W3C home > Mailing lists > Public > public-ldp@w3.org > February 2012

RE: Linked Data Platform Working Group Charter comment

From: <Ian.Oliver@nokia.com>
Date: Fri, 10 Feb 2012 09:04:29 +0000
To: <ryan.mcdonough@nokia.com>, <michael.hausenblas@deri.org>
CC: <martynas@graphity.org>, <Ora.Lassila@nokia.com>, <ivan@w3.org>, <public-ldp@w3.org>
Message-ID: <C29E1CB3DA763E46A85B56B5398FE6710158B915@008-AM1MPN1-032.mgdnok.nokia.com>
My 0.02c and to continue this issue that Ryan has brought up.

We need to consider privacy of data as well: privacy here being more than just protecting data from access, but rather notions of what data is accessible and at what "semantic level", ie: what is the content of the data and thus a distinct notion from security. My take on this are mechanisms for delineating the boundary of an "object" - whatever an object is when dealing with a set of linked data,  eg: Finin's RDF molecule, but maybe something more expansive and dynamic than this. To my mind things such as named graphs do not suffice in this respect.

So to agree with Ryan, we do need to propose a similar set of requirements for privacy aspects,

t.

Ian

-----Original Message-----
From: ext ryan.mcdonough@nokia.com [mailto:ryan.mcdonough@nokia.com] 
Sent: 31 January, 2012 15:22
To: michael.hausenblas@deri.org
Cc: martynas@graphity.org; Lassila Ora (Nokia-LC/Boston); ivan@w3.org; public-ldp@w3.org
Subject: Re: Linked Data Platform Working Group Charter comment

I don't think we wanted to boil the ocean here. The point was that if you're enabling read/write linked data on the web, or private network, identity and security are obvious requirements in my view. As Ora pointed out, these issues come up time and time again on the projects we've been working internally.

At the very least, the LDP should offer some recommendations on how to do it. And I agree with you, let's not solve everyone's problems and I'm not suggesting the WG rolls our own solutions either. But rather than punt on the issue completely, I would like propose we define the minimal set of requirements for auth/auth. From there, we can look at some of the suggestions that have been raised on this list so far to see if they are capable of satisfying these requirements.

Ryan-


--
Ryan J. McDonough
Architect
Location & Commerce
NOKIA INC. 






On 1/31/12 6:59 AM, "ext Michael Hausenblas" <michael.hausenblas@deri.org>
wrote:

>
>Ryan, All,
>
>I guess we all agree that WebID and WebACL and the likes are necessary 
>building blocks to achieve a true read/write enabled, enterprise- 
>ready, industrial strength solution. However, for the sake of the 
>success of this WG I also agree that we should not try to boil the 
>ocean and hence: focus, focus, focus.
>
>In this sense: -1 to incl. auth/auth topics ...
>
>Cheers,
>	Michael
>--
>Dr. Michael Hausenblas, Research Fellow LiDRC - Linked Data Research 
>Centre DERI - Digital Enterprise Research Institute NUIG - National 
>University of Ireland, Galway Ireland, Europe Tel. +353 91 495730 
>http://linkeddata.deri.ie/ http://sw-app.org/about.html

>
>On 31 Jan 2012, at 11:56, <ryan.mcdonough@nokia.com> 
><ryan.mcdonough@nokia.com
> > wrote:
>
>> Back to the original question as to whether access control is in 
>> scope or not, I agree with Ora that we should not punt on this issue.
>> However, I'm
>> not sure that we need to attempt solve the problem this month ;) 
>> Given all of the ideas being offered, it would appear that Access 
>> control mechanisms, WebACL, Web Identity might be in scope?
>>
>> Ryan-
>>
>> --
>> Ryan J. McDonough
>> Architect
>> Location & Commerce
>> NOKIA INC.
>>
>>
>>
>>
>>
>>
>> From:  ext Martynas Jusevicius <martynas@graphity.org>
>> Date:  Wed, 18 Jan 2012 02:35:21 +0100
>> To:  Ora Lassila <ora.lassila@nokia.com>
>> Cc:  <ivan@w3.org>, <michael.hausenblas@deri.org>, 
>> <public-ldp@w3.org>
>> Subject:  Re: Linked Data Platform Working Group Charter comment
>> Resent-From:  <public-ldp@w3.org>
>> Resent-Date:  Wed, 18 Jan 2012 15:49:49 +0000
>>
>>
>> Hey all,
>> how about Basic Access Control ontology http://www.w3.org/ns/auth/ 
>> acl ?
>>
>> We're using it successfully in a Linked Data context  -- in 
>> combination with foaf:Person and sioc:UserAccount, to express a 
>> number of users and user groups and their access rights to resources 
>> and classes of resources.
>> As a result, both authentication and authorization is a matter of a 
>> single SPARQL query.
>>
>> It might be simplistic -- but it's a start?
>>
>> Martynas
>> graphity.org <http://graphity.org>
>>
>> On Tue, Jan 17, 2012 at 4:05 PM,  <Ora.Lassila@nokia.com> wrote:
>>
>> Ivan,
>>
>> Indeed. [Sigh] If I knew of an access control mechanism that is 
>> mature and proven in the Linked Data context I would have made a much 
>> stronger statement in favor of addressing the issue. We do not want 
>> to engage in R&D work (we have made that mistake before ;-) but my 
>> great fear is that if we merely suggest that someone else will take 
>> care of this we may be signaling that this is not an issue of 
>> paramount importance.
>>
>> I don't have any magical answers or advice here, I am merely 
>> expressing concern... I guess I would like there at least to be some 
>> discussion about this. Saying that there is no solution and saying 
>> that something is out of scope should, after all, not be the same 
>> thing.
>>
>>        - Ora
>>
>>
>> On 2012-01-17 9:54 AM, "ext Ivan Herman" <ivan@w3.org> wrote:
>>
>>> Ora,
>>>
>>> I hear you. However (and that may show my complete ignorance...) is 
>>> there any access control mechanism out there that has already proven 
>>> itself in the area of Linked Data deployment that is in the maturity 
>>> level of standardization? I am a bit concerned about chartering this 
>>> group with an essentially R&D work while the other goals are much 
>>> less so...
>>>
>>> Ivan
>>>
>>> On Jan 17, 2012, at 15:47 , <Ora.Lassila@nokia.com> wrote:
>>>
>>>> As much as I would like to have a "tight scope" for this WG, I have 
>>>> to observe that access control (or more like lack thereof) has 
>>>> often been a problem in Semantic Web/Linked Data projects I have 
>>>> been involved in.
>>>> Particularly fine-grained access control of Semantic Web data.
>>>>
>>>> I fear that deeming access control strictly "out of scope" and 
>>>> hoping that some (so far unspecified) liaison with other groups to 
>>>> solve this problem will only result in the issue not being seen as 
>>>> important enough.
>>>>
>>>> My $0.02.
>>>>
>>>>     - Ora
>>>>
>>>> --
>>>> Dr. Ora Lassila  ora.lassila@nokia.com  http://www.lassila.org 
>>>> Principal Technologist, Nokia
>>>>
>>>>
>>>>
>>>> On 2012-01-17 6:25 AM, "ext Michael Hausenblas"
>>>> <michael.hausenblas@deri.org> wrote:
>>>>
>>>>>
>>>>> All,
>>>>>
>>>>> I'd suggest to improve the following section and be more explicit 
>>>>> regarding the bigger picture [1]:
>>>>>
>>>>> [[
>>>>> 2.3 Out of Scope
>>>>> Several possible standards that are out of scope for this group, 
>>>>> such as those listed below:
>>>>>
>>>>>    € Access control mechanisms, WebACL, Web Identity ]]
>>>>>
>>>>> Mention that both authentication and authorisation are orthogonal 
>>>>> issues and hence, in order to stay focused and to be successful, 
>>>>> the WG will not focus on these issues (but liaison with the 
>>>>> respective groups to ensure compatibility and openness).
>>>>>
>>>>> Thoughts?
>>>>>
>>>>> Cheers,
>>>>>    Michael
>>>>>
>>>>> [1] http://www.w3.org/wiki/WriteWebOfData

>>>>> --
>>>>> Dr. Michael Hausenblas, Research Fellow LiDRC - Linked Data 
>>>>> Research Centre DERI - Digital Enterprise Research Institute NUIG 
>>>>> - National University of Ireland, Galway Ireland, Europe Tel. +353 
>>>>> 91 495730 <tel:%2B353%2091%20495730> http://linkeddata.deri.ie/ 
>>>>> http://sw-app.org/about.html

>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>> ----
>>> Ivan Herman, W3C Semantic Web Activity Lead
>>> Home: http://www.w3.org/People/Ivan/

>>> mobile: +31-641044153 <tel:%2B31-641044153>
>>> FOAF: http://www.ivan-herman.net/foaf.rdf

>>>
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>

Received on Saturday, 11 February 2012 15:43:28 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Saturday, 11 February 2012 15:43:29 GMT