- From: Paul Tyson <phtyson@sbcglobal.net>
- Date: Sun, 18 Mar 2012 16:28:55 -0500
- To: Sandro Hawke <sandro@w3.org>
- Cc: public-ldp@w3.org
Section 2. Scope. "The Working Group will not normatively specify solutions for access control and authentication for Linked Data. However the Working Group will identify, based on a set of real world use cases, requirements for necessary authentication and authorization technologies." I understand how a strict construction of "linked data" would rule this out of scope, but realistically no one will be able to champion LDP in an enterprise with only a set of "requirements" for the security aspect. In the enterprise, security and access control must be built in from the ground up, not added as an afterthought. Industry doesn't need yet another set of requirements for access control. There are already several good models: XACML seems the most nearly suited for LDP, but there are also RIF and RuleML (and LegalRuleML recently started as an OASIS TC). The XACML TC has started work on a RESTful profile for XACML. Please consider upgrading this scope statement from "will identify...requirements" to something like "will specify an abstract interface and notional architecture by which LDP systems can interoperate with RESTful authentication and authorization systems". Regards, --Paul On Sun, 2012-03-18 at 12:13 -0400, Sandro Hawke wrote: > After various discussions, we've rewritten the Linked Data Platform > (LDP) draft charter. New version is here: > > http://www.w3.org/2012/ldp/charter > > The diff is linked from there, but only the last few paragraphs > (standard charter stuff) are the similar enough for the diff to be > useful. > > At this point, we're expecting to formally propose this to the W3C > membership within a week or two, so please review it soon. > > -- Sandro > > >
Received on Sunday, 18 March 2012 21:29:24 UTC