access control -- in or out of scope? from Sandro Hawke on 2012-03-19 (public-ldp@w3.org from March 2012)

From: Sandro Hawke <sandro@w3.org>
Date: Mon, 19 Mar 2012 09:09:01 -0400
To: Paul Tyson <phtyson@sbcglobal.net>
Cc: public-ldp@w3.org
Message-ID: <1332162541.6552.39.camel@waldron>

On Sun, 2012-03-18 at 16:28 -0500, Paul Tyson wrote:
> Section 2. Scope.
> 
> "The Working Group will not normatively specify solutions for access
> control and authentication for Linked Data. However the Working Group
> will identify, based on a set of real world use cases, requirements for
> necessary authentication and authorization technologies."
> 
> I understand how a strict construction of "linked data" would rule this
> out of scope, but realistically no one will be able to champion LDP in
> an enterprise with only a set of "requirements" for the security aspect.
> In the enterprise, security and access control must be built in from the
> ground up, not added as an afterthought.
> 
> Industry doesn't need yet another set of requirements for access
> control. There are already several good models: XACML seems the most
> nearly suited for LDP, but there are also RIF and RuleML (and
> LegalRuleML recently started as an OASIS TC). The XACML TC has started
> work on a RESTful profile for XACML.
> 
> Please consider upgrading this scope statement from "will
> identify...requirements" to something like "will specify an abstract
> interface and notional architecture by which LDP systems can
> interoperate with RESTful authentication and authorization systems".

Personally, I agree with you, but I've heard otherwise from some folks.
Maybe people who disagree can speak up and we can try to work this out
here?

    -- Sandro

> Regards,
> --Paul
> 
> On Sun, 2012-03-18 at 12:13 -0400, Sandro Hawke wrote:
> > After various discussions, we've rewritten the Linked Data Platform
> > (LDP) draft charter.  New version is here:
> > 
> >         http://www.w3.org/2012/ldp/charter
> >         
> > The diff is linked from there, but only the last few paragraphs
> > (standard charter stuff) are the similar enough for the diff to be
> > useful.
> > 
> > At this point, we're expecting to formally propose this to the W3C
> > membership within a week or two, so please review it soon.
> > 
> >    -- Sandro
> > 
> > 
> > 
> 
> 
>

Received on Monday, 19 March 2012 13:09:27 UTC