WebID status recap

On 14 Jun 2013, at 19:00, Nathan <nathan@webr3.org> wrote:

> Henry Story wrote:
>>> You can add many more auth systems onto this list, as you come up with them. 
>> It's nice to see Melvin list all these new possibilities. Given that
>> he never implements any of these protocols, and only suggests
>> that others develop and implement them, his enthusiasm is always the same as on the first days of WebID, and clearly will still be in 10 years time.
> 
> Henry, I'm surprised at you, Melvin has tirelessly promoted and evangelised WebID for years, most of the people working on it, implementing it, and using it, were introduced to it by Melvin. He understands the web specs, the intersection of the and how they all fit together in the bigger picture.
> 
> What is the point in a specification if nobody is aware of it, what is the point of implementations if nobody uses them? I also seem to remember Melvin working on the very first implementations of the spec and creating some of the first publicly available libraries for it.

> Your words were unkind and uncalled for, he's backed you and webid up for years, as long as I've known him, and since WebIDs inception.

That is true, Melvin had an early first implementation. That was great at the time.
But the UI made it nearly impossible to explain the simplicity of WebID. One had
to edit the XML by hand if you recall, and the security was nearly non existent.

It took ages before we started getting good implementations that showed 
just how simple things could be for the end user. We've had a few generations
in between then. Since then http://data.fm, http://myprofile.eu and recently
some great advances by openlink have raised the bar a lot (and there is 
still a lot further to go)

In the meantime the notion that WebID was difficult to use was being 
repeated by detractors, and Melvin himself often continues repeating
those things as if they were absolutely true, instead of just problems with
the initial implementations he had. 

The solutions Melvin come up with usually end up making things more complicated,
however much he argues they don't. I know because I have implemented WebID quite
a few times over the years now. Piling on new options is not the answer to make
things more widely adopted: rather it is the opposite - make each thing simple
and then move to the next layer which needs developing. Simple is beautiful.

WebID is part of a larger stack of which:

 - Web Access Control
 - Linked Data Platform
 - Pingback and other small but important tricks

So I think it is good that we made the WebID identity distinction from 
the WebID Authentication over TLS distinction. Others can come to the
table. But I think we have wasted a huge amount of time here discussion
options as if the problems were with the protocol, where they really were
with the implementations.

I am building another implementation now in Scala. For this to work
I have come to the conlcusion that one does in fact need the whole
stack, and one needs to implement it perfectly... We need to now
get to the point of creating tools that merge the data layer of
http://data.fm and http://myprofile.eu

This is where we start having very powerful tools to do what we
wanted to do initially: that is create a secure social web. 

New ideas on how to build a slightly different authentication protocol
are cheap and easy. Building the full stack is hard. I'd rather we help
people work on building the stack we have then thinking that building
yet another variant of an authentication system is going to help.
We really need now great implementations that interoperate.

So please let us help developers get on board with what we have now,
and then if you want to develop new protocols, the foaf-protocols mailing
list is the better place to do that, and I'd suggest having an initial
implementation too.

Hope this helps Nathan, and thanks for your great and always very
details contributions over the years.

Henry

Social Web Architect
http://bblfish.net/

Received on Friday, 14 June 2013 17:47:43 UTC