W3C home > Mailing lists > Public > public-ldp-wg@w3.org > November 2012

Re: LDP with Access Control, or future LDPS(ecure)?

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Mon, 12 Nov 2012 14:56:18 +0000
Message-ID: <50A10DF7.5020703@openlinksw.com>
To: public-ldp-wg@w3.org
On 11/12/12 12:04 AM, Andrei SAMBRA wrote:
> Dear all,
> I would like to start by admitting that I might be asking a question 
> that has already been answered. I have tried looking for this topic on 
> the mailing list archive, but I was unable to find any relevant 
> information.
> I have recently begun implementing the current LDP spec, and I find 
> myself at the point where I need to add access control to LDP 
> operations and resources/containers. However, there is no mention in 
> the current spec draft about any kind of access control. While I 
> understand why some of you may be against discussing AC at this point, 
> I can't stop asking myself why there is no effort of adding it by 
> design, instead of a future feature.
> I know that mentioning access control at this point in the spec 
> implies opening the Pandora's box with all its issues (not the least 
> being the lack of a proper definition for identity in general). I 
> suppose my _personal_ point here is that access control should be a 
> fundamental part of LDP, unless LDP will only be used in the public 
> domain.
> I believe some (many?) of you are probably familiar with WebID. As an 
> active member of the WebID CG, I hope that we can find common ground 
> between LDP and WebID, leading to a proposal on how access control can 
> be achieved in LDP. The reason I mentioned WebID is that following 
> recent discussions at TPAC, we have come to agree on a WebID 
> definition that decouples the identity part from the authentication 
> part, potentially leading to WebID over (TLS, OpenID, BrowserID, 
> etc..). By abstracting the authentication part, LDP can instantly take 
> advantage of WebID's _identity_ part.
> I am sure that access control is far from being the main priority of 
> the LDP WG at this point, so I would like to propose that those of us 
> interested in access control could at least try to build a wiki page 
> that would serve as a basis for future work.
> Please accept my apologies if this subject has been discussed already, 
> as well as for the length of this email. I have recently started 
> getting involved in LDP, and I haven't had the time to go over the 
> minutes for all the previous teleconfs, though I am catching up with 
> the mailing list discussions.
> Best wishes,
> Andrei Sambra (MyProfile)

This is 100% relevant and ultimately critical. We can't continue to the 
Internet and Web legacy of deferring resource access control . Prior to 
the Web it was unthinkable to have system that offered CRUD patterns 
modulo access control functionality.

I think we put these puzzle pieces together (across community groups as 

1. WebID - deals with the identity and authentication issues
2. RWW - deals with authorization i.e., RWW-0
3. RWW becomes to the segue to LDP since RWW-0 can be used as a 
temporary enhanced showcase for LDP -- this eliminates protracted 
debates dominated by speculation, since this would be a concrete usecase 

Others: RWW-0 is a basic interop test for those implementing WebID 
protocol based authentication combined with Web Access Control ontology 
based authorization.



Kingsley Idehen	
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen

Received on Monday, 12 November 2012 19:56:37 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:11:42 UTC