W3C home > Mailing lists > Public > public-ldp@w3.org > January 2012

Re: Linked Data Platform Working Group Charter comment

From: Michael Hausenblas <michael.hausenblas@deri.org>
Date: Tue, 31 Jan 2012 13:24:23 +0000
Cc: martynas@graphity.org, Ora.Lassila@nokia.com, Ivan Herman <ivan@w3.org>, public-ldp@w3.org
Message-Id: <7F0115E7-E22B-4D51-B652-03B17056EE16@deri.org>
To: Ryan McDonough <ryan.mcdonough@nokia.com>


>  But rather than punt on
> the issue completely, I would like propose we define the minimal set  
> of
> requirements for auth/auth. From there, we can look at some of the
> suggestions that have been raised on this list so far to see if they  
> are
> capable of satisfying these requirements.

+1

Cheers,
	Michael
--
Dr. Michael Hausenblas, Research Fellow
LiDRC - Linked Data Research Centre
DERI - Digital Enterprise Research Institute
NUIG - National University of Ireland, Galway
Ireland, Europe
Tel. +353 91 495730
http://linkeddata.deri.ie/
http://sw-app.org/about.html

On 31 Jan 2012, at 13:21, <ryan.mcdonough@nokia.com> <ryan.mcdonough@nokia.com 
 > wrote:

> I don't think we wanted to boil the ocean here. The point was that if
> you're enabling read/write linked data on the web, or private network,
> identity and security are obvious requirements in my view. As Ora  
> pointed
> out, these issues come up time and time again on the projects we've  
> been
> working internally.
>
> At the very least, the LDP should offer some recommendations on how  
> to do
> it. And I agree with you, let's not solve everyone's problems and  
> I'm not
> suggesting the WG rolls our own solutions either. But rather than  
> punt on
> the issue completely, I would like propose we define the minimal set  
> of
> requirements for auth/auth. From there, we can look at some of the
> suggestions that have been raised on this list so far to see if they  
> are
> capable of satisfying these requirements.
>
> Ryan-
>
>
> -- 
> Ryan J. McDonough
> Architect
> Location & Commerce
> NOKIA INC.
>
>
>
>
>
>
> On 1/31/12 6:59 AM, "ext Michael Hausenblas" <michael.hausenblas@deri.org 
> >
> wrote:
>
>>
>> Ryan, All,
>>
>> I guess we all agree that WebID and WebACL and the likes are  
>> necessary
>> building blocks to achieve a true read/write enabled, enterprise-
>> ready, industrial strength solution. However, for the sake of the
>> success of this WG I also agree that we should not try to boil the
>> ocean and hence: focus, focus, focus.
>>
>> In this sense: -1 to incl. auth/auth topics ...
>>
>> Cheers,
>> 	Michael
>> --
>> Dr. Michael Hausenblas, Research Fellow
>> LiDRC - Linked Data Research Centre
>> DERI - Digital Enterprise Research Institute
>> NUIG - National University of Ireland, Galway
>> Ireland, Europe
>> Tel. +353 91 495730
>> http://linkeddata.deri.ie/
>> http://sw-app.org/about.html
>>
>> On 31 Jan 2012, at 11:56, <ryan.mcdonough@nokia.com>
>> <ryan.mcdonough@nokia.com
>>> wrote:
>>
>>> Back to the original question as to whether access control is in
>>> scope or
>>> not, I agree with Ora that we should not punt on this issue.
>>> However, I'm
>>> not sure that we need to attempt solve the problem this month ;)
>>> Given all
>>> of the ideas being offered, it would appear that Access control
>>> mechanisms, WebACL, Web Identity might be in scope?
>>>
>>> Ryan-
>>>
>>> -- 
>>> Ryan J. McDonough
>>> Architect
>>> Location & Commerce
>>> NOKIA INC.
>>>
>>>
>>>
>>>
>>>
>>>
>>> From:  ext Martynas Jusevicius <martynas@graphity.org>
>>> Date:  Wed, 18 Jan 2012 02:35:21 +0100
>>> To:  Ora Lassila <ora.lassila@nokia.com>
>>> Cc:  <ivan@w3.org>, <michael.hausenblas@deri.org>, <public-ldp@w3.org 
>>> >
>>> Subject:  Re: Linked Data Platform Working Group Charter comment
>>> Resent-From:  <public-ldp@w3.org>
>>> Resent-Date:  Wed, 18 Jan 2012 15:49:49 +0000
>>>
>>>
>>> Hey all,
>>> how about Basic Access Control ontology http://www.w3.org/ns/auth/
>>> acl ?
>>>
>>> We're using it successfully in a Linked Data context  -- in
>>> combination
>>> with foaf:Person and sioc:UserAccount, to express a number of users
>>> and
>>> user groups and their access rights to resources and classes of
>>> resources.
>>> As a result, both authentication and authorization is a matter of a
>>> single
>>> SPARQL query.
>>>
>>> It might be simplistic -- but it's a start?
>>>
>>> Martynas
>>> graphity.org <http://graphity.org>
>>>
>>> On Tue, Jan 17, 2012 at 4:05 PM,  <Ora.Lassila@nokia.com> wrote:
>>>
>>> Ivan,
>>>
>>> Indeed. [Sigh] If I knew of an access control mechanism that is
>>> mature and
>>> proven in the Linked Data context I would have made a much stronger
>>> statement in favor of addressing the issue. We do not want to engage
>>> in
>>> R&D work (we have made that mistake before ;-) but my great fear is
>>> that
>>> if we merely suggest that someone else will take care of this we may
>>> be
>>> signaling that this is not an issue of paramount importance.
>>>
>>> I don't have any magical answers or advice here, I am merely
>>> expressing
>>> concern... I guess I would like there at least to be some discussion
>>> about
>>> this. Saying that there is no solution and saying that something is
>>> out of
>>> scope should, after all, not be the same thing.
>>>
>>>       - Ora
>>>
>>>
>>> On 2012-01-17 9:54 AM, "ext Ivan Herman" <ivan@w3.org> wrote:
>>>
>>>> Ora,
>>>>
>>>> I hear you. However (and that may show my complete ignorance...) is
>>>> there
>>>> any access control mechanism out there that has already proven
>>>> itself in
>>>> the area of Linked Data deployment that is in the maturity level of
>>>> standardization? I am a bit concerned about chartering this group
>>>> with an
>>>> essentially R&D work while the other goals are much less so...
>>>>
>>>> Ivan
>>>>
>>>> On Jan 17, 2012, at 15:47 , <Ora.Lassila@nokia.com> wrote:
>>>>
>>>>> As much as I would like to have a "tight scope" for this WG, I
>>>>> have to
>>>>> observe that access control (or more like lack thereof) has often
>>>>> been a
>>>>> problem in Semantic Web/Linked Data projects I have been involved
>>>>> in.
>>>>> Particularly fine-grained access control of Semantic Web data.
>>>>>
>>>>> I fear that deeming access control strictly "out of scope" and
>>>>> hoping
>>>>> that
>>>>> some (so far unspecified) liaison with other groups to solve this
>>>>> problem
>>>>> will only result in the issue not being seen as important enough.
>>>>>
>>>>> My $0.02.
>>>>>
>>>>>    - Ora
>>>>>
>>>>> --
>>>>> Dr. Ora Lassila  ora.lassila@nokia.com  http://www.lassila.org
>>>>> Principal Technologist, Nokia
>>>>>
>>>>>
>>>>>
>>>>> On 2012-01-17 6:25 AM, "ext Michael Hausenblas"
>>>>> <michael.hausenblas@deri.org> wrote:
>>>>>
>>>>>>
>>>>>> All,
>>>>>>
>>>>>> I'd suggest to improve the following section and be more explicit
>>>>>> regarding the bigger picture [1]:
>>>>>>
>>>>>> [[
>>>>>> 2.3 Out of Scope
>>>>>> Several possible standards that are out of scope for this group,
>>>>>> such
>>>>>> as those listed below:
>>>>>>
>>>>>>    Access control mechanisms, WebACL, Web Identity
>>>>>> ]]
>>>>>>
>>>>>> Mention that both authentication and authorisation are orthogonal
>>>>>> issues and hence, in order to stay focused and to be successful,
>>>>>> the
>>>>>> WG will not focus on these issues (but liaison with the  
>>>>>> respective
>>>>>> groups to ensure compatibility and openness).
>>>>>>
>>>>>> Thoughts?
>>>>>>
>>>>>> Cheers,
>>>>>>   Michael
>>>>>>
>>>>>> [1] http://www.w3.org/wiki/WriteWebOfData
>>>>>> --
>>>>>> Dr. Michael Hausenblas, Research Fellow
>>>>>> LiDRC - Linked Data Research Centre
>>>>>> DERI - Digital Enterprise Research Institute
>>>>>> NUIG - National University of Ireland, Galway
>>>>>> Ireland, Europe
>>>>>> Tel. +353 91 495730 <tel:%2B353%2091%20495730>
>>>>>> http://linkeddata.deri.ie/
>>>>>> http://sw-app.org/about.html
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> ----
>>>> Ivan Herman, W3C Semantic Web Activity Lead
>>>> Home: http://www.w3.org/People/Ivan/
>>>> mobile: +31-641044153 <tel:%2B31-641044153>
>>>> FOAF: http://www.ivan-herman.net/foaf.rdf
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>
Received on Tuesday, 31 January 2012 13:25:05 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 31 January 2012 13:25:05 GMT