RE: self-signed

 

 

-----Original Message-----
From: public-xg-webid-request@w3.org [mailto:public-xg-webid-request@w3.org]
On Behalf Of Henry Story
Sent: Tuesday, April 19, 2011 7:26 AM
To: peter williams
Cc: 'Mo McRoberts'; 'Kingsley Idehen'; public-xg-webid@w3.org
Subject: Re: self-signed

 

 

 

We are setting foundations for Linked Data, but we restricted ourselves on
purpose to start off with to identity, the part that does not require more
of linked data than dereferencing the WebID. Well with webfinger we get a
bit more linked data, as you have to do 2 dereferencings, one following the
other. But linked data and linked pages is the whole point of WebId of
course. If you think that is silly then you are in the wrong group.

 

Let's deal with the above, remembering this is an incubator (not a working
group). It's here to produce a report about possible W3C activities in the
future. 

 

I was persuaded by your argument to the openid group that the foaf project
(as disclosed, years ago) had merit. That is, the foaf card as someone's
updated homepage could hold the public key. The proposal for foaf differed
from openid in that what openid call merely an "identity page" to us is the
home page card. It must exist, and its critical to the security model. It's
the foundation of de-referencing the identifier, and it is crucial to
assigning meaning to an identifier (beyond a scheme id). For openid, its
not: the identity page is a nice to have that nobody uses as what folks use
is the signed-assertion from the IDP. The IDP is the authority, stripping
public authority from the owner of the identity/foaf page. It forces folks
to use intermediaries, to communicate. 

 

Though openid users of such as wordpress OPs seem to be authorities, lets
note how the major sites refuse to accept them. The trust model didn't work,
that is; failing to convince mainstream businesses that it induced a new
(and viable) way to talk/interact to/with mass audiences, for a commodity
cost. It ended up repeating SAML, with a different bit format. It made no
difference to the web. Its just websso. It made less impact than OAUTH
(which is itself only a minor variant of SAML attribute/XYZ queries, with
recurring artifact binding).

 

I never cared for and still nothing for linked data movement, beyond what
the original foaf project advocates: get folks to write home pages with
contact details in some RDF dialect. I could not care less about ontologies
and a new class of web interaction, any more than I care about the
relational algebra and schema design languages in SQL land. I just write
queries to munge data, not query languages. 

 

The first mass adoption of webid will be in something unrelated to ontology
based conceptions of the future web, if history follows its normal course.
For all I know, it will be a twist like that which made certs take off
(after waiting at the church, for 15 years, unwed). There, it was desire to
provide consumer-grade assurance to credit-card users, allowing credit cards
brands to market their "brand assurances" on a massive scale. Suddenly,
certs were there.just right for that purpose. So good was that motivation,
it changed US national policy on suppressing crypto (and harassing people
like me).