#netidtls — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #netidtls, aggregated by home.social.
-
@youid itself is a verifiable credentials generator for the #NetIDTLS protocol.
NetIDTLS (a TLS Client Authentication Protocol Tweak) can offer an additional #Identity #Authenticity protocol sitting alongside “rel=me” — for instance.
-
#Identity #Authenticity, remains a HUGE problem at the #Internet->#Web->#SocialMedia levels. It's so big that it has trivially imploded #Twitter via the recent Blue Checkmark/Badge disaster.
A #SemanticWeb solves this headache, once understood, by way of #TLS integration using a #Hyperlink -- as demonstrated by protocol extensions such as #NetIDTLS and #WebIDTLS.
Here's a post that includes a NetIDTLS Sequence Flow Diagram to aid understanding.
-
There are approx. 5.25 billion+ people on the internet (and growing). These numbers also highlight importance of the ubiquitous Transport Layer Security (#TLS) protocol as critical infrastructure for solving #identity authenticity challenges afflicting Internet & Web users.
I shed some simplified light on the workings of this protocol in a new blog post that also doubles as a #ChatGPT, #Mermaid, and #KnowledgeGraph utility showcase.
-
@youid Here's an end-to-end #screencast demonstration of pseudonymous #Identity #Authenticity facilitated by the verifiable credentials generated by #YouID.
#NetID #NetIDTLS #WebID #WoT #SemanticWeb #LinkedData #Privacy #SSI
-
How verifiable credentials generated by @youid enable self-sovereign identity (#SSI): a user-controlled approach to #identity, via #HTTPS session initialization using Client Certificate Authentication (CCA).
Watch: https://youtu.be/n6DZeqcqkwM
Adding this as an identity verification option, alongside "rel=me", enhances user #privacy and identity authenticity across the #Fediverse.
-
@openlink @youid @atomicpoet @judell,
By more.. I mean:
The Link In Bio profile document generation is going to get a lot easier i.e., cross-references to other profile pages will be handled via the @youid credentials capturing form; and this is restricted to an arbitrary number i.e., you can provide more than 4 cross-references if so required.
-
@openlink @youid @atomicpoet @judell,
Also note, @youid generated profile documents also include powerful #metadata that manifest a Personal Profile #KnowledgeGraph (expressed in a variety of notations).
For instance, Public Keys belong to you (not YouID an app that simply offers a verifiable credentials generation service); meaning, that Public Key is usable by 3rd parties that what to communicate with you using encrypted content.
-
What is this about?
User-controlled self-sovereign #identity (#SSI) that scales to both the #Internet & #Web.
@youid generates:
[1] Public & Private Credentials that can be reconciled as part of an extended #TLS handshake
[2] An #HTML-based profile doc comprising verifiable credentials -- what's also referred to as a Link In Bio doc
More to come..
/cc @atomicpoet @judell
#YouID #NetID #NetIDTLS #Privacy #RWW #X509 #WebID #PKI #DPKI
-
@atomicpoet @medium @evan @Gargron @Mastodon Existing #Github repos that implement the original #WebIDTLS variant of this protocol.
[1] https://github.com/linkeddata/node-webid -- node.js implementation
[2] https://github.com/bennomadic/django-webid-auth -- #Python
[3] https://github.com/OpenLinkSoftware/NetIDTLS/tree/main/demos/virtuoso -- Github repo of our #VirtuosoRDBMS implementation using VSP (our #PHP equivalent that's #DBMS hosted)#NetIDTLS extends #WebIDTLS via support for mailto:, acct:, and ldap: identifiers; and looking SHA-1 hashes of Public Keys.
-
@atomicpoet @medium @evan @Gargron @Mastodon Beyond "rel=me" @Mastodon could incorporate an additional option via the use of #NetIDTLS which simply boils down to a #TLS based authentication challenge to prove possession of credentials notarized in an #X509 cert.
Implementation wise, it means adding a credentials lookup to the end of a conventional TLS-handshake.
-
@aswath ,
If what I am demonstrating was based solely on #OpenIDConnect + #OAuth20 then we might be close to your characterization, but if you look closer you will see there are other protocol options including #NetIDTLS (labeled as #WebIDTLS), pure #TLS, Digest Authentication etc..
All ultimately providing unambiguous user #identity, post authentication that’s usable for #ABAC based ACL tests —in loosely-coupled fashion.
-
#Identity #Authenticity demo using #DPKI:
[1] https://kingsley.idehen.net/public_home/kidehen/Public/YouID/public-credentials-1/index.html -- profile document comprising credentials
[2] https://tinyurl.com/376bncdc -- credentials verification via a #NetIDTLS server equipped with an extended #TLS handshake that de-references #hyperlink used in #X509 cert en route to credentials reconciliation
[3] https://kingsley.idehen.net/public_home/kidehen/Public/YouID/public-credentials-1/ -- artifacts from my #ODSBriefcase folder
-
The scalability problem with #PGP arises from the need for in-person signing parties.
That's solved by using a #hyperlink to denote the subject of an #X509 cert that resolves to a profile document comprising matching credentials from said cert. This triangulation happens at the end of a #TLS handshake re scalable #ZeroTrust based #DPKI.
-
An individual doesn't need a CA in the mix to attain trust, that's required on the backend if you are providing e-commerce (e.g., Amazon.com etc).
An individual can use a #ZeroTrust algorithm as the basis for establishing trust with family, groups etc..
That's what #DPKI solves for, via #X509, #TLS, and machine-computable entity relationship type semantics.
These issues have been deeply thought through over the years. 😀
-
#LinkedData is essential to user-controlled #Identity #Authenticity and #Privacy.
I can demonstrate that with ease, and debate (with live examples) any #BigTech vendor rep that would like to covertly claim otherwise.
#DPKI is real, and it works for users seeking full control over their identity and privacy. It doesn't work for vendors seeking to exploit users covertly via the "bit of privacy" approach!
-
Somewhat in that public and private credentials are cross-referenced.
In the case of #NetIDTLS (what I write about), an #X509 certificate holds private credentials cross-referenced to public equivalents by looking-up a #Hyperlink that serves as a certificate subject identifier.
Basically, it's all based on existing open standards 😀
/cc @atomicpoet @youid
-
#URIBurner is simply a server instance running a #identity #authenticity service that demonstrates an extended Mutual #TLS handshake for identity verification a/k/a the #NetIDTLS protocol.
What is the NetID-TLS protocol?
An extended Mutual TLS Handshake that includes credentials matching enabled by looking up a #hyperlink that denotes the subject of an #X509 certificate.
NetID-TLS can be added to any #Fediverse server as a verification option.