Re: [foaf-protocols] WebID status recap?

One thing the “team” needs to do ( in my evil opinion ) is look at the rest of the planet. Its too easy to end up with a PhD grade response (that is 10 years ahead of the curve, if its doing its job, and 19 years ahead of my industry). FOAF+SSL is nearly 5 years old, and I still have 14 years to wait... certs were 5 years old when I met them (1991), took 5 years to hit silicon valley (1994, and thank NSA for indirectly funding me and others in those IETF-wilderness years...), and will probably last util 2016 (20 years!) till they are fully replaced by the signed JSON equivalent. Hopefully, the change of syntax helps further adoption.


For example, go look in detail at Microsoft Azure AD access control model recently release to production usage - for federating ATOM sources into communities of interest. Mixes read/write, token passing, webSSO, and identity bridging. Even has a strong app story for non-browser UAs (on more “Trusted/governed” devices), using http. It has many of the elements of the original secure X.500 story (without the baggage, though).



I would never bet my business on it, being an American cloud (that comes loaded with snoopability, data retention, and governance baggage). But, I don't see why it should not be one way of connecting. I’ve no objecting to being governed, so long as there is no meaningful impact on me (other than loss of the brand association, or ease of use, etc) when Im thrown out. AS a SAAS vendor, I’ve no objection to using a cloud platform for federation management (so long as, as in our industry, its COMMONLY only 3 months till one can swap one core vendor for another). 


Where networks of offline PKI CAs failed (thanks PGP for killing the golden goose), perhaps online OAUTH federation-ready token issuers will succeed.



Sent from Windows Mail