W3C home > Mailing lists > Public > public-ldp@w3.org > March 2012

Re: access control -- in or out of scope?

From: David Wood <david@3roundstones.com>
Date: Mon, 19 Mar 2012 11:59:31 -0400
Cc: Paul Tyson <phtyson@sbcglobal.net>, public-ldp@w3.org
Message-Id: <8DFF5D0B-A60B-4C88-975C-8BE634E32A54@3roundstones.com>
To: Sandro Hawke <sandro@w3.org>
On Mar 19, 2012, at 09:09, Sandro Hawke wrote:

> On Sun, 2012-03-18 at 16:28 -0500, Paul Tyson wrote:
>> Section 2. Scope.
>> 
>> "The Working Group will not normatively specify solutions for access
>> control and authentication for Linked Data. However the Working Group
>> will identify, based on a set of real world use cases, requirements for
>> necessary authentication and authorization technologies."
>> 
>> I understand how a strict construction of "linked data" would rule this
>> out of scope, but realistically no one will be able to champion LDP in
>> an enterprise with only a set of "requirements" for the security aspect.
>> In the enterprise, security and access control must be built in from the
>> ground up, not added as an afterthought.
>> 
>> Industry doesn't need yet another set of requirements for access
>> control. There are already several good models: XACML seems the most
>> nearly suited for LDP, but there are also RIF and RuleML (and
>> LegalRuleML recently started as an OASIS TC). The XACML TC has started
>> work on a RESTful profile for XACML.
>> 
>> Please consider upgrading this scope statement from "will
>> identify...requirements" to something like "will specify an abstract
>> interface and notional architecture by which LDP systems can
>> interoperate with RESTful authentication and authorization systems".
> 
> Personally, I agree with you, but I've heard otherwise from some folks.
> Maybe people who disagree can speak up and we can try to work this out
> here?

It seems to me that an abstract interface is all that is necessary, and that at least that much is necessary.  Defining requirements by way of an abstract interface (perhaps very similar/identical to the LD API?) is better than just listing requirements, IMO.

Regards,
Dave

> 
>    -- Sandro
> 
>> Regards,
>> --Paul
>> 
>> On Sun, 2012-03-18 at 12:13 -0400, Sandro Hawke wrote:
>>> After various discussions, we've rewritten the Linked Data Platform
>>> (LDP) draft charter.  New version is here:
>>> 
>>>        http://www.w3.org/2012/ldp/charter
>>> 
>>> The diff is linked from there, but only the last few paragraphs
>>> (standard charter stuff) are the similar enough for the diff to be
>>> useful.
>>> 
>>> At this point, we're expecting to formally propose this to the W3C
>>> membership within a week or two, so please review it soon.
>>> 
>>>   -- Sandro
>>> 
>>> 
>>> 
>> 
>> 
>> 
> 
> 
> 
Received on Monday, 19 March 2012 16:00:08 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 19 March 2012 16:00:09 GMT