- From: Kingsley Idehen <kidehen@openlinksw.com>
- Date: Tue, 25 Sep 2012 18:39:55 -0400
- To: Ben Laurie <benl@google.com>
- CC: "public-webid@w3.org" <public-webid@w3.org>
- Message-ID: <506232BB.3020001@openlinksw.com>
On 9/25/12 5:31 PM, Ben Laurie wrote: > On 25 September 2012 20:16, Kingsley Idehen <kidehen@openlinksw.com> wrote: >> On 9/25/12 2:44 PM, Henry Story wrote: >>> I am just ccing Andrei, because Ben >>> (http://research.google.com/pubs/author9639.html ) - has found a bug >>> inhttps://my-profile.eu/ . (see below) My guess is that Ben logged in with >>> a certificate that is not WebID enabled. So that's a good extra test case to >>> add. Of course for people like Ben, the failure of having a Logout button on >>> chrome is going to add to that inconvenience - because having logged in with >>> a certificate that may not be signed by a CA my-profile.eu knows about, he >>> won't be able to change his certificate later after having made a new one. >> >> Ben, >> >> Wondering if you evaluated WebID using any other services or scenarios? Your >> feedback would be much appreciated. >> >> Henry: I keep on telling you, one implementation doesn't canonically reflect >> WebID. As you can imagine, Ben is time challenged, if he plays with a >> solution that's pitched as canonical its natural for him to draw blanket >> conclusions. >> >> I continue to encourage you to separate the concept and virtues of WebID >> from a specific WebID solution that aligns with your personal world view >> etc.. >> >> In my world view, the simplest demonstration of WebID's value takes the >> following form: >> >> 1. A resource is published to the Web >> 2. The resource is ACL protected >> 3. Existence of the resource is published via email, tweet, blog post etc.. >> 4. A user tries to access the resource -- they fail or succeed subject to >> ACL membership >> 5. User requests access to resource by providing their WebID to resource >> owner -- this is also where signed email are useful since the WebID can be >> nipped from the senders signed email certificate. >> >> In addition to the above, the resource acl document can itself have ACLs >> that enable a variety of users expand its ACL memebership thereby making an >> organic social network. > Gah! What does this have to do with WebID? If I substitue "magic pixie > dust" for "WebID" in the above, well, I have a fantastic example of > how magic pixie dust secures the web. Great. Now what? > > OK, I guess there's one nugget in there: apparently magic pixie dust > can be nipped from unauthenticated email I sent. > > I'm not feeling very enlightened. > > > Ben, I assumed you attempted to explore WebID via my-profile.eu and hit some problems. Hence my comments. If you are interested in taking a quick look at what's possible with WebID and ACLs, I have a simple example on G+. Here are the components in use re. aforementioned demo: 1. WebID -- verifiable identifier in the form of a personal URI 2. X.509 Certificate -- watermarked with a WebID in its SAN slot 3. Profile Document -- a document with structured content based on the RDF data model 4. Access Control List Ontology -- this describes the authorization modes and how they are scoped to WebIDs. Links: 1. http://bit.ly/O4LNKf -- A simple guide to Web-scale verifiable identity that leverages WebID based ACLs . -- Regards, Kingsley Idehen Founder & CEO OpenLink Software Company Web: http://www.openlinksw.com Personal Weblog: http://www.openlinksw.com/blog/~kidehen Twitter/Identi.ca handle: @kidehen Google+ Profile: https://plus.google.com/112399767740508618350/about LinkedIn Profile: http://www.linkedin.com/in/kidehen
Attachments
- application/pkcs7-signature attachment: S/MIME Cryptographic Signature
Received on Tuesday, 25 September 2012 22:40:17 UTC