W3C home > Mailing lists > Public > public-ldp-wg@w3.org > November 2012

Re: LDP with Access Control, or future LDPS(ecure)?

From: Henry Story <henry.story@bblfish.net>
Date: Mon, 12 Nov 2012 21:48:06 +0100
Cc: Andrei SAMBRA <andrei.sambra@gmail.com>, public-ldp-wg@w3.org
Message-Id: <902BA030-0B78-41F2-8B10-01DFA2A7FB50@bblfish.net>
To: ashok.malhotra@oracle.com

On 12 Nov 2012, at 14:20, Ashok Malhotra <ashok.malhotra@oracle.com> wrote:

> Hi Andrei:
> I have started a Wiki page on access control:
> http://www.w3.org/2012/ldp/wiki/AccessControl#Access_Control
> Please take a look.  This may not cover what you want so please send feedback.
> All the best, Ashok

Thanks Ashok.

I agree with Andrei and Kingsley that Access Control is essential to building
distributed Linked Data Apps. Luckily Access Control is orthogonal to LDP, so
that they need not step on each others toes: which would be problematic as 
Identity and Access Control have a lot of stockholders that often seem to be
very antagonistic. What we need to do is fill in the use cases on Ashok's
Access Control wiki.

On the WebID/RWW Community groups we are organising a regular meeting for those
who wish to implement Tim Berners Lee's WebAccessControl system referred to by 
http://www.w3.org/2012/ldp/wiki/AccessControl#W3C_WebAccessControl . I will send 
another e-mail out soon here, to see if the time we have chosen is one that would
allow members of the LDP group to participate.

I will also try to start writing up in the WebID community group a spec about 
Identity  interoperability, to show how one can get different identification 
mechanism - OpenId, BrowserId, ... WebID over TLS - to work together with the
an LDP friendly system such as the WebAccessControl ontology . 

In my view if one looks at this from the logical point of view ( ie semantically )
we can make a lot of what seemed like insurmountable problems disappear or fade
away. This does not mean that there is nothing to do: just showing that these systems
all can work together will be a major breakthrough, just as it was a major breakthrough
in physics to show that Hesperus and Phosphorus - the morning star and the evening
star - were both the same star: Venus.

So for the time being building up the use cases on the wiki is going to be very important
as it is a deliverable for this WG to publish a note on this subject - an essential one
since it is true that one cannot build very interesting systems without taking access control
into account.

> 
> On 11/11/2012 9:04 PM, Andrei SAMBRA wrote:
>> Dear all,
>> 
>> I would like to start by admitting that I might be asking a question that has already been answered. I have tried looking for this topic on the mailing list archive, but I was unable to find any relevant information.
>> 
>> I have recently begun implementing the current LDP spec, and I find myself at the point where I need to add access control to LDP operations and resources/containers. However, there is no mention in the current spec draft about any kind of access control. While I understand why some of you may be against discussing AC at this point, I can't stop asking myself why there is no effort of adding it by design, instead of a future feature.
>> 
>> I know that mentioning access control at this point in the spec implies opening the Pandora's box with all its issues (not the least being the lack of a proper definition for identity in general). I suppose my _personal_ point here is that access control should be a fundamental part of LDP, unless LDP will only be used in the public domain.
>> 
>> I believe some (many?) of you are probably familiar with WebID. As an active member of the WebID CG, I hope that we can find common ground between LDP and WebID, leading to a proposal on how access control can be achieved in LDP. The reason I mentioned WebID is that following recent discussions at TPAC, we have come to agree on a WebID definition that decouples the identity part from the authentication part, potentially leading to WebID over (TLS, OpenID, BrowserID, etc..). By abstracting the authentication part, LDP can instantly take advantage of WebID's _identity_ part.
>> 
>> I am sure that access control is far from being the main priority of the LDP WG at this point, so I would like to propose that those of us interested in access control could at least try to build a wiki page that would serve as a basis for future work.
>> 
>> Please accept my apologies if this subject has been discussed already, as well as for the length of this email. I have recently started getting involved in LDP, and I haven't had the time to go over the minutes for all the previous teleconfs, though I am catching up with the mailing list discussions.
>> 
>> Best wishes,
>> Andrei Sambra (MyProfile)
> 

Social Web Architect
http://bblfish.net/



Received on Monday, 12 November 2012 20:48:40 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:11:42 UTC