W3C home > Mailing lists > Public > public-webid@w3.org > September 2012

Re: WebID questions -- was: [dane] Call for Adoption: "Using Secure DNS to Associate Certificates with Domain Names For S/MIME"

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Wed, 26 Sep 2012 13:58:21 -0400
Message-ID: <5063423D.9050208@openlinksw.com>
To: Kingsley Idehen <kidehen@openlinksw.com>
CC: Ben Laurie <benl@google.com>, Henry Story <henry.story@bblfish.net>, "public-webid@w3.org" <public-webid@w3.org>, Andrei Sambra <andrei@fcns.eu>
On 9/26/12 1:10 PM, Kingsley Idehen wrote:

Type fixed edition for sake of absolute clarity about my response, as 
edited inline.

> On 9/26/12 11:48 AM, Ben Laurie wrote:
>> No, the point you are missing is that in capabilities the_only_
>> authority I need to access a resource is the name of that resource -
>> the URI in your case.
>

You can't seriously believe I am missing that point while also espousing 
the virtues of hyperlinks as denotation mechanisms for a global web of 
linked data? That doesn't compute. That's a contradiction.

I've published more than enough examples [1] of resource access 
constrained by social relationships semantics and I encourage you to 
take a look and have a play.

>
>> Security derives from the unforgeability of the
>> URI, rather than an independent system that decides if some principal
>> has permission.


Security is not derived from the persistence of a URI per se., its 
derived from the values exposed directly or indirectly via URI 
de-reference with logic handling guiding inference. I can have many 
identifiers, but relationship semantics ultimately determine if I can 
access a resource at an address, directly or indirectly by name reference.

>
>>
>> The problem that best shows the critical difference betweens caps and
>> ACLs is the confused deputy problem:
>> http://en.wikipedia.org/wiki/Confused_deputy_problem.
>
Not at all!

I can sign a document that makes claims about co-reference by name or 
value, in the absolute worst case. Note, a document is a materialized or 
transient view in the aforementioned data access context. Basically, 
that's why we relationship semantics for entailing equivalence by name, 
ditto. inverse functionality. These matters have been long addressed in 
computer science. Right now, we have a ubiquitous Web that simply let's 
us reapply what already exists, in newer and more profound context.

At this juncture, my position hasn't changed. You haven't introduced a 
new insight that's incongruent with what's possible via the Web today.
>
>
Links:

1. http://bit.ly/M7hd4T -- use of social relationship semantics to 
control access to a resource via sparql (basically deep integration of 
relationship semantics into data access via SPARQL protocol )

2. http://bit.ly/UuWZSI -- other posts about different aspects of the 
same fundamental concept re. leveraging Linked Data (which is all about 
URIs based Names) covering semantic relationships applied to controlled 
resource access.

-- 

Regards,

Kingsley Idehen	
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen







Received on Wednesday, 26 September 2012 17:58:49 UTC

This archive was generated by hypermail 2.3.1 : Sunday, 31 March 2013 14:40:59 UTC