Re: Web ID use cases

On 11/28/16 1:59 AM, Anders Rundgren wrote:
> Kingsley,
>
> If we stick to browsers, WebID-TLS has gone from being "somewhat
> awkward" to
> "downright impossible" with the deprecation of <keygen>.

You are conflating the following:

1. Identity verification protocol
2. UI/UX for generating identity credentials.

<keygen/> isn't what determines utility of WebID-TLS. Does "adduser" or
lack thereof determine the ability to authenticate a user on Unix/Linux?

> Importing PKCS #12
> keys doesn't meet social network usability requirements.

Again, you are arriving at subjective conclusion that's inaccurate. Who
are you or I to determine what's socially acceptable to an end-user with
a functioning brain?

A PKCS#12 is an open standards based document type for storing identity
credentials. It is known to all major operating systems i.e., each
provides UI/UX for handling this document type. Anyone can open an
pkcs#12 document en route to safe interaction with an OS provided
keystore, if they choose to import credentials to such stores. The same
applies to any browser that uses its own keystore.
>
> Apparently OpenLink Software have addressed some or all issues aided
> by browser extensions.
> This is great but represents a new solution which nobody else in this
> list has talked about.

Yes, because we went off track with <keygen/>, in a nutshell.

>
> If a revision project actually is in scope, I think you should begin
> untangling the
> system from TLS CCA (Client Certificate Authentication), and follow
> the general
> trend which is using application-level authentication rather than
> transport-level
> authentication.

Applications are Silos. We need a solution that isn't hard-wired to any
application. We MUST keep the following loosely-coupled, which is only
achievable via open standards:

1. Identity
2. Identity Claims (Public and Private variants) Documents
3. Identity Authentication Protocols
4. Identity oriented Applications
5. Operating Systems
>
> If you do that then you can safely dump the binding to X.509 client
> certificates
> since a public key + signed assertion [1,2] does the same job as
> proven by FIDO.

Why on earth would I want to drop X.509 (an open standard)? Note, with
WebID+TLS+Delegation you don't need an X.509 Certificate for each WebID,
you only need it for a Software Agent (as I demonstrate in my examples)
[1][2].

What I am demonstrating "just works!"  and it doesn't need the
permission of cooperation of any vendor. Why? Because they already
support open standards such as:

1. URIs -- for entity identification (which includes identification of
entity relations or relationship types)
2. HTTPS, SSL/TLS
3. Typed Relations -- using a variety of notations (e.g., RDF-Turtle,
JSON-LD, and others)
4. X.509
5. PKCS#12.

All we are doing (at OpenLink Software) boils down to orchestrated use
of these standards to solve the issue of loosely-coupled verifiable
identity, that scales to the Web & Internet. That's it.

We've built extensions that simply add missing functionality to all the
major browsers that covers:

1. WebID+TLS+Delegation exploitation
2. Handling of content-types missing from the defaults of the major
browsers (we even support Microsoft Edge).

Links:

[1]
https://medium.com/virtuoso-blog/web-logic-sentences-and-the-magic-of-being-you-e2a719d01f73#.aboqar22m
-- Conceptual overview (with a working example) of WebID+TLS+Delegation

[2]
https://medium.com/openlink-software-blog/verifiable-identity-controlled-by-you-at-web-scale-3d66399cb114#.oiyf67k2v 
- Showcases a new WebID Extension for Chrome, Opera, Firefox etc..
>
> The core idea behind WebID-TLS is actually quite cool but clinging on
> to the current
> platform is not.
>
> Best
> Anders
>
> 1] like the following, here in JCS format:
>
> {
>     "WebIdUrl": "https://myseserver.com/john.doe",
>     "target": "https://the-network.com/logon",
>     "nonce": "eYqbGYkHfAsOUTJiuqfU98Rou_mfn0etWUkvDVOF_Fw",
>     "timeStamp": "2016-11-28T20:37:06+01:00",
>     "signature": {
>         "algorithm": "ES256",
>         "publicKey": {
>             "type": "EC",
>             "curve": "P-256",
>             "x": "vlYxD4dtFJOp1_8_QUcieWCW-4KrLMmFL2rpkY1bQDs",
>             "y": "fxEF70yJenP3SPHM9hv-EnvhG6nXr3_S-fDqoj-F6yM"
>         },
>         "value":
> "TDKWQb9idTyPXgpOgIxXeogtl-P3e8oJPAKNZLVAYbQNSebV_CwSFOykR7llhC5_dG3uU6MPmqjQLc7jju4f0Q"
>     }
> }
>
> 2] or if you prefer the IETF-JOSE notation:
>
> {
>     "payload":
> "eyJAY29udGV4wMDUiLCJ0aW1lU3RhbXAiOiIyMDE2LTAyLTAyVDEwOjA3OjQyWiJ9",
>     "protected":
> "eyJhbGciOiJFUzI1NiIsIng1YyAvV2UvKzVUZGRobFRVTU5Qdnc9PSJdfQ",
>     "signature":
> "lBAFxpv2IQiuHmDBnBzOn8cd081ViLEoViAUS4Zkt9F-yI1-ajaUcnrfWtYy-QaHHkLkAKSRsnz_a2SFIdbPAg"
> }
>
> On 2016-11-27 20:19, Kingsley Idehen wrote:
>> On 11/27/16 6:09 AM, Anders Rundgren wrote:
>>> The question was really about actual usage, a question which is
>>> typically answered with "I use it" which is somewhat less interesting
>>> for people doing market research.
>>
>> Did I not explicitly state "we have customers using
>> WebID+TLS+Delegation" , what else do you want to hear. There are paying
>> customers using this technology on the basis of it being the only
>> practical solution to their security challenges.
>>
>>>
>>> Talking about the latter, the fact is that almost the entire "Web
>>> authentication industry" are betting on FIDO alliance products and so
>>> have the W3C.
>>
>> This has zilch to do with FIDO and everything to do with relationship
>> semantics and existing open standards collectively solving a real
>> problem.
>>>
>>> Fighting the industry giants may be fun, but without a concerted
>>> action, you get absolutely nowhere.
>>
>> I am not fighting industry giants. I am only interested in real
>> solutions to real problem, based on deep understanding of both the
>> problem and the solutions that are possible.
>>
>>>
>>> BTW, a core idea behind Web ID has always been to *NOT* invent (=only
>>> rely on existing technology), which is a self-imposed limitation.
>>
>> Nonsense, sorry!
>>
>> Kingsley
>>>
>>> Anders
>>>
>>> On 2016-11-26 21:45, Kingsley Idehen wrote:
>>>> On 11/26/16 3:54 AM, Anders Rundgren wrote:
>>>>> On 2016-11-23 12:40, Gabriel Lucas wrote:
>>>>>> Hello,
>>>>>>
>>>>>> We are designing the new website for a public cultural institution.
>>>>>> For
>>>>>> the logging system we are evaluating various options, one is Web-ID.
>>>>>>
>>>>>> The web would be based in Drupal 7, there is a module created 5
>>>>>> years
>>>>>> ago, that has not been updated in the last 3 years.
>>>>>> https://www.drupal.org/project/webid
>>>>>>
>>>>>> We are wondering how much Web-Id is being used around.
>>>>>>
>>>>>> Do you know of any good use case where it is being used?
>>>>>> Could you give us some advice?
>>>>>
>>>>> Hello Gabriel,
>>>>>
>>>>> If you want ubiquitous access, the only recommendable solution would
>>>>> be to accept
>>>>> logins from third-party identity providers like Google, Facebook and
>>>>> Twitter.
>>>>>
>>>>> Another option is the traditional "mail-roundtrip" registration and
>>>>> a password.
>>>>>
>>>>> Both would be optimal.
>>>>>
>>>>> Anything else will be experienced as a hurdle.
>>>>>
>>>>> Anders
>>>> Anders,
>>>>
>>>> The UI/UX hurdles that you reference in your comments above are
>>>> solved via WebID+TLS+Delegation [1][2]. Fundamentally, you need a
>>>> Identifiers and a Profile documents controlled by users for the Web
>>>> to work.  Failing to make this shift will simply continue to
>>>> challenge the Web & Internet for the worse. The world is already in
>>>> shock re. Brexit and recent US Elections (all real examples of how
>>>> Web 2.0 has affected society as we know it).
>>>>
>>>> Issues of concern are building up rapidly and their effects on
>>>> society are becoming more profound by the second:
>>>>
>>>> 1. Verifiable Identity controlled by users (rather than service
>>>> providers) -- Privacy issue
>>>>
>>>> 2. Structured Metadata comprehensible to Search Engines -- SERPs
>>>> issue which also affects "Fake News"
>>>>
>>>> Links:
>>>>
>>>> [1]
>>>> https://medium.com/virtuoso-blog/web-logic-sentences-and-the-magic-of-being-you-e2a719d01f73#.aboqar22m
>>>>
>>>> -- Conceptual overview (with a working example) of
>>>> WebID+TLS+Delegation
>>>>
>>>> [2]
>>>> https://medium.com/openlink-software-blog/verifiable-identity-controlled-by-you-at-web-scale-3d66399cb114#.oiyf67k2v
>>>>
>>>> - Showcases a new WebID Extension for Chrome, Opera, Firefox etc..
>>>>
>>>> [3]
>>>> https://medium.com/openlink-software-blog/semantic-search-engine-optimization-sseo-2a0ab8d17b00#.xtz068kta
>>>>
>>>>
>>>>
>>>> -- 
>>>> Regards,
>>>>
>>>> Kingsley Idehen
>>>> Founder & CEO
>>>> OpenLink Software   (Home Page: http://www.openlinksw.com)
>>>>
>>>> Weblogs (Blogs):
>>>> Legacy Blog: http://www.openlinksw.com/blog/~kidehen/
>>>> Blogspot Blog: http://kidehen.blogspot.com
>>>> Medium Blog: https://medium.com/@kidehen
>>>>
>>>> Profile Pages:
>>>> Pinterest: https://www.pinterest.com/kidehen/
>>>> Quora: https://www.quora.com/profile/Kingsley-Uyi-Idehen
>>>> Twitter: https://twitter.com/kidehen
>>>> Google+: https://plus.google.com/+KingsleyIdehen/about
>>>> LinkedIn: http://www.linkedin.com/in/kidehen
>>>>
>>>> Web Identities (WebID):
>>>> Personal: http://kingsley.idehen.net/dataspace/person/kidehen#this
>>>>         :
>>>> http://id.myopenlink.net/DAV/home/KingsleyUyiIdehen/Public/kingsley.ttl#this
>>>>
>>>>
>>>
>>>
>>>
>>
>>
>
>


-- 
Regards,

Kingsley Idehen       
Founder & CEO 
OpenLink Software   (Home Page: http://www.openlinksw.com)

Weblogs (Blogs):
Legacy Blog: http://www.openlinksw.com/blog/~kidehen/
Blogspot Blog: http://kidehen.blogspot.com
Medium Blog: https://medium.com/@kidehen

Profile Pages:
Pinterest: https://www.pinterest.com/kidehen/
Quora: https://www.quora.com/profile/Kingsley-Uyi-Idehen
Twitter: https://twitter.com/kidehen
Google+: https://plus.google.com/+KingsleyIdehen/about
LinkedIn: http://www.linkedin.com/in/kidehen

Web Identities (WebID):
Personal: http://kingsley.idehen.net/dataspace/person/kidehen#this
        : http://id.myopenlink.net/DAV/home/KingsleyUyiIdehen/Public/kingsley.ttl#this

Attachments

Received on Monday, 28 November 2016 14:12:04 UTC