN' 'http://www.w3.org/TR/html4/loose.dtd'>
-<html lang="en" dir="ltr" about="" property="dcterms:language" content="en" prefix="dcterms: http://purl.org/dc/terms/ bibo: http://purl.org/ontology/bibo/ foaf: http://xmlns.com/foaf/0.1/ xsd: http://www.w3.org/2001/XMLSchema#">
-<head>
-
-
-  
-    <title>WebID 1.0</title>
-    <meta http-equiv="Content-Type" content="text/html;charset=utf-8">
-    <!-- 
-      === NOTA BENE ===
-      For the three scripts below, if your spec resides on dev.w3 you can check them
-      out in the same tree and use relative links so that they'll work offline,
-     -->
-<style type="text/css">
-code           { font-family: monospace; }
-
-span.hilite { color: red; /* font-weight: bold */ }
-
-li p           { margin-top: 0.3em;
-                 margin-bottom: 0.3em; }
-
-div.explanation { background-color: #ADD8E6;
-                   width: 80%;
-                   margin: 12px; padding: 8px; }
-div.explanation li { margin-top: 8px; }
-div.explanation dd { margin: 4px; }
-
-.adef { 
-	font-family: monospace; 
-	font-weight: bold; 
-    color: #ff4500 !important;
-}
-
-.aref { 
-	font-family: monospace; 
-	font-weight: bold; 
-    color: #ff4500 !important;
-}
-
-span.entity { color: red; }
-
-span.element { color: green; }
-</style>
-
-     
-<!--    <script src='/ReSpec.js/js/respec.js' class='remove'></script> -->
-
-    
-  <style type="text/css">
-/*****************************************************************
- * ReSpec CSS
- * Robin Berjon (robin at berjon dot com)
- * v0.05 - 2009-07-31
- *****************************************************************/
-
-
-/* --- INLINES --- */
-em.rfc2119 { 
-    text-transform:     lowercase;
-    font-variant:       small-caps;
-    font-style:         normal;
-    color:              #900;
-}
-
-h1 acronym, h2 acronym, h3 acronym, h4 acronym, h5 acronym, h6 acronym, a acronym,
-h1 abbr, h2 abbr, h3 abbr, h4 abbr, h5 abbr, h6 abbr, a abbr {
-    border: none;
-}
-
-dfn {
-    font-weight:    bold;
-}
-
-a.internalDFN {
-    color:  inherit;
-    border-bottom:  medium solid #99c;
-    text-decoration:    none;
-}
-
-a.externalDFN {
-    color:  inherit;
-    border-bottom:  medium dotted #ccc;
-    text-decoration:    none;
-}
-
-a.bibref {
-    text-decoration:    none;
-}
-
-code {
-    color:  #ff4500;
-}
-
-
-/* --- WEB IDL --- */
-pre.idl {
-    border-top: 1px solid #90b8de;
-    border-bottom: 1px solid #90b8de;
-    padding:    1em;
-    line-height:    120%;
-}
-
-pre.idl::before {
-    content:    "WebIDL";
-    display:    block;
-    width:      150px;
-    background: #90b8de;
-    color:  #fff;
-    font-family:    initial;
-    padding:    3px;
-    font-weight:    bold;
-    margin: -1em 0 1em -1em;
-}
-
-.idlType {
-    color:  #ff4500;
-    font-weight:    bold;
-    text-decoration:    none;
-}
-
-/*.idlModule*/
-/*.idlModuleID*/
-/*.idlInterface*/
-.idlInterfaceID {
-    font-weight:    bold;
-    color:  #005a9c;
-}
-
-.idlSuperclass {
-    font-style: italic;
-    color:  #005a9c;
-}
-
-/*.idlAttribute*/
-.idlAttrType, .idlFieldType {
-    color:  #005a9c;
-}
-.idlAttrName, .idlFieldName {
-    color:  #ff4500;
-}
-.idlAttrName a, .idlFieldName a {
-    color:  #ff4500;
-    border-bottom:  1px dotted #ff4500;
-    text-decoration: none;
-}
-
-/*.idlMethod*/
-.idlMethType {
-    color:  #005a9c;
-}
-.idlMethName {
-    color:  #ff4500;
-}
-.idlMethName a {
-    color:  #ff4500;
-    border-bottom:  1px dotted #ff4500;
-    text-decoration: none;
-}
-
-/*.idlParam*/
-.idlParamType {
-    color:  #005a9c;
-}
-.idlParamName {
-    font-style: italic;
-}
-
-.extAttr {
-    color:  #666;
-}
-
-/*.idlConst*/
-.idlConstType {
-    color:  #005a9c;
-}
-.idlConstName {
-    color:  #ff4500;