W3C home > Mailing lists > Public > public-credentials@w3.org > February 2016

Re: Authentication Proposal -- Solid Cookies

From: Timothy Holborn <timothy.holborn@gmail.com>
Date: Sat, 06 Feb 2016 18:42:44 +0000
Message-ID: <CAM1Sok1DBAtDDb8rxzSXfQRv+0N2ty0mOk9askrt-R_caf7frQ@mail.gmail.com>
To: Kingsley Idehen <kidehen@openlinksw.com>, public-rww <public-rww@w3.org>
Cc: W3C Credentials Community Group <public-credentials@w3.org>, Web Payments CG <public-webpayments@w3.org>, public-webid <public-webid@w3.org>
Figured this video [1] provided a broader perspective, as it describes
consciousness. In a way, we're effectively moving to a world where that is
catalogued online, like a constantly developing weblog with an as yet
unknown uri.

Seemed like a useful way of expanding the debate from the somewhat narrower
views discussed in relation to the term 'identity'.

Not sure how often Facebook links have been used either, sign of the times
!!

Tim.
[1] https://www.facebook.com/jasonlsilva/videos/1654295864834692/

On Sun, 7 Feb 2016 at 3:17 AM, Timothy Holborn <timothy.holborn@gmail.com>
wrote:

> The nature of the problem domain is rather well known [1]. 'Fit for
> purpose' and time to market should be our primary consideration, IMHO.
>
> Beyond that, it's how to get the job done right. We agree on a few things,
> like the merits of an open-standard, That we need to get something that
> works, uses linked data and can be decentralised.
>
> But we've not solved the problem as it is exhibited in the market today,
> else they'd be buying it.
>
> So with regard to managing the private, personal, prevlidges and
> biological linked data about you, that denotes you and your corrapondance
> to others; what is necessary to produce and deliver a way to give greater
> control over the decisions that are being made about or in-consideration of
> those digital materials, as quickly as possible?
>
> Does it matter if it's only built using JSON-LD or TTL?
>
> Are their complimentary technologies that are available as an
> irrecoverable Open-Standard?
>
> Does it need to be controlled by Machines and Processing Power; or can it
> use alternatives, like contract law, as Creative Commons has so well
> demonstrated.
>
> Are existing works within the W3C who are focusing on Decentralised
> Cloud-storage and RDF powered application infrastructure, cooperating
> effectively and if not, how can this be achieved?
>
> Is the field of WebScience around identity presentation technologies and
> social parameters, broader that simply the computer science and the purpose
> of W3C traditionally. Whether it be the lack of an effective W3C
> block-chain format or the increasing influences of Ontology design and
> maintence, the web is orgmenting and it appears to be particularly
> difficult to solve a problem people have increasingly experienced sin the
> advent of web 2, and the sales downfall of the floppy disk market.
>
> What's the hold-up? How do we solve the problem together. Quickly...
>
> Tim.H
>
>
> [1]
> http://www.ozy.com/fast-forward/the-privacy-outcry-sparked-by-secret-surveillance/67307?utm_source=W1&utm_medium=pp&utm_campaign=pp
>
> On Sat, 6 Feb 2016 at 1:47 AM, Kingsley Idehen <kidehen@openlinksw.com>
> wrote:
>
>> On 2/5/16 7:07 AM, Melvin Carvalho wrote:
>>
>>
>>
>> On 5 February 2016 at 12:58, Martynas Jusevičius <martynas@graphity.org>
>> wrote:
>>
>>> Question: why? Do we really need a new technology for this?
>>>
>>
>> Actually a great question!
>>
>> It was a response to this thread, which was brainstorming alternatives.
>>
>> https://github.com/solid/solid/issues/22#issuecomment-176833835
>>
>> As someone that has used WebID+TLS every day for several years I dont see
>> a huge problem with it.  I do think we can make better browsers tho,
>> particularly the open source ones.
>>
>>
>> Exactly ! Thus, wouldn't it be better to leave those that still don't
>> understand it (typically due to not actually trying to use it) to find out
>> in their own time rather than indulging them on technology adventures?
>>
>> Bottom line, WebID+TLS and WebID+TLS+Delegation solve the real issues. I
>> would strongly encourage doubters to produce working alternatives with
>> actual implementation examples.
>>
>> Hopefully, these doubters could produce (not hypothesize abut) a solution
>> to the following :
>>
>> 1. Multiple Identities for different clubs
>> 2. Delegated Identity for 100K users of some middle-tier service without
>> each user possessing an X.509 Cert (or any other identity token) without
>> compromising resource access controls.
>>
>> I encourage you to cut and paste the above each time you encounter an
>> identity and access controls technology speculator (or WebID, TLS, and
>> Delegated Identity skeptic).
>>
>> Kingsley
>>
>>
>>>
>>>
>>> On Fri, Feb 5, 2016 at 12:07 PM, Melvin Carvalho
>>> <melvincarvalho@gmail.com> wrote:
>>> > Alice wishes to authenticate on Bobs server.
>>> >
>>> > Alice sends her User: identity, and (optionally) a path to a "cookie".
>>> The
>>> > cookie is a resource that only Bobs server and Alice have access to.
>>> The
>>> > contents of the resource are a typical cookie with unguessable string
>>> and
>>> > expiry.
>>> > Bob's server compares the string sent from the browser and the string
>>> in the
>>> > file. If they match access is granted.
>>> >
>>> >
>>> > Any comments on this idea?
>>>
>>
>>
>>
>> --
>> Regards,
>>
>> Kingsley Idehen	
>> Founder & CEO
>> OpenLink Software
>> Company Web: http://www.openlinksw.com
>> Personal Weblog 1: http://kidehen.blogspot.com
>> Personal Weblog 2: http://www.openlinksw.com/blog/~kidehen
>> Twitter Profile: https://twitter.com/kidehen
>> Google+ Profile: https://plus.google.com/+KingsleyIdehen/about
>> LinkedIn Profile: http://www.linkedin.com/in/kidehen
>> Personal WebID: http://kingsley.idehen.net/dataspace/person/kidehen#this
>>
>>
Received on Saturday, 6 February 2016 18:43:27 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:27 UTC