W3C home > Mailing lists > Public > public-credentials@w3.org > February 2016

Re: Authentication Proposal -- Solid Cookies

From: Timothy Holborn <timothy.holborn@gmail.com>
Date: Sat, 06 Feb 2016 16:17:30 +0000
Message-ID: <CAM1Sok2HeqAH5i-iU6a976=m4iB+CmNdEPbGbEsJMAChK1bXSg@mail.gmail.com>
To: Kingsley Idehen <kidehen@openlinksw.com>, public-rww <public-rww@w3.org>
Cc: W3C Credentials Community Group <public-credentials@w3.org>, Web Payments CG <public-webpayments@w3.org>, public-webid <public-webid@w3.org>
The nature of the problem domain is rather well known [1]. 'Fit for
purpose' and time to market should be our primary consideration, IMHO.

Beyond that, it's how to get the job done right. We agree on a few things,
like the merits of an open-standard, That we need to get something that
works, uses linked data and can be decentralised.

But we've not solved the problem as it is exhibited in the market today,
else they'd be buying it.

So with regard to managing the private, personal, prevlidges and biological
linked data about you, that denotes you and your corrapondance to others;
what is necessary to produce and deliver a way to give greater control over
the decisions that are being made about or in-consideration of those
digital materials, as quickly as possible?

Does it matter if it's only built using JSON-LD or TTL?

Are their complimentary technologies that are available as an irrecoverable
Open-Standard?

Does it need to be controlled by Machines and Processing Power; or can it
use alternatives, like contract law, as Creative Commons has so well
demonstrated.

Are existing works within the W3C who are focusing on Decentralised
Cloud-storage and RDF powered application infrastructure, cooperating
effectively and if not, how can this be achieved?

Is the field of WebScience around identity presentation technologies and
social parameters, broader that simply the computer science and the purpose
of W3C traditionally. Whether it be the lack of an effective W3C
block-chain format or the increasing influences of Ontology design and
maintence, the web is orgmenting and it appears to be particularly
difficult to solve a problem people have increasingly experienced sin the
advent of web 2, and the sales downfall of the floppy disk market.

What's the hold-up? How do we solve the problem together. Quickly...

Tim.H


[1]
http://www.ozy.com/fast-forward/the-privacy-outcry-sparked-by-secret-surveillance/67307?utm_source=W1&utm_medium=pp&utm_campaign=pp

On Sat, 6 Feb 2016 at 1:47 AM, Kingsley Idehen <kidehen@openlinksw.com>
wrote:

> On 2/5/16 7:07 AM, Melvin Carvalho wrote:
>
>
>
> On 5 February 2016 at 12:58, Martynas Jusevičius <martynas@graphity.org>
> wrote:
>
>> Question: why? Do we really need a new technology for this?
>>
>
> Actually a great question!
>
> It was a response to this thread, which was brainstorming alternatives.
>
> https://github.com/solid/solid/issues/22#issuecomment-176833835
>
> As someone that has used WebID+TLS every day for several years I dont see
> a huge problem with it.  I do think we can make better browsers tho,
> particularly the open source ones.
>
>
> Exactly ! Thus, wouldn't it be better to leave those that still don't
> understand it (typically due to not actually trying to use it) to find out
> in their own time rather than indulging them on technology adventures?
>
> Bottom line, WebID+TLS and WebID+TLS+Delegation solve the real issues. I
> would strongly encourage doubters to produce working alternatives with
> actual implementation examples.
>
> Hopefully, these doubters could produce (not hypothesize abut) a solution
> to the following :
>
> 1. Multiple Identities for different clubs
> 2. Delegated Identity for 100K users of some middle-tier service without
> each user possessing an X.509 Cert (or any other identity token) without
> compromising resource access controls.
>
> I encourage you to cut and paste the above each time you encounter an
> identity and access controls technology speculator (or WebID, TLS, and
> Delegated Identity skeptic).
>
> Kingsley
>
>
>>
>>
>> On Fri, Feb 5, 2016 at 12:07 PM, Melvin Carvalho
>> <melvincarvalho@gmail.com> wrote:
>> > Alice wishes to authenticate on Bobs server.
>> >
>> > Alice sends her User: identity, and (optionally) a path to a "cookie".
>> The
>> > cookie is a resource that only Bobs server and Alice have access to. The
>> > contents of the resource are a typical cookie with unguessable string
>> and
>> > expiry.
>> > Bob's server compares the string sent from the browser and the string
>> in the
>> > file. If they match access is granted.
>> >
>> >
>> > Any comments on this idea?
>>
>
>
>
> --
> Regards,
>
> Kingsley Idehen	
> Founder & CEO
> OpenLink Software
> Company Web: http://www.openlinksw.com
> Personal Weblog 1: http://kidehen.blogspot.com
> Personal Weblog 2: http://www.openlinksw.com/blog/~kidehen
> Twitter Profile: https://twitter.com/kidehen
> Google+ Profile: https://plus.google.com/+KingsleyIdehen/about
> LinkedIn Profile: http://www.linkedin.com/in/kidehen
> Personal WebID: http://kingsley.idehen.net/dataspace/person/kidehen#this
>
>
Received on Saturday, 6 February 2016 16:18:10 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:27 UTC