- From: Henry Story <henry.story@bblfish.net>
- Date: Fri, 13 Jul 2012 22:35:42 +0200
- To: Olivier Berger <olivier.berger@it-sudparis.eu>
- Cc: Kingsley Idehen <kidehen@openlinksw.com>, public-ldp-wg@w3.org
On 13 Jul 2012, at 17:39, Olivier Berger wrote: > Hi. > > Kingsley Idehen <kidehen@openlinksw.com> writes: > >> On 7/12/12 11:21 AM, Henry Story wrote: >> >> Little glossary of terms: >> >> 1. WebID -- a cryptographically verifiable agent (humans, organizations, >> and machines) identifier in the form of a de-referencable URI >> 2. WebID Authentication Protocol -- a RESTful protocol for leverages >> Linked Data for cryptographic verification of WebIDs . >> >> >> WebID is all about a RESTful read-write-web driven by Linked Data. > > Uh... great to see so much enthusiasm for WebID (I share it too)... but > WebID is not the alpha and omega of Linked Data, IMHO. I/(we?) were not claiming it was. Just that it is a simple and efficient solution that works with existing protocols and standards to do distributed secure authentication and that ties in cleanly with Linked Data in a RESTful way. This solves the problem of distributed authentication ( and authorisation ) mentioned earlier in this thread. > >> >> I (and I guess others) would like to know what you don't find RESTful >> about the WebID protocol. >> > > That is not the question, again. > > WebID allows nice identification, authentication, and maybe soon > authorization when/if we standardize ACLs and delegation of > authiorization around it (thanks for your progress on that front and > shaping the way). > > So if instead of inventing in LDP some identification mechanism based on > whatever other standard, we agreee on reusing FOAF (thus WebID), we have > immediate benefits of all the goodness of WebID. indeed. > > But, so far it remains to be evaluated how much of the other > un-standardized aspects of building Linked Data and RESTful applicatios > have to be agreed on, which don't find an answer precisely in WebID. > > And even if some WebID profile managers / identity providers / > authentication system / delegated authorization systems use REST APIs, > does it make it more important to LDP's charter [0] ? In my view this depends, on how much discussion the group has time for on other subjects. Perhaps around the time of the meeting in Lyon we can have good enough demonstrations to make people feel it worth mentioning. But I don't myself want to impose WebID on the mission of this group. I just put it forward because it is such an easy fit for LDP that it is useful for members of this group to know about. The question originally was: [[ Erik Wilde wrote: > that we are very interested in using > linked data as a platform, but we also cannot go the route of a shared > database model. we must have control over what a linked data platform > exposes and what it does not expose, and we must have control over who can > add what and when to a linked data platform. ]] I think WebID solves that problem. > > > I don't mean to criticise too much the great enthusiasm you have for > WebID, but I think that's just one of the nice technologies, compatible > with the Linked Data approach, that can help for LDP, not maybe a > "central" one. > > > Maybe a way to move forward is to identify precisely in that charter or > in LDBP 1.0 [1] what exact points WebID helps addressing ? It is a simple way to do secure identification of users/agents with a global name (URL). These URLs can be tied together with linked data in a web of trust with no centre of control. This can then be used for distributed authentication. > > > For instance, I'm a bit surprised not to find any match for > "identification" in either [0] or [1] (like how to identify a client > connecting to a service ?). The use cases document [2] is missing that > too... on purpose ? > > Shan't we need to identify (how) people or agents consuming Linked Data > to properly exercise access control (and eventually provide adapted > content depending on the requestor) ? Indeed it seems like an important topic. But I suppose there are many manners to identify an agent, and the group does not necessarily need to get involved in that discussion or to pick one out in particular. If people like cookies and don't want more they could use those (that would not give them much in terms of distribution, but it can suffice for companies that don't want to interact with the outside world) It is true that if robots are involved WebID is easiest to deploy: just give your robot a webId enabled X509 certificate and he can identify on any resource requesting it pretty much automatically. OpenID can be used too (it just requires 6 times more to and fros, and its attribute exchange protocol is very limited), and I am sure one can get OAuth to work too: there are so many twitter users that that companies cannot ignore it in their interactions with that huge and extremely valuable customer base (but nothing excluded WebID working with Twitter) > > > Hope this helps. > > > Best regards, > > [0] http://www.w3.org/2012/ldp/charter > [1] http://www.w3.org/Submission/2012/02/ > [2] http://www.w3.org/2012/ldp/wiki/Use_Cases_And_Requirements > -- > Olivier BERGER > http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 2048R/5819D7E8 > Ingenieur Recherche - Dept INF > Institut Mines-Telecom, Telecom SudParis, Evry (France) > Social Web Architect http://bblfish.net/
Received on Friday, 13 July 2012 20:36:15 UTC