merge latest version from msporny
authorscor <scorlosquet@gmail.com>
Mon, 19 Jul 2010 13:33:07 -0400
changeset 31 f40601bb2afd
parent 30 e5c451b7fb1d
child 35 cf4b8eecdd7f
merge latest version from msporny
index-respec.html
index.html
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/index-respec.html	Mon Jul 19 13:33:07 2010 -0400
@@ -0,0 +1,770 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!DOCTYPE html>
+<html>
+  <head>
+    <title>WebID 1.0</title>
+    <meta http-equiv='Content-Type' content='text/html;charset=utf-8'/>
+    <!-- 
+      === NOTA BENE ===
+      For the three scripts below, if your spec resides on dev.w3 you can check them
+      out in the same tree and use relative links so that they'll work offline,
+     -->
+<style type='text/css'>
+code           { font-family: monospace; }
+
+span.hilite { color: red; /* font-weight: bold */ }
+
+li p           { margin-top: 0.3em;
+                 margin-bottom: 0.3em; }
+
+div.explanation { background-color: #ADD8E6;
+                   width: 80%;
+                   margin: 12px; padding: 8px; }
+div.explanation li { margin-top: 8px; }
+div.explanation dd { margin: 4px; }
+
+.adef { 
+	font-family: monospace; 
+	font-weight: bold; 
+    color: #ff4500 !important;
+}
+
+.aref { 
+	font-family: monospace; 
+	font-weight: bold; 
+    color: #ff4500 !important;
+}
+
+span.entity { color: red; }
+
+span.element { color: green; }
+</style>
+
+    <script src='http://dev.w3.org/2009/dap/ReSpec.js/js/respec.js' class='remove'></script> 
+<!--    <script src='/ReSpec.js/js/respec.js' class='remove'></script> -->
+    <script class='remove'>
+      var preProc = {
+          apply:  function(c) {
+                    // process the document before anything else is done
+                    var refs = document.querySelectorAll('adef') ;
+                    for (var i = 0; i < refs.length; i++) {
+                        var item = refs[i];
+                        var p = item.parentNode ;
+                        var con = item.innerHTML ;
+                        var sp = document.createElement( 'dfn' ) ;
+                        var tit = item.getAttribute('title') ;
+                        if (!tit) {
+                            tit = con;
+                        }
+                        sp.className = 'adef' ;
+                        sp.title=tit ;
+                        sp.innerHTML = con ;
+                        p.replaceChild(sp, item) ;
+                    }
+                    refs = document.querySelectorAll('aref') ;
+                    for (var i = 0; i < refs.length; i++) {
+                        var item = refs[i];
+                        var p = item.parentNode ;
+                        var con = item.innerHTML ;
+                        var sp = document.createElement( 'a' ) ;
+                        sp.className = 'aref' ;
+                        sp.setAttribute('title', con);
+                        sp.innerHTML = '@'+con ;
+                        p.replaceChild(sp, item) ;
+                    }
+                    // local datatype references
+                    refs = document.querySelectorAll('ldtref') ;
+                    for (var i = 0; i < refs.length; i++) {
+                        var item = refs[i];
+                        if (!item) continue ;
+                        var p = item.parentNode ;
+                        var con = item.innerHTML ;
+                        var ref = item.getAttribute('title') ;
+                        if (!ref) {
+                            ref = item.textContent ;
+                        }
+                        if (ref) {
+                            ref = ref.replace(/\n/g, '_') ;
+                            ref = ref.replace(/\s+/g, '_') ;
+                        }
+                        var sp = document.createElement( 'a' ) ;
+                        sp.className = 'datatype';
+                        sp.title = ref ;
+                        sp.innerHTML = con ;
+                        p.replaceChild(sp, item) ;
+                    }
+                    // external datatype references
+                    refs = document.querySelectorAll('dtref') ;
+                    for (var i = 0; i < refs.length; i++) {
+                        var item = refs[i];
+                        if (!item) continue ;
+                        var p = item.parentNode ;
+                        var con = item.innerHTML ;
+                        var ref = item.getAttribute('title') ;
+                        if (!ref) {
+                            ref = item.textContent ;
+                        }
+                        if (ref) {
+                            ref = ref.replace(/\n/g, '_') ;
+                            ref = ref.replace(/\s+/g, '_') ;
+                        }
+                        var sp = document.createElement( 'a' ) ;
+                        sp.className = 'externalDFN';
+                        sp.title = ref ;
+                        sp.innerHTML = con ;
+                        p.replaceChild(sp, item) ;
+                    }
+                    // now do terms
+                    refs = document.querySelectorAll('tdef') ;
+                    for (var i = 0; i < refs.length; i++) {
+                        var item = refs[i];
+                        if (!item) continue ;
+                        var p = item.parentNode ;
+                        var con = item.innerHTML ;
+                        var ref = item.getAttribute('title') ;
+                        if (!ref) {
+                            ref = item.textContent ;
+                        }
+                        if (ref) {
+                            ref = ref.replace(/\n/g, '_') ;
+                            ref = ref.replace(/\s+/g, '_') ;
+                        }
+                        var sp = document.createElement( 'dfn' ) ;
+                        sp.title = ref ;
+                        sp.innerHTML = con ;
+                        p.replaceChild(sp, item) ;
+                    }
+                    // now term references
+                    refs = document.querySelectorAll('tref') ;
+                    for (var i = 0; i < refs.length; i++) {
+                        var item = refs[i];
+                        if (!item) continue ;
+                        var p = item.parentNode ;
+                        var con = item.innerHTML ;
+                        var ref = item.getAttribute('title') ;
+                        if (!ref) {
+                            ref = item.textContent ;
+                        }
+                        if (ref) {
+                            ref = ref.replace(/\n/g, '_') ;
+                            ref = ref.replace(/\s+/g, '_') ;
+                        }
+
+                        var sp = document.createElement( 'a' ) ;
+                        var id = item.textContent ;
+                        sp.className = 'tref' ;
+                        sp.title = ref ;
+                        sp.innerHTML = con ;
+                        p.replaceChild(sp, item) ;
+                    }
+                }
+        } ;
+
+
+      var respecConfig = {
+          // specification status (e.g. WD, LCWD, NOTE, etc.). If in doubt use ED.
+          // embed RDFa data in the output
+          doRDFa: true,
+          specStatus:           "unofficial",
+          //publishDate:          "2010-07-05",
+          diffTool:             "http://www3.aptest.com/standards/htmldiff/htmldiff.pl",
+          
+          // the specifications short name, as in http://www.w3.org/TR/short-name/
+          shortName:            "webid",
+          subtitle: "Web Identification and Discovery",
+
+          // if you wish the publication date to be other than today, set this
+          // publishDate:  "2009-08-06",
+          copyrightStart:  "2010",
+
+          // if there is a previously published draft, uncomment this and set its YYYY-MM-DD date
+          // and its maturity status
+          previousPublishDate:  "2010-07-11",
+          previousMaturity:  "ED",
+          previousURI:       "http://payswarm.com/webid/drafts/ED-webid-20100711/",
+
+
+          // if there a publicly available Editors Draft, this is the link
+          edDraftURI:           "http://payswarm.com/webid/",
+
+          // if this is a LCWD, uncomment and set the end of its review period
+          // lcEnd: "2009-08-05",
+
+          // if you want to have extra CSS, append them to this list
+          // it is recommended that the respec.css stylesheet be kept
+          extraCSS:             ['http://dev.w3.org/2009/dap/ReSpec.js/css/respec.css'],
+
+          // editors, add as many as you like
+          // only "name" is required
+          editors:  [
+              { name: "Manu Sporny", mailto:"[email protected]",
+                  company: "Digital Bazaar, Inc.", companyURL: "http://blog.digitalbazaar.com/" }
+              ],
+
+          // authors, add as many as you like. 
+          // This is optional, uncomment if you have authors as well as editors.
+          // only "name" is required. Same format as editors.
+
+          authors:  [
+              { name: "Toby Inkster", url: "http://tobyinkster.co.uk/" },
+              { name: "Henry Story", url: "http://bblfish.net/" },
+              { name: "Bruno Harbulot", url: "http://blog.distributedmatter.net/" },
+              { name: "Reto Bachmann-Gmür", url: "http://www.facebook.com/farewellutopia" }
+          ],
+
+//          errata: 'http://www.w3.org/MarkUp/2008/REC-rdfa-syntax-20081014-errata',
+          
+          // name of the WG
+          wg:           "Social Web XG",
+          
+          // URI of the public WG page
+          wgURI:        "http://esw.w3.org/Foaf%2Bssl",
+          
+          // name (with the @w3c.org) of the public mailing to which comments are due
+          wgPublicList: "socialweb-xg",
+          
+          // alternate formats for this document
+          alternateFormats: [
+              { uri: 'diff-20100711.html', 
+                  label: "Diff from previous Editors Draft" }],
+
+          // URI of the patent status for this WG, for Rec-track documents
+          // !!!! IMPORTANT !!!!
+          // This is important for Rec-track documents, do not copy a patent URI from a random
+          // document unless you know what you're doing. If in doubt ask your friendly neighbourhood
+          // Team Contact.
+          wgPatentURI:  "http://www.w3.org/2004/01/pp-impl/44350/status",
+          maxTocLevel: 4,
+          preProcess: [ preProc ] 
+      };
+
+
+      function updateExample(doc, content) {
+        // perform transformations to make it render and prettier
+        content = content.replace(/<!--/, '');
+        content = content.replace(/-->/, '');
+        content = doc._esc(content);
+        content = content.replace(/\*\*\*\*([^*]*)\*\*\*\*/g, '<span class="hilite">$1</span>') ;
+        return content ;
+      }
+
+      function updateDTD(doc, content) {
+        // perform transformations to 
+        // make it render and prettier
+        content = '<pre class="dtd">' + doc._esc(content) + '</pre>';
+        content = content.replace(/!ENTITY % ([^ \t\r\n]*)/g, '!ENTITY <span class="entity">% $1</span>');
+        content = content.replace(/!ELEMENT ([^ \t$]*)/mg, '!ELEMENT <span class="element">$1</span>');
+        return content;
+      }
+
+      function updateSchema(doc, content) {
+        // perform transformations to 
+        // make it render and prettier
+        content = '<pre class="dtd">' + doc._esc(content) + '</pre>';
+        content = content.replace(/&lt;xs:element\s+name=&quot;([^&]*)&quot;/g, '&lt;xs:element name="<span class="element" id="schema_element_$1">$1</span>"') ;
+        return content;
+      }
+
+      function updateTTL(doc, content) {
+        // perform transformations to 
+        // make it render and prettier
+        content = '<pre class="sh_sourceCode">' + doc._esc(content) + '</pre>';
+        content = content.replace(/@prefix/g, '<span class="sh_keyword">@prefix</span>');
+        return content;
+      }
+    </script>
+  </head>
+  <body>
+    <section id='abstract'>
+
+<p>Social networking, identity and privacy have been at the center of how we 
+interact with the Web in the last decade. The explosion of social networking 
+sites has brought the world closer together as well as created new points of
+pain regarding ease of use and the Web. Remembering login details, passwords,
+and sharing private information across the many websites and social groups
+that we are a part of has become more difficult and complicated than necessary. 
+The Social Web is designed to ensure that control of identity and privacy 
+settings is always simple and under one's control. WebID is a key enabler of the 
+Social Web. This specification outlines a simple universal identification 
+mechanism that is distributed, openly extensible, improves privacy, security 
+and control over how one can identify themselves and control access to their 
+information on the Web.
+</p>
+  
+<section>
+<h2>How to Read this Document</h2>
+  
+<p>There are a number of concepts that are covered in this document that the
+reader may want to be aware of before continuing. General knowledge of
+<a href="http://en.wikipedia.org/wiki/Public_key_cryptography">public key cryptography</a> 
+and RDF [[!RDF-PRIMER]] and RDFa [[!RDFA-CORE]] is necessary to understand how 
+to implement this specification. WebID uses a number of specific technologies 
+like HTTP over TLS [[!HTTP-TLS]], X.509 certificates [[!X509V3]], 
+RDF/XML [[!RDF-SYNTAX-GRAMMAR]] and XHTML+RDFa [[!XHTML-RDFA]].</p>
+
+<p>A general <a href="#introduction">Introduction</a> is provided for all that
+would like to understand why this specification is necessary to simplify usage
+of the Web.</p>
+
+<p>The terms used throughout this specification are listed in the section
+titled <a href="#terminology">Terminology</a>.</p>
+
+<p>Developers that are interested in implementing this specification will be
+most interested in the sections titled 
+<a href="#authentication-sequence">Authentication Sequence</a> and 
+<a href="#authentication-sequence-details">Authentication Sequence Details</a>.
+  
+</section>
+</section>
+
+<section id='sotd'>
+<!-- <p>This document has been reviewed by W3C Members, by software
+developers, and by other W3C groups and interested parties, and is
+endorsed by the Director as a W3C Recommendation. It is a stable
+document and may be used as reference material or cited from another
+document. W3C's role in making the Recommendation is to draw attention
+to the specification and to promote its widespread deployment. This
+enhances the functionality and interoperability of the Web.</p> -->
+
+The source code for this document is available via Github at the following
+URL: <a href="http://github.com/msporny/webid-spec">http://github.com/msporny/webid-spec</a>
+
+</section>
+
+<section class='informative'>
+<h1>Introduction</h1>
+
+<p>
+The WebID specification is designed to help alleviate the difficultly that
+remembering different logins, passwords and settings for websites has created. 
+It is also designed to provide a universal and extensible mechanism to express 
+public and private information about yourself. This section outlines the 
+motivation behind the specification and the relationship to other similar 
+specifications that are in active use today.
+</p>
+
+<section class='informative'>
+<h1>Motivation</h1>
+
+<p>
+It is a fundamental design criteria of the Web to enable individuals and
+organizations to control how they interact with the rest of society. This
+includes how one expresses their identity, public information and personal 
+details to social networks, Web sites and services.
+</p>
+
+<p>
+Semantic Web vocabularies such as Friend-of-a-Friend (FOAF) permit distributed 
+hyperlinked social networks to exist. This vocabulary, along with other 
+vocabularies, allow one to add information and services protection to 
+distributed social networks.
+</p>
+
+<p>
+One major criticism of open networks is that they seem to have no way of
+protecting the personal information distributed on the web or limiting
+access to resources. Few people are willing to make all their personal
+information public, many would like large pieces to be protected, making
+it available only to a select group of agents. Giving access to
+information is very similar to giving access to services. There are many
+occasions when people would like services to only be accessible to
+members of a group, such as allowing only friends, family members,
+colleagues to post an article, photo or comment on a blog. How does one do
+this in a flexible way, without requiring a central point of
+access control?
+</p>
+
+<p>
+Using an process made popular by OpenID, we show how one can tie a User
+Agent to a URL by proving that one has write access to the URL. WebID is
+a simpler alternative to OpenID (fewer connections), that uses X.509 
+certificates to tie a User Agent (Browser) to a Person identified via a URL. 
+WebID also provides a few additional features to OpenID. These
+features include trust management, via digital signatures, and free-form 
+extensibility via RDFa. By using the existing SSL certificate exchange
+mechanism, WebID integrates more smoothly with existing Web browsers, including
+browsers on mobile devices. WebID also permits automated session login
+in addition to interactive session login. Additionally, all data is encrypted
+and guaranteed to only be received by the person or organization that was 
+intended to receive it.
+</p>
+
+</section>
+
+<section class='informative'>
+<h1>Relation to OpenID</h1>
+
+<p class='issue'>This section needs to be re-written. The flow and grammar
+leaves much to be desired. -- manu</p>
+
+<p>WebID is compatible with OpenID. Both protocols use a URL that dereferences
+to a Personal Profile Document. This Personal Profile Document is where further
+information about an identity can be discovered. This mechanism is compatible
+with both WebID and OpenID. Therefore, WebID does not intend to replace OpenID, 
+but can work beside OpenID by sharing the content in the Personal Profile
+Document.</p>
+
+<p>That said, there are a number of benefits that WebID achieves over OpenID:
+</p>
+
+<p>WebID gives people and other agents a WebID URL for identification. OpenID 
+also provides a URL to a Personal Profile Document. However, in the case of 
+WebID, one does not need to remember the URL since the User Agent remembers
+the URL on behalf of the person browsing. To log in on a WebID web site there 
+is no need to enter any identifier like one has to do for OpenID. Just one click 
+tells the browser to send the WebID URL. The person that is browsing does 
+not need to remember either their WebID URL or the website password. The only 
+password one may need to remember is the one that is used to access their 
+collection of WebIDs in their browser, and that's only if they opt-in to 
+password protect their WebIDs.
+</p>
+
+<p>WebID gives people and other agents a Web ID URL for identification. OpenID
+also provides a URL to a Personal Profile Document. However, in the case of 
+WebID, the user does not need to remember the URL, the browser or User Agent 
+does. A login button on a WebID web site is just a button. No need to enter any 
+identifier like one has to for OpenID. Just click the button. Your browser will 
+then ask you what identity you wish to use. The person that is browsing does 
+not need to remember either the WebID URL or the website password. The only 
+password one needs to remember is the one that is used to access their 
+collection of WebIDs in their browser.</p>
+
+<p>The WebID protocol requires just one direct network connection to establish
+identity via the client. The server requires one connection to the client and
+one connection to retrieve the WebID Profile if it does not have the credential
+information cached. Compare this to the much more complex OpenID sequence, which
+requires six connections by the client to establish a login. In a world of 
+distributed data where each site can point to data on any other site, multiple 
+connections become costly to manage.</p>
+
+<p>WebID builds on a number of well established Internet and Web standards;
+<a href="http://en.wikipedia.org/wiki/REST">REST</a>, 
+RDF [[RDF-PRIMER]], RDFa [[!RDFA-CORE]], RDF/XML [[!RDF-SYNTAX-GRAMMAR]], 
+TLS [[!HTTP-TLS]], and X.509 [[!X509V3]]. By building on previous standards, 
+it makes both explaining and implementing WebID easier on developers.</p>
+
+<p>Since WebID is RESTful, you can perform basic HTTP operations to 
+<code>GET</code> your WebID, and if you needed update it, you can use
+HTTP <code>PUT</code> semantics. You can also create a WebID via 
+<code>POST</code>. This is improved from the OpenID specification, which
+requires a new set of operations described in the OpenID Attribute Exchange
+specification.</p>
+
+<p>WebID is built on RDF and thus enables all of the advanced semantic web
+concepts that RDF enables. For example, a developer may perform machine
+reasoning with a WebID. One can construct machine-executable statements like
+"If this WebID claims to be a friend of one of our partner WebIDs that is
+trusted and the relationship is bi-directional, trust the WebID." 
+While OpenID attempts to support this use case by mapping OpenID to RDF, it's
+far easier to do with WebID because WebID is natively RDF-aware.</p>
+
+<p>It is easy to extend a WebID with new attributes via RDF. The power of
+RDF allows developers to add extensions to WebID by defining new
+vocabularies that they publish. There is no authorization process necessary
+and thus WebID allows for distributed innovation. Every WebID property is
+a URI, which when clicked, can give you yet more information about what the
+property means. A developer can create new usage classes by extending their
+vocabulary at will. A developer can add relationships to a WebID by simply
+adding more HTML to the developer's page. OpenID does not provide any type of
+distributed innovation akin to RDF.</p>
+
+<p>Implementing WebID is easier than OpenID because all of the basic 
+technologies have been working and integrated into Web browsers for many years. 
+There were already three interoperable implementations of WebID before this 
+specification was written.</p>
+
+<p>WebID is truly decentralized - with WebID you get a web of trust. 
+OpenID only supports the Web of Trust model if you indirectly trust the
+OpenID provider. In other words - OpenID is not truly decentralized. In OpenID
+you must trust OpenID providers. With WebID you only have to trust the people
+and the organizations with which you are communicating. In other words, you
+don't have to ask anyone whether or not you can trust your friends. You can
+query people that you trust directly to see if someone is trustworthy or not.
+There is no need for a central WebID authority.
+</p>
+
+<p>WebID is fully distributed, anyone can setup a WebID by placing a single
+file on a web server of their choosing. There is no need for a special 
+OpenID-like provider service. The only thing anyone that wants a WebID needs
+is a web account where you can post your WebID file, ideally on your own domain 
+name. You can also use a WebID hosting provider, but it's not necessary for
+WebID to work. While it is possible to run an OpenID server, other
+OpenID applications may not trust you and thus you won't be able to fully
+utilize your private OpenID credentials. The reason that there are a few
+large OpenID providers and very few small OpenID providers is because of this
+trust design issue related to OpenID.</p>
+
+<p>WebID does not require HTTP redirects. Redirects are problematic on many
+cell phones, because telecoms heavily rely on proxys, which selectively block
+redirects.</p>
+
+<p>A WebID provider is 100% compatible with an OpenID provider and thus can 
+inter-operate with OpenID-powered networks.</p>
+
+</section>
+
+<section class='informative'>
+<h1>Relation to OAuth</h1>
+
+<p>
+OAuth and WebID are mutually beneficial when used together. WebID can be
+used to provide RSA parameters to the RSA-SHA1 signature method required by
+OAuth 1.0. WebID can also be used to establish the consumer_key and HTTPS 
+connection that will be used to transmit OAuth Tokens in OAuth 2.0.
+</p>
+
+</section>
+</section>
+
+<section class='normative'>
+<h1>The WebID Protocol</h1>
+
+<section class='normative'>
+<h1>Terminology</h1>
+
+<dl>
+
+<dt><tdef>Verification Agent</tdef></dt>
+<dd>Performs authentication on provided WebID credentials and determines if
+an <tref>Identification Agent</tref> can have access to a particular 
+resource. A <tref>Verification Agent</tref> is typically a Web server, but 
+may also be a peer on a peer-to-peer network.</dd>
+
+<dt><tdef>Identification Agent</tdef></dt>
+<dd>Provides identification credentials to a Verification Agent. The
+<tref>Identification Agent</tref> is typically also a User Agent.</dd>
+
+<dt><tdef>Identification Certificate</tdef></dt>
+<dd>An X.509 [[!X509V3]] Certificate that MUST contain a 
+<code>Subject Alternative Name</code> extension with a URI entry. The URI
+SHOULD be a URL, and SHOULD NOT be a URN. The URL
+identifies the <tref>Identification Agent</tref>. The URL MUST be 
+dereference-able and result in a document containing RDF data. For example, 
+the certificate would contain <code>http://example.org/webid#public</code>,
+known as a <tref>WebID URL</tref>, as the <code>Subject Alternative Name</code>:
+<code><pre>
+X509v3 extensions:
+   ...
+   X509v3 Subject Alternative Name:
+      URI:http://example.org/webid#public
+</pre></code>
+
+<dt><tdef>WebID URL</tdef></dt>
+<dd>A URL specified via the <code>Subject Alternative Name</code> extension 
+of the <tref>Identification Certificate</tref> that identifies an 
+<tref>Identification Agent</tref>.</dd>
+
+<dt><tdef>public key</tdef></dt>
+<dd>A widely distributed crytographic key that can be used to verify 
+digital signatures and encrypt data between a sender and a receiver. A public
+key is always included in an <tref>Identification Certificate</tref></dd>
+
+<dt><tdef>WebID Profile</tdef></dt>
+<dd>
+A structured document that contains identification credentials for the 
+<tref>Identification Agent</tref> expressed using the Resource Description
+Framework [[RDF-CONCEPTS]]. Either the XHTML+RDFa 1.1 [[!XHTML-RDFA]] 
+serialization format or the RDF/XML [[!RDF-SYNTAX-GRAMMAR]] serialization
+format MUST be supported by the mechanism, e.g. a Web Service, providing the
+WebID Profile document. Alternate RDF serialization
+formats, such as N3 [[!N3]] or Turtle [[!TURTLE]], MAY be supported by the 
+mechanism providing the WebID Profile document.
+</dd>
+
+</dl>
+
+<p class="issue">Whether or not RDF/XML, XHTML+RDFa 1.1, both or neither
+serialization of RDF should be required serialization formats in the 
+specification is currently under heavy debate.</p>
+
+</section>
+
+<section class='normative'>
+<h1>Authentication Sequence</h1>
+
+<p>The following steps are executed by Verification Agents and Identification
+Agents to determine if access should be granted to a particular resource.
+</p>
+
+<ol>
+<li>The <tref>Identification Agent</tref> attempts to access a resource
+using HTTP over TLS [[!HTTP-TLS]] via the <tref>Verification Agent</tref>.</li>
+
+<li>The <tref>Verification Agent</tref> MUST request the 
+<tref>Identification Certificate</tref> of the <tref>Identification Agent</tref>
+as a part of the TLS client-cerificate retrieval protocol.</li>
+
+<li>The <tref>Verification Agent</tref> MUST extract the <tref>public key</tref> and the
+<tref>WebID URL</tref> contained in the <code>Subject Alternative Name</code> 
+extension of the <tref>Identification Certificate</tref>.</li>
+
+<li>The <tref>public key</tref> information associated with the 
+<tref>WebID URL</tref> MUST be checked by the <tref>Verification Agent</tref>. 
+This process SHOULD occur either by dereferencing the <tref>WebID URL</tref> and 
+extracting RDF data from the resulting document, or by utilizing a cached 
+version of the RDF data contained in the document or other data source that is 
+up-to-date and trusted by the <tref>Verification Agent</tref>. The processing
+and extraction mechanism is further detailed in the sections titled 
+<a href="#processing-the-webid-profile">Processing the WebID Profile</a> and
+<a href="#extracting-webid-url-details">Extracting WebID URL Details</a>.
+</li>
+
+<li>If the <tref>public key</tref> in the 
+<tref>Identification Certificate</tref> is found in the list of 
+<tref>public key</tref>s associated with the <tref>WebID URL</tref>, the 
+<tref>Verification Agent</tref> MUST assume that the client intends to use
+the <tref>public key</tref> to verify their ownership of the WebID URL.</li>
+
+<li>
+The <tref>Verification Agent</tref> verifies that the 
+<tref>Identification Agent</tref> owns the <tref>WebID Profile</tref> 
+by using the <tref>public key</tref> to create a cryptographic challenge. 
+The challenge SHOULD be fulfilled by performing TLS mutual-authentication
+between the <tref>Verification Agent</tref> and the 
+<tref>Identification Agent</tref>. 
+If the <tref>Verification Agent</tref> does not have access to the TLS layer, 
+a digital signature challenge MUST be provided by the 
+<tref>Verification Agent</tref>. These processes are detailed in the sections 
+titled <a href="#authorization">Authorization</a> and 
+<a href="#secure-communication">Secure Communication</a>.</li>
+
+</ol>
+
+<p>
+The <tref>Identification Agent</tref> MAY re-establish a different identity at 
+any time by executing all of the steps in the Authentication Sequence again. 
+Additional algorithms, detailed in the next section, MAY be performed to 
+determine if the <tref>Verification Agent</tref> can access a particular 
+resource after the last step of the Authentication Sequence has been
+completed.</li>
+</p>
+
+</section>
+
+<section class='normative'>
+<h1>Authentication Sequence Details</h1>
+
+<p>This section covers details about each step in the authentication process.
+</p>
+
+<section class='normative'>
+<h2>Initiating a TLS Connection</h2>
+
+<p class="issue">This section will detail how the TLS connection process is
+started and used by WebID to create a secure channel between the 
+Identification Agent and the Verification Agent.</p>
+</section>
+
+<section class='normative'>
+<h2>Exchanging the Identification Certificate</h2>
+
+<p class="issue">This section will detail how the certificate is selected and
+sent to the Verification Agent.</p>
+</section>
+
+<section class='normative'>
+<h2>Processing the WebID Profile</h2>
+
+<p>A Verification Agent MUST be able to process documents in RDF/XML 
+[[!RDF-SYNTAX-GRAMMAR]] and XHTML+RDFa [[!XHTML-RDFA]]. A server responding to 
+a WebID Profile request SHOULD support HTTP content negotiation. The server
+MUST return a representation in RDF/XML for media type
+<code>application/rdf+xml</code>.
+The server MUST return a representation in XHTML+RDFa for media type
+<code>text/html</code> or media type 
+<code>application/xhtml+xml</code>. <tref>Verification Agents</tref> and 
+<tref>Identification Agents</tref> MAY support any other RDF format via 
+HTTP content negotiation.
+</p> 
+
+<p class="issue">This section will explain how a Verification Agent extracts 
+semantic data describing the identification credentials from a WebID Profile.</p>
+</section>
+
+<section class='normative'>
+<h2>Extracting WebID URL Details</h2>
+
+<p>
+The <tref>Verification Agent</tref> may use a number of different methods to
+extract the <tref>public key</tref> information from the <tref>WebID Profile</tref>.
+</p>
+The following SPARQL query outlines one way in which the <tref>public key</tref>
+could be extracted from the <tref>WebID Profile</tref>:
+<code><pre>
+PREFIX cert: &lt;http://www.w3.org/ns/auth/cert#&gt;
+PREFIX rsa: &lt;http://www.w3.org/ns/auth/rsa#&gt;
+SELECT ?modulus ?exp
+WHERE {
+   ?key cert:identity &lt;http://example.org/webid#public&gt;;
+      a rsa:RSAPublicKey;
+      rsa:modulus [ cert:hex ?modulus; ];
+      rsa:public_exponent [ cert:decimal ?exp ] .
+}
+</pre></code>
+
+<p class="issue">This section still needs more information.</p>
+
+</section>
+
+<section class='normative'>
+<h2>Authorization</h2>
+
+<p class="issue">This section will explain how a Verification Agent may
+use the information discovered via a WebID URL to determine if one should
+be able to access a particular resource. It will explain how a Verification
+Agent can use links to other RDFa documents to build knowledge about the
+given WebID.</p>
+
+</section>
+
+<section class='normative'>
+<h2>Secure Communication</h2>
+
+<p class="issue">This section will explain how an Identification Agent and
+a Verification Agent may communicate securely using a set of verified
+identification credentials.</p>
+
+<p>
+If the <tref>Verification Agent</tref> has verified that the
+<tref>WebID Profile</tref> is owned by the <tref>Identification Agent</tref>, 
+the <tref>Verification Agent</tref> SHOULD use the verified 
+<tref>public key</tref> contained in the <tref>Identification Certificate</tref> 
+for all TLS-based communication with the <tref>Identification Agent</tref>.
+This ensures that both the <tref>Authorization Agent</tref> and the 
+<tref>Identification Agent</tref>
+are communicating in a secure manner, ensuring cryptographically protected
+privacy for both sides.
+</p>
+
+</section>
+
+</section>
+
+<section id="appendix">
+
+<section class='informative' id="history">
+<h1 >Change History</h1>
+<p><a href="http://github.com/msporny/webid-spec/commit/211d197510ca119c21ae48f3e5aa3f931ea88672">2010-07-18</a> Updates from WebID community related to RDF/XML support, authentication sequence corrections, abstract and introduction updates.</p>
+<p><a href="http://github.com/msporny/webid-spec/commit/a54dee9c242b08edaac617d678215b389dd3556d">2010-07-11</a> Initial version.</p>
+</section>
+
+<section class='informative' id="acknowledgements">
+<h1>Acknowledgments</h1>
+
+<p>The following people have been instrumental in providing thoughts, feedback,
+reviews, criticism and input in the creation of this specification:</p>
+
+<ul>
+<li>Melvin Carvalho</li>
+<li>Bruno Harbulot</li>
+<li>Toby Inkster</li>
+<li>Ian Jacobi</li>
+<li>Jeff Sayre</li>
+<li>Henry Story</li>
+</ul>
+
+</section>
+</section>
+  </body>
+</html>
+
--- a/index.html	Fri Jul 16 13:35:30 2010 -0400
+++ b/index.html	Mon Jul 19 13:33:07 2010 -0400
@@ -47,33 +47,32 @@
 <!--     <script src='/ReSpec.js/js/respec.js' class='remove'></script>  -->
 
     
-  <link href="http://dev.w3.org/2009/dap/ReSpec.js/css/respec.css" rel="stylesheet" type="text/css" charset="utf-8" /><link href="http://www.w3.org/StyleSheets/TR/w3c-unofficial" rel="stylesheet" type="text/css" charset="utf-8" /></head><body style="display: inherit; "><div class="head"><p></p><h1 rel="dcterms:title" class="title" id="title">WebID 1.0</h1><h2 rel="bibo:subtitle" id="subtitle">Web Identification and Discovery</h2><h2 property="dcterms:issued" datatype="xsd:dateTime" content="2010-07-12T01:01:38+0000" id="unofficial-draft-11-july-2010">Unofficial Draft 11 July 2010</h2><dl><dt>Editor:</dt><dd rel="bibo:editor"><span typeof="foaf:Person"><span property="foaf:name">Manu Sporny</span>, <a rel="foaf:workplaceHomepage" href="http://blog.digitalbazaar.com/">Digital Bazaar, Inc.</a> <a rel="foaf:mbox" href="mailto:[email protected]">[email protected]</a> </span>
+  <link href="http://dev.w3.org/2009/dap/ReSpec.js/css/respec.css" rel="stylesheet" type="text/css" charset="utf-8" /><link href="http://www.w3.org/StyleSheets/TR/w3c-unofficial" rel="stylesheet" type="text/css" charset="utf-8" /></head><body style="display: inherit; "><div class="head"><p></p><h1 rel="dcterms:title" class="title" id="title">WebID 1.0</h1><h2 rel="bibo:subtitle" id="subtitle">Web Identification and Discovery</h2><h2 property="dcterms:issued" datatype="xsd:dateTime" content="2010-07-18T14:10:06+0000" id="unofficial-draft-18-july-2010">Unofficial Draft 18 July 2010</h2><dl><dt>Editor:</dt><dd rel="bibo:editor"><span typeof="foaf:Person"><span property="foaf:name">Manu Sporny</span>, <a rel="foaf:workplaceHomepage" href="http://blog.digitalbazaar.com/">Digital Bazaar, Inc.</a> <a rel="foaf:mbox" href="mailto:[email protected]">[email protected]</a> </span>
 </dd>
-<dt>Authors:</dt><dd><span><span>Toby Inkster</span></span>
+<dt>Authors:</dt><dd><span><a content="Toby Inkster" href="http://tobyinkster.co.uk/">Toby Inkster</a></span>
 </dd>
 <dd><span><a content="Henry Story" href="http://bblfish.net/">Henry Story</a></span>
-<dd><span>Bruno Harbulot</span>
-<dd><span>Reto Bachmann-Gmür</span>
 </dd>
-</dl><p class="copyright">This document is licensed under a <a class="subfoot" href="http://creativecommons.org/licenses/by/3.0/" rel="license">Creative Commons Attribution 3.0 License</a>.</p><hr></hr></div>
+<dd><span><a content="Bruno Harbulot" href="http://blog.distributedmatter.net/">Bruno Harbulot</a></span>
+</dd>
+<dd><span><a content="Reto Bachmann-Gmür" href="http://www.facebook.com/farewellutopia">Reto Bachmann-Gmür</a></span>
+</dd>
+</dl><p>This document is also available in this non-normative format: <a href="diff-20100711.html">Diff from previous Editors Draft</a>.</p><p class="copyright">This document is licensed under a <a class="subfoot" href="http://creativecommons.org/licenses/by/3.0/" rel="license">Creative Commons Attribution 3.0 License</a>.</p><hr></hr></div>
     <div id="abstract" class="introductory section" property="dcterms:abstract" datatype="" typeof="bibo:Chapter" about="#abstract"><h2>Abstract</h2>
-<p>Social network sites have gained tremendous importance on the Web and they
-can give an idea of the potential of the web as a main platform for sharing 
-information with our social environment.</p>
 
-<p>The explosion of social network sites over the last decade
-has created a point of pain for anyone that uses the Web on a
-regular basis. Remembering login details, passwords,
-and sharing private information across the many websites that people use on a
-daily basis has become more difficult and complicated than necessary.
+<p>Social networking, identity and privacy have been at the center of how we 
+interact with the Web in the last decade. The explosion of social networking 
+sites has brought the world closer together as well as created new points of
+pain regarding ease of use and the Web. Remembering login details, passwords,
+and sharing private information across the many websites and social groups
+that we are a part of has become more difficult and complicated than necessary. 
+The Social Web is designed to ensure that control of identity and privacy 
+settings is always simple and under one's control. WebID is a key enabler of the 
+Social Web. This specification outlines a simple universal identification 
+mechanism that is distributed, openly extensible, improves privacy, security 
+and control over how one can identify themselves and control access to their 
+information on the Web.
 </p>
-
-<p>The Social Web brings identification and the control of user personal profile 
-from individual social network sites to the Web as a provider independent 
-decentralized infrastructure. WebID is a key enabler to the Social Web, this 
-specification outlines a simple universal identification mechanism that is
-distributed, openly extensible, improves privacy, security and control over how 
-one can identify themselves and control access to their information on the Web.</p>
   
 <div typeof="bibo:Chapter" about="#how-to-read-this-document" class="section">
 <h3 id="how-to-read-this-document">How to Read this Document</h3>
@@ -81,9 +80,10 @@
 <p>There are a number of concepts that are covered in this document that the
 reader may want to be aware of before continuing. General knowledge of
 <a href="http://en.wikipedia.org/wiki/Public_key_cryptography">public key cryptography</a> 
-is necessary to understand how to implement this specification. 
-WebID also uses HTTP over TLS [<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">HTTP-TLS</a>], X.509 certificates
-[<a class="bibref" rel="biblioentry" href="#bib-X509V3">X509V3</a>], and RDF [<a class="bibref" rel="biblioentry" href="#bib-RDF-PRIMER">RDF-PRIMER</a>].</p>
+and RDF [<a class="bibref" rel="biblioentry" href="#bib-RDF-PRIMER">RDF-PRIMER</a>] and RDFa [<a class="bibref" rel="biblioentry" href="#bib-RDFA-CORE">RDFA-CORE</a>] is necessary to understand how 
+to implement this specification. WebID uses a number of specific technologies 
+like HTTP over TLS [<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">HTTP-TLS</a>], X.509 certificates [<a class="bibref" rel="biblioentry" href="#bib-X509V3">X509V3</a>], 
+RDF/XML [<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">RDF-SYNTAX-GRAMMAR</a>] and XHTML+RDFa [<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">XHTML-RDFA</a>].</p>
 
 <p>A general <a href="#introduction">Introduction</a> is provided for all that
 would like to understand why this specification is necessary to simplify usage
@@ -98,10 +98,7 @@
 <a href="#authentication-sequence-details">Authentication Sequence Details</a>.
   
 </p></div>
-</div><div id="sotd" class="introductory section" typeof="bibo:Chapter" about="#sotd"><h2>Status of This Document</h2>
-<p>This document is merely a public working draft of a potential specification. 
-It has no official standing of any kind and does not represent the support or 
-consensus of any standards organisation.</p>
+</div><div id="sotd" class="introductory section" typeof="bibo:Chapter" about="#sotd"><h2>Status of This Document</h2><p>This document is merely a public working draft of a potential specification. It has no official standing of any kind and does not represent the support or consensus of any standards organisation.</p>
 
 <!--  <p>This document has been reviewed by W3C Members, by software
 developers, and by other W3C groups and interested parties, and is
@@ -113,9 +110,9 @@
 
 
 The source code for this document is available via Github at the following
-URI: <a href="http://github.com/msporny/webid-spec">http://github.com/retobg/webid-spec</a>
+URL: <a href="http://github.com/msporny/webid-spec">http://github.com/msporny/webid-spec</a>
 
-</div><div id="toc" typeof="bibo:Chapter" about="#toc" class="section"><h2 class="introductory">Table of Contents</h2><ul class="toc"><li class="tocline"><a href="#introduction" class="tocxref"><span class="secno">1. </span>Introduction</a><ul class="toc"><li class="tocline"><a href="#motivation" class="tocxref"><span class="secno">1.1 </span>Motivation</a></li><li class="tocline"><a href="#relation-to-openid" class="tocxref"><span class="secno">1.2 </span>Relation to OpenID</a></li><li class="tocline"><a href="#relation-to-oauth" class="tocxref"><span class="secno">1.3 </span>Relation to OAuth</a></li></ul></li><li class="tocline"><a href="#the-webid-protocol" class="tocxref"><span class="secno">2. </span>The WebID Protocol</a><ul class="toc"><li class="tocline"><a href="#terminology" class="tocxref"><span class="secno">2.1 </span>Terminology</a></li><li class="tocline"><a href="#authentication-sequence" class="tocxref"><span class="secno">2.2 </span>Authentication Sequence</a></li><li class="tocline"><a href="#authentication-sequence-details" class="tocxref"><span class="secno">2.3 </span>Authentication Sequence Details</a><ul class="toc"><li class="tocline"><a href="#initiating-a-tls-connection" class="tocxref"><span class="secno">2.3.1 </span>Initiating a TLS Connection</a></li><li class="tocline"><a href="#exchanging-the-identification-certificate" class="tocxref"><span class="secno">2.3.2 </span>Exchanging the Identification Certificate</a></li><li class="tocline"><a href="#processing-the-webid-profile" class="tocxref"><span class="secno">2.3.3 </span>Processing the WebID Profile</a></li><li class="tocline"><a href="#extracting-identification-url-details" class="tocxref"><span class="secno">2.3.4 </span>Extracting Identification URI Details</a></li><li class="tocline"><a href="#determining-access-privileges" class="tocxref"><span class="secno">2.3.5 </span>Determining Access Privileges</a></li></ul></li></ul></li><li class="tocline"><a href="#references" class="tocxref"><span class="secno">A. </span>References</a><ul class="toc"><li class="tocline"><a href="#normative-references" class="tocxref"><span class="secno">A.1 </span>Normative references</a></li><li class="tocline"><a href="#informative-references" class="tocxref"><span class="secno">A.2 </span>Informative references</a></li></ul></li></ul></div>
+</div><div id="toc" typeof="bibo:Chapter" about="#toc" class="section"><h2 class="introductory">Table of Contents</h2><ul class="toc"><li class="tocline"><a href="#introduction" class="tocxref"><span class="secno">1. </span>Introduction</a><ul class="toc"><li class="tocline"><a href="#motivation" class="tocxref"><span class="secno">1.1 </span>Motivation</a></li><li class="tocline"><a href="#relation-to-openid" class="tocxref"><span class="secno">1.2 </span>Relation to OpenID</a></li><li class="tocline"><a href="#relation-to-oauth" class="tocxref"><span class="secno">1.3 </span>Relation to OAuth</a></li></ul></li><li class="tocline"><a href="#the-webid-protocol" class="tocxref"><span class="secno">2. </span>The WebID Protocol</a><ul class="toc"><li class="tocline"><a href="#terminology" class="tocxref"><span class="secno">2.1 </span>Terminology</a></li><li class="tocline"><a href="#authentication-sequence" class="tocxref"><span class="secno">2.2 </span>Authentication Sequence</a></li><li class="tocline"><a href="#authentication-sequence-details" class="tocxref"><span class="secno">2.3 </span>Authentication Sequence Details</a><ul class="toc"><li class="tocline"><a href="#initiating-a-tls-connection" class="tocxref"><span class="secno">2.3.1 </span>Initiating a TLS Connection</a></li><li class="tocline"><a href="#exchanging-the-identification-certificate" class="tocxref"><span class="secno">2.3.2 </span>Exchanging the Identification Certificate</a></li><li class="tocline"><a href="#processing-the-webid-profile" class="tocxref"><span class="secno">2.3.3 </span>Processing the WebID Profile</a></li><li class="tocline"><a href="#extracting-webid-url-details" class="tocxref"><span class="secno">2.3.4 </span>Extracting WebID URL Details</a></li><li class="tocline"><a href="#determining-access-privileges" class="tocxref"><span class="secno">2.3.5 </span>Determining Access Privileges</a></li></ul></li></ul></li><li class="tocline"><a href="#references" class="tocxref"><span class="secno">A. </span>References</a><ul class="toc"><li class="tocline"><a href="#normative-references" class="tocxref"><span class="secno">A.1 </span>Normative references</a></li><li class="tocline"><a href="#informative-references" class="tocxref"><span class="secno">A.2 </span>Informative references</a></li></ul></li></ul></div>
 
 
 
@@ -166,9 +163,9 @@
 
 <p>
 Using an process made popular by OpenID, we show how one can tie a User
-Agent to a URI by proving that one has write access to the URI. WebID is
+Agent to a URL by proving that one has write access to the URL. WebID is
 a simpler alternative to OpenID (fewer connections), that uses X.509 
-certificates to tie a User Agent (Browser) to a Person identified via a URI. 
+certificates to tie a User Agent (Browser) to a Person identified via a URL. 
 WebID also provides a few additional features to OpenID. These
 features include trust management, via digital signatures, and free-form 
 extensibility via RDFa. By using the existing SSL certificate exchange
@@ -184,23 +181,40 @@
 <div class="informative section" id="relation-to-openid" typeof="bibo:Chapter" about="#relation-to-openid">
 <h3><span class="secno">1.2 </span>Relation to OpenID</h3><p><em>This section is non-normative.</em></p>
 
-<p>WebID is compatible with OpenID as both use URIs for identification that
-dereference to a Personal Profile Document. Either by using RDFa or Content 
-Negotiation this document can be both compliant with the requirements of
-OpenID and WebID. Therefore WebID can work beside OpenID and share content of 
-the user profile. That said, there are a number of benefits that WebID
-achieves over OpenID:
+<p class="issue">This section needs to be re-written. The flow and grammar
+leaves much to be desired. -- manu</p>
+
+<p>WebID is compatible with OpenID. Both protocols use a URL that dereferences
+to a Personal Profile Document. This Personal Profile Document is where further
+information about an identity can be discovered. This mechanism is compatible
+with both WebID and OpenID. Therefore, WebID does not intend to replace OpenID, 
+but can work beside OpenID by sharing the content in the Personal Profile
+Document.</p>
+
+<p>That said, there are a number of benefits that WebID achieves over OpenID:
 </p>
 
-<p>WebID gives people and other agents a WebID URI for identification, OpenID 
-also provides URIs to a Personal Profile Document. However, in the case of WebID, the user does not need to
-remember the URI, the browser or User Agent does. To log in on a
-WebID web site there is no need to enter any identifier like one
-has to for OpenID. Just one click that tells the browser to send the identifier. 
-The person that is browsing does not need to 
-remember either their WebID URI or the website password. The only password one
-needs to remember is the one that is used to access their collection of
-WebIDs in their browser.</p>
+<p>WebID gives people and other agents a WebID URL for identification. OpenID 
+also provides a URL to a Personal Profile Document. However, in the case of 
+WebID, one does not need to remember the URL since the User Agent remembers
+the URL on behalf of the person browsing. To log in on a WebID web site there 
+is no need to enter any identifier like one has to do for OpenID. Just one click 
+tells the browser to send the WebID URL. The person that is browsing does 
+not need to remember either their WebID URL or the website password. The only 
+password one may need to remember is the one that is used to access their 
+collection of WebIDs in their browser, and that's only if they opt-in to 
+password protect their WebIDs.
+</p>
+
+<p>WebID gives people and other agents a Web ID URL for identification. OpenID
+also provides a URL to a Personal Profile Document. However, in the case of 
+WebID, the user does not need to remember the URL, the browser or User Agent 
+does. A login button on a WebID web site is just a button. No need to enter any 
+identifier like one has to for OpenID. Just click the button. Your browser will 
+then ask you what identity you wish to use. The person that is browsing does 
+not need to remember either the WebID URL or the website password. The only 
+password one needs to remember is the one that is used to access their 
+collection of WebIDs in their browser.</p>
 
 <p>The WebID protocol requires just one direct network connection to establish
 identity via the client. The server requires one connection to the client and
@@ -210,13 +224,11 @@
 distributed data where each site can point to data on any other site, multiple 
 connections become costly to manage.</p>
 
-<p>WebID builds on well established Internet and Web standards;
+<p>WebID builds on a number of well established Internet and Web standards;
 <a href="http://en.wikipedia.org/wiki/REST">REST</a>, 
-RDF [<a class="bibref" rel="biblioentry" href="#bib-RDF-PRIMER">RDF-PRIMER</a>], 
-TLS [<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">HTTP-TLS</a>], and X.509 
-[<a class="bibref" rel="biblioentry" href="#bib-X509V3">X509V3</a>]. By building on previous standards, it makes both explaining and 
-implementing WebID easier on developers.
-</p>
+RDF [<a class="bibref" rel="biblioentry" href="#bib-RDF-PRIMER">RDF-PRIMER</a>], RDFa [<a class="bibref" rel="biblioentry" href="#bib-RDFA-CORE">RDFA-CORE</a>], RDF/XML [<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">RDF-SYNTAX-GRAMMAR</a>], 
+TLS [<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">HTTP-TLS</a>], and X.509 [<a class="bibref" rel="biblioentry" href="#bib-X509V3">X509V3</a>]. By building on previous standards, 
+it makes both explaining and implementing WebID easier on developers.</p>
 
 <p>Since WebID is RESTful, you can perform basic HTTP operations to 
 <code>GET</code> your WebID, and if you needed update it, you can use
@@ -229,22 +241,19 @@
 concepts that RDF enables. For example, a developer may perform machine
 reasoning with a WebID. One can construct machine-executable statements like
 "If this WebID claims to be a friend of one of our partner WebIDs that is
-trusted and the relationship is bi-directional, trust the WebID."
-RDFa [<a class="bibref" rel="biblioentry" href="#bib-RDFA-CORE">RDFA-CORE</a>], 
-allows editor to expose the semantic content of their HTML documents. 
+trusted and the relationship is bi-directional, trust the WebID." 
 While OpenID attempts to support this use case by mapping OpenID to RDF, it's
 far easier to do with WebID because WebID is natively RDF-aware.</p>
 
 <p>It is easy to extend a WebID with new attributes via RDF. The power of
 RDF allows developers to add extensions to WebID by defining new
-vocabularies that they publish. 
-There is no authorization process necessary
+vocabularies that they publish. There is no authorization process necessary
 and thus WebID allows for distributed innovation. Every WebID property is
 a URI, which when clicked, can give you yet more information about what the
 property means. A developer can create new usage classes by extending their
 vocabulary at will. A developer can add relationships to a WebID by simply
 adding more HTML to the developer's page. OpenID does not provide any type of
-distributed innovation akin to RDF or RDFa.</p>
+distributed innovation akin to RDF.</p>
 
 <p>Implementing WebID is easier than OpenID because all of the basic 
 technologies have been working and integrated into Web browsers for many years. 
@@ -315,13 +324,13 @@
 <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> is typically also a User Agent.</dd>
 
 <dt><dfn title="Identification_Certificate" id="dfn-identification_certificate">Identification Certificate</dfn></dt>
-<dd>An X.509 [<a class="bibref" rel="biblioentry" href="#bib-X509V3">X509V3</a>] Certificate that <em class="rfc2119" title="must">must</em> contain an
-a <code>Subject Alternative Name</code> extension with a URI entry. The URI in this entry 
-identifies the Identification Agent and <em class="rfc2119" title="should">should</em> be
-dereference-able to a representation containing RDF data. For example, 
+<dd>An X.509 [<a class="bibref" rel="biblioentry" href="#bib-X509V3">X509V3</a>] Certificate that <em class="rfc2119" title="must">must</em> contain a 
+<code>Subject Alternative Name</code> extension with a URI entry. The URI
+<em class="rfc2119" title="should">should</em> be a URL, and <em class="rfc2119" title="should not">should not</em> be a URN. The URL
+identifies the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>. The URL <em class="rfc2119" title="must">must</em> be 
+dereference-able and result in a document containing RDF data. For example, 
 the certificate would contain <code>http://example.org/webid#public</code>,
-known as a <a class="tref internalDFN" title="WebID_URI" href="#dfn-webid_url">WebID URI</a>, in
-the <code>Subject Alternative Name</code> extension:
+known as a <a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a>, as the <code>Subject Alternative Name</code>:
 <code><pre>
 X509v3 extensions:
    ...
@@ -329,28 +338,34 @@
       URI:http://example.org/webid#public
 </pre></code>
 
-</dd><dt><dfn title="WebID_URI" id="dfn-webid_url">WebID URI</dfn></dt>
-<dd>A URI specified in a URI entry of the <code>Subject Alternative Name</code> extension of the
-<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> that identifies an 
-<a class="tref internalDFN" title="WebID_Profile" href="#dfn-identification_agent">Identification Agent</a></dd>
+</dd><dt><dfn title="WebID_URL" id="dfn-webid_url">WebID URL</dfn></dt>
+<dd>A URL specified via the <code>Subject Alternative Name</code> extension 
+of the <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> that identifies an 
+<a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>.</dd>
+
+<dt><dfn title="public_key" id="dfn-public_key">public key</dfn></dt>
+<dd>A widely distributed crytographic key that can be used to verify 
+digital signatures and encrypt data between a sender and a receiver. A public
+key is always included in an <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a></dd>
 
 <dt><dfn title="WebID_Profile" id="dfn-webid_profile">WebID Profile</dfn></dt>
 <dd>
 A structured document that contains identification credentials for the 
 <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> expressed using the Resource Description
-Framework [<a class="bibref" rel="biblioentry" href="#bib-RDF-CONCEPTS">RDF-CONCEPTS</a>].
-<strong>Disputed section:</strong>
-The mechanism providing the WebID Profile document (e.g. a Web Service) <em class="rfc2119" title="should">should</em> at least support 
-the XML+RDF [<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">RDF-SYNTAX-GRAMMAR</a>] or
-the XHTML+RDFa 1.1 [<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">XHTML-RDFA</a>] serialization
-formats. Alternate RDF serialization formats, such as N3 [<a class="bibref" rel="biblioentry" href="#bib-N3">N3</a>] or
-Turtle [<a class="bibref" rel="biblioentry" href="#bib-TURTLE">TURTLE</a>] <em class="rfc2119" title="may">may</em> also be supported by the mechanism providing the 
-WebID Profile document.
-<strong>End of disputed section.</strong>
+Framework [<a class="bibref" rel="biblioentry" href="#bib-RDF-CONCEPTS">RDF-CONCEPTS</a>]. Either the XHTML+RDFa 1.1 [<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">XHTML-RDFA</a>] 
+serialization format or the RDF/XML [<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">RDF-SYNTAX-GRAMMAR</a>] serialization
+format <em class="rfc2119" title="must">must</em> be supported by the mechanism, e.g. a Web Service, providing the
+WebID Profile document. Alternate RDF serialization
+formats, such as N3 [<a class="bibref" rel="biblioentry" href="#bib-N3">N3</a>] or Turtle [<a class="bibref" rel="biblioentry" href="#bib-TURTLE">TURTLE</a>], <em class="rfc2119" title="may">may</em> be supported by the 
+mechanism providing the WebID Profile document.
 </dd>
 
 </dl>
 
+<p class="issue">Whether or not RDF/XML, XHTML+RDFa 1.1, both or neither
+serialization of RDF should be required serialization formats in the 
+specification is currently under heavy debate.</p>
+
 </div>
 
 <div class="normative section" id="authentication-sequence" typeof="bibo:Chapter" about="#authentication-sequence">
@@ -362,77 +377,47 @@
 
 <ol>
 <li>The <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> attempts to access a resource
-using HTTP over TLS [<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">HTTP-TLS</a>] 
-via the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>.</li>
+using HTTP over TLS [<a class="bibref" rel="biblioentry" href="#bib-HTTP-TLS">HTTP-TLS</a>] via the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>.</li>
 
-<li>The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
-Verification Agent</a> <em class="rfc2119" title="must">must</em> request the 
-<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">
-Identification Certificate</a> of the <a class="tref internalDFN" title="Identification_Agent" 
-href="#dfn-identification_agent">Identification Agent</a>
+<li>The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="must">must</em> request the 
+<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> of the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>
 as a part of the TLS client-cerificate retrieval protocol.</li>
 
-<li>The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">
-Verification Agent</a> <em class="rfc2119" title="must">must</em> extract the 
-<a class="tref internalDFN" title="WebID_URI" href="#dfn-webid_url">WebID URI</a> 
-contained in the <code>Subject Alternative Name</code> extension of the 
-<a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">
-Identification Certificate</a>.</li>
-
-<li>The Verification Agent may query trusted triple stores for information about the 
-public key contained in the <a class="tref internalDFN" title="Identification_Certificate" 
-href="#dfn-identification_certificate">Identification Certificate</a>. 
-If a statement associating the claimed WebID URI to the public key is found the Verification
-Agent has successfully authenticated the Identification Agent.</li>
+<li>The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="must">must</em> extract the <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> and the
+<a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a> contained in the <code>Subject Alternative Name</code> 
+extension of the <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a>.</li>
 
-<li>If the Verification Agent didn't successfully authenticate the Identification Agent by
-querying trusted triple stores, the Verification Agent 
-<em class="rfc2119" title="must">must</em> attempt to
-dereference the WebID URI to a <a class="tref internalDFN" title="WebID_Profile" 
-href="#dfn-webid_profile">WebID Profile</a> document. HTTP Content 
-Negotiation is used to choose the media type of the format understood by
-both communicating parties that is most likely to express RDF content. 
-<strong>Disputed section:</strong>
-The Verification Agent <em class="rfc2119" title="must">must</em> at least support 
-the XML+RDF [<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">RDF-SYNTAX-GRAMMAR</a>] or
-the XHTML+RDFa 1.1 [<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">XHTML-RDFA</a>] serialization
-formats. Alternate RDF serialization formats, such as N3 [<a class="bibref" rel="biblioentry" href="#bib-N3">N3</a>] or
-Turtle [<a class="bibref" rel="biblioentry" href="#bib-TURTLE">TURTLE</a>] <em class="rfc2119" title="may">may</em> also be supported.
-<strong>End of disputed section.</strong>
-If an RDF Content could be retrieved this RDF is considered a trusted source.
-The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>
-queries the retrieved RDF content for information about the 
-public key contained in the <a class="tref internalDFN" title="Identification_Certificate" 
-href="#dfn-identification_certificate">Identification Certificate</a>. 
-If a statement associating the claimed WebID URI to the public key is found the Verification
-Agent has successfully authenticated the Identification Agent, as the presence
-of the public key in the WebID profile indicates ownership of the 
-agent identified by the WebID on the WebID Profile document and the
-verified request thus originates from Agent Identified by the provided WebID.</li>
-
-
-<li>If the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>
-still didn't successfully authenticate the agent the Verification Agent <em class="rfc2119" title="may">may</em>
-query other trusted sources attempting to authenticate the Identification Agent.
+<li>The <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> information associated with the <a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a> <em class="rfc2119" title="must">must</em> 
+be verified by the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>. This <em class="rfc2119" title="must">must</em> be performed
+by validating the <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> associated with the <a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a>. This 
+process <em class="rfc2119" title="should">should</em> occur either by dereferencing the <a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a> and 
+extracting RDF data from the resulting document, or by utilizing a cached 
+version of the RDF data contained in the document or other data source that is 
+up-to-date and trusted by the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a>. The processing
+and extraction mechanism is further detailed in the sections titled 
+<a href="#processing-the-webid-profile">Processing the WebID Profile</a> and
+<a href="#extracting-webid-url-details">Extracting WebID URL Details</a>.
 </li>
 
-<li>If authentication of the WebID failed the Verification Agent must not accept the client certificate or 
-otherwise prevent access to resources requiring authentication.</li>
+<li>If the <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> in the <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> is found 
+in the list of <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a>s associated with the <a class="tref internalDFN" title="WebID_URL" href="#dfn-webid_url">WebID URL</a>, the 
+<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="must">must</em> assume that the client has write access to 
+the <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a> and therefore owns the document.</li>
 
-<li>If <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> has accepted the
-client certificate the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> 
-<em class="rfc2119" title="must">must</em> use the now verified public key contained 
+<li>If the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> has verified that the
+<a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a> is owned by the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>, the
+<a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> <em class="rfc2119" title="must">must</em> use the verified <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> contained 
 in the <a class="tref internalDFN" title="Identification_Certificate" href="#dfn-identification_certificate">Identification Certificate</a> for all TLS-based communication
 with the <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a>.
 </li></ol>
 
 <p>
-The <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> 
-<em class="rfc2119" title="may">may</em> re-establish a different identity at 
+The <a class="tref internalDFN" title="Identification_Agent" href="#dfn-identification_agent">Identification Agent</a> <em class="rfc2119" title="may">may</em> re-establish a different identity at 
 any time by executing all of the steps in the Authentication Sequence again. 
 Additional algorithms, detailed in the next section, <em class="rfc2119" title="may">may</em> be performed to 
 determine if the <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> can access a particular 
-resource after the last step of the Authentication Sequence has been completed.
+resource after the last step of the Authentication Sequence has been
+completed.
 </p>
 
 </div>
@@ -461,30 +446,30 @@
 <div class="normative section" id="processing-the-webid-profile" typeof="bibo:Chapter" about="#processing-the-webid-profile">
 <h4><span class="secno">2.3.3 </span>Processing the WebID Profile</h4>
 
+<p>A Verification Agent <em class="rfc2119" title="must">must</em> be able to process documents in RDF/XML 
+[<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">RDF-SYNTAX-GRAMMAR</a>] and XHTML+RDFa [<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">XHTML-RDFA</a>]. A server responding to 
+a WebID Profile request <em class="rfc2119" title="should">should</em> support HTTP content negotiation. The server
+<em class="rfc2119" title="must">must</em> return a representation in RDF/XML for media type
+<code>application/rdf+xml</code>.
+The server <em class="rfc2119" title="must">must</em> return a representation in XHTML+RDFa for media type
+<code>text/html</code> or media type 
+<code>application/xhtml+xml</code>. <a class="tref" title="Verification_Agents">Verification Agents</a> and 
+<a class="tref" title="Identification_Agents">Identification Agents</a> <em class="rfc2119" title="may">may</em> support any other RDF format via 
+HTTP content negotiation.
+</p> 
 
-<p>A Verification Agent <em class="rfc2119" title="must">must</em> be able to process documents in
-RDF/XML [<a class="bibref" rel="biblioentry" href="#bib-RDF-SYNTAX-GRAMMAR">RDF-SYNTAX-GRAMMAR</a>]
-and XHTML+RDFa [<a class="bibref" rel="biblioentry" href="#bib-XHTML-RDFA">XHTML-RDFA</a>].
-A server responding to a WebID Profile request <em class="rfc2119" title="should">should</em> be able to
-return a representation in RDF/XML (using media type <code>application/rdf+xml</code>) or 
-XHTML+RDFa (using either media type <code>text/html</code> or media type <code>application/xhtml+xml</code>).
-In addition, either parties <em class="rfc2119" title="may">may</em> support any other RDF format
-via HTTP content-type negotiation.
-</p>
-
-
-</p><p class="issue">This section will explain how a Verification Agent extracts 
+<p class="issue">This section will explain how a Verification Agent extracts 
 semantic data describing the identification credentials from a WebID Profile.</p>
 </div>
 
-<div class="normative section" id="extracting-identification-url-details" typeof="bibo:Chapter" about="#extracting-identification-url-details">
-<h4><span class="secno">2.3.4 </span>Extracting Identification URI Details</h4>
+<div class="normative section" id="extracting-webid-url-details" typeof="bibo:Chapter" about="#extracting-webid-url-details">
+<h4><span class="secno">2.3.4 </span>Extracting WebID URL Details</h4>
 
 <p>
 The <a class="tref internalDFN" title="Verification_Agent" href="#dfn-verification_agent">Verification Agent</a> may use a number of different methods to
-extract the public key information from the <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a>.
+extract the <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a> information from the <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a>.
 </p>
-The following SPARQL query outlines one way in which the public key
+The following SPARQL query outlines one way in which the <a class="tref internalDFN" title="public_key" href="#dfn-public_key">public key</a>
 could be extracted from the <a class="tref internalDFN" title="WebID_Profile" href="#dfn-webid_profile">WebID Profile</a>:
 <code><pre>
 PREFIX cert: &lt;http://www.w3.org/ns/auth/cert#&gt;
@@ -506,7 +491,7 @@
 <h4><span class="secno">2.3.5 </span>Determining Access Privileges</h4>
 
 <p class="issue">This section will explain how a Verification Agent may
-use the information discovered via a WebID URI to determine if one should
+use the information discovered via a WebID URL to determine if one should
 be able to access a particular resource. It will explain how a Verification
 Agent can use links to other RDFa documents to build knowledge about the
 given WebID.</p>
@@ -529,7 +514,6 @@
 reviews, criticism and input in the creation of this specification:</p>
 
 <ul>
-<li>Reto Bachmann-Gmür</li>
 <li>Melvin Carvalho</li>
 <li>Bruno Harbulot</li>
 <li>Toby Inkster</li>
@@ -545,13 +529,13 @@
 
 </div><div id="references" class="appendix section" typeof="bibo:Chapter" about="#references">
 <!-- OddPage -->
-<h2><span class="secno">A. </span>References</h2><div id="normative-references" typeof="bibo:Chapter" about="#normative-references" class="section"><h3><span class="secno">A.1 </span>Normative references</h3><dl class="bibliography" about=""><dt id="bib-HTTP-TLS">[HTTP-TLS]</dt><dd rel="dcterms:requires">E. Rescorla. <a href="http://www.ietf.org/rfc/rfc2818.txt"><cite>HTTP Over TLS.</cite></a> May 2000. Internet RFC 2818. URI: <a href="http://www.ietf.org/rfc/rfc2818.txt">http://www.ietf.org/rfc/rfc2818.txt</a> 
-</dd><dt id="bib-N3">[N3]</dt><dd rel="dcterms:requires">Tim Berners-Lee; Dan Connolly. <a href="http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/"><cite>Notation3 (N3): A readable RDF syntax.</cite></a> 14 January 2008. W3C Team Submission. URI: <a href="http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/">http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/</a> 
-</dd><dt id="bib-RDF-SYNTAX-GRAMMAR">[RDF-SYNTAX-GRAMMAR]</dt><dd rel="dcterms:requires">Dave Beckett. <a href="http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210"><cite>RDF/XML Syntax Specification (Revised).</cite></a> 10 February 2004. W3C Recommendation. URI: <a href="http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210">http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210</a> 
-</dd><dt id="bib-RDFA-CORE">[RDFA-CORE]</dt><dd rel="dcterms:requires">Shane McCarron; et al. <a href="http://www.w3.org/TR/2010/WD-rdfa-core-20100422"><cite>RDFa Core 1.1: Syntax and processing rules for embedding RDF through attributes.</cite></a>22 April 2010. W3C Working Draft. URI: <a href="http://www.w3.org/TR/2010/WD-rdfa-core-20100422">http://www.w3.org/TR/2010/WD-rdfa-core-20100422</a> 
-</dd><dt id="bib-TURTLE">[TURTLE]</dt><dd rel="dcterms:requires">David Beckett, Tim Berners-Lee. <a href="http://www.w3.org/TeamSubmission/turtle/">Turtle: Terse RDF Triple Language</a> January 2008. W3C Team Submission. URI: <a href="http://www.w3.org/TeamSubmission/turtle/">http://www.w3.org/TeamSubmission/turtle/</a> 
+<h2><span class="secno">A. </span>References</h2><div id="normative-references" typeof="bibo:Chapter" about="#normative-references" class="section"><h3><span class="secno">A.1 </span>Normative references</h3><dl class="bibliography" about=""><dt id="bib-HTTP-TLS">[HTTP-TLS]</dt><dd rel="dcterms:requires">E. Rescorla. <a href="http://www.ietf.org/rfc/rfc2818.txt"><cite>HTTP Over TLS.</cite></a> May 2000. Internet RFC 2818. URL: <a href="http://www.ietf.org/rfc/rfc2818.txt">http://www.ietf.org/rfc/rfc2818.txt</a> 
+</dd><dt id="bib-N3">[N3]</dt><dd rel="dcterms:requires">Tim Berners-Lee; Dan Connolly. <a href="http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/"><cite>Notation3 (N3): A readable RDF syntax.</cite></a> 14 January 2008. W3C Team Submission. URL: <a href="http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/">http://www.w3.org/TeamSubmission/2008/SUBM-n3-20080114/</a> 
+</dd><dt id="bib-RDF-PRIMER">[RDF-PRIMER]</dt><dd rel="dcterms:requires">Frank Manola; Eric Miller. <a href="http://www.w3.org/TR/2004/REC-rdf-primer-20040210/"><cite>RDF Primer.</cite></a> 10 February 2004. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2004/REC-rdf-primer-20040210/">http://www.w3.org/TR/2004/REC-rdf-primer-20040210/</a> 
+</dd><dt id="bib-RDF-SYNTAX-GRAMMAR">[RDF-SYNTAX-GRAMMAR]</dt><dd rel="dcterms:requires">Dave Beckett. <a href="http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210"><cite>RDF/XML Syntax Specification (Revised).</cite></a> 10 February 2004. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210">http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210</a> 
+</dd><dt id="bib-RDFA-CORE">[RDFA-CORE]</dt><dd rel="dcterms:requires">Shane McCarron; et al. <a href="http://www.w3.org/TR/2010/WD-rdfa-core-20100422"><cite>RDFa Core 1.1: Syntax and processing rules for embedding RDF through attributes.</cite></a>22 April 2010. W3C Working Draft. URL: <a href="http://www.w3.org/TR/2010/WD-rdfa-core-20100422">http://www.w3.org/TR/2010/WD-rdfa-core-20100422</a> 
+</dd><dt id="bib-TURTLE">[TURTLE]</dt><dd rel="dcterms:requires">David Beckett, Tim Berners-Lee. <a href="http://www.w3.org/TeamSubmission/turtle/">Turtle: Terse RDF Triple Language</a> January 2008. W3C Team Submission. URL: <a href="http://www.w3.org/TeamSubmission/turtle/">http://www.w3.org/TeamSubmission/turtle/</a> 
 </dd><dt id="bib-X509V3">[X509V3]</dt><dd rel="dcterms:requires"><cite>ITU-T Recommendation X.509 version 3 (1997). "Information Technology - Open Systems Interconnection - The Directory Authentication Framework"  ISO/IEC 9594-8:1997</cite>.
-</dd><dt id="bib-XHTML-RDFA">[XHTML-RDFA]</dt><dd rel="dcterms:requires">Shane McCarron; et. al. <a href="http://www.w3.org/TR/2010/WD-xhtml-rdfa-20100422"><cite>XHTML+RDFa 1.1.</cite></a> 22 April 2010. W3C Working Draft. URI: <a href="http://www.w3.org/TR/2010/WD-xhtml-rdfa-20100422">http://www.w3.org/TR/WD-xhtml-rdfa-20100422</a> 
-</dd></dl></div><div id="informative-references" typeof="bibo:Chapter" about="#informative-references" class="section"><h3><span class="secno">A.2 </span>Informative references</h3><dl class="bibliography" about=""><dt id="bib-RDF-CONCEPTS">[RDF-CONCEPTS]</dt><dd rel="dcterms:references">Graham Klyne; Jeremy J. Carroll. <a href="http://www.w3.org/TR/2004/REC-rdf-concepts-20040210"><cite>Resource Description Framework (RDF): Concepts and Abstract Syntax.</cite></a> 10 February 2004. W3C Recommendation. URI: <a href="http://www.w3.org/TR/2004/REC-rdf-concepts-20040210">http://www.w3.org/TR/2004/REC-rdf-concepts-20040210</a> 
-</dd><dt id="bib-RDF-PRIMER">[RDF-PRIMER]</dt><dd rel="dcterms:references">Frank Manola; Eric Miller. <a href="http://www.w3.org/TR/2004/REC-rdf-primer-20040210/"><cite>RDF Primer.</cite></a> 10 February 2004. W3C Recommendation. URI: <a href="http://www.w3.org/TR/2004/REC-rdf-primer-20040210/">http://www.w3.org/TR/2004/REC-rdf-primer-20040210/</a> 
+</dd><dt id="bib-XHTML-RDFA">[XHTML-RDFA]</dt><dd rel="dcterms:requires">Shane McCarron; et. al. <a href="http://www.w3.org/TR/2010/WD-xhtml-rdfa-20100422"><cite>XHTML+RDFa 1.1.</cite></a> 22 April 2010. W3C Working Draft. URL: <a href="http://www.w3.org/TR/2010/WD-xhtml-rdfa-20100422">http://www.w3.org/TR/WD-xhtml-rdfa-20100422</a> 
+</dd></dl></div><div id="informative-references" typeof="bibo:Chapter" about="#informative-references" class="section"><h3><span class="secno">A.2 </span>Informative references</h3><dl class="bibliography" about=""><dt id="bib-RDF-CONCEPTS">[RDF-CONCEPTS]</dt><dd rel="dcterms:references">Graham Klyne; Jeremy J. Carroll. <a href="http://www.w3.org/TR/2004/REC-rdf-concepts-20040210"><cite>Resource Description Framework (RDF): Concepts and Abstract Syntax.</cite></a> 10 February 2004. W3C Recommendation. URL: <a href="http://www.w3.org/TR/2004/REC-rdf-concepts-20040210">http://www.w3.org/TR/2004/REC-rdf-concepts-20040210</a> 
 </dd></dl></div></div></body></html>