W3C home > Mailing lists > Public > public-xg-webid@w3.org > December 2011

Re: Important Question re. WebID Verifiers & Linked Data

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Thu, 22 Dec 2011 07:59:03 -0500
Message-ID: <4EF32997.5080601@openlinksw.com>
To: public-xg-webid@w3.org
On 12/22/11 5:05 AM, Henry Story wrote:
> On 21 Dec 2011, at 19:08, Kingsley Idehen wrote:
>
>> On 12/21/11 12:55 PM, Mo McRoberts wrote:
>>> On 21 Dec 2011, at 17:47, Kingsley Idehen wrote:
>>>
>>>> I used to think so until Henry expressed questionable suggestions about URI handling that breaks the abstraction re. WebID verifiers.
>>> I’m think it was actually Peter initially, but I could be wrong; Henry just revisited the issue, and took a safe (from a security perspective, if broken from a web arch angle) default position.
>>>
>>> I’m not sure why that prompted this whole thread. Just saying “redirection (and indirection!) are a fundamental part of web architecture, we just need to settle on how they’re handled from a security perspective” would’ve been a perfectly decent answer to Henry’s question…
>>>
>>> M.
>>>
>> Here is how I would frame a security problem (something I've done in the past).
>>
>> An owl:sameAs relation exists in a graph somewhere along the de-reference trails. A verifier follows the link and finds match. Or said verifier applies inference and makes a union and then gets a match. In either case, one deftly placed relation have tipped the apple cart.
>>
>> Solution: implementers of WebID verifiers have to factor in crawl depths and relation semantics. Suggestion could go as far as seeking signed claims for specific relations. BTW -- this doesn't have to be part of the WebID spec, it's just a note for engineers.
> I think following owl:sameAs relations is better left to the authorisation part.

I never implied it needed to be part of the WebID spec. I said, we can 
add cautionary notes for engineers re. implications of follow-your-nose 
data navigation and the transitive nature of owl:sameAs. Net effect: 
alleviating concerns about redirects.


> Requiring it of the Authentication part, makes the entry point into WebID harder, as it adds a bit of a reasoning layer.

Again, I never said it should be part of the Authentication part. This 
is for an engineer implementing a verifier.

A spec is a spec. It isn't a document about how to program.

> The spec states that the WebID should point to a WebID  Profile and that this should contain the key.
>
> Now it is true that the spec currently has a pointer from the html to other representations too.
>
> Anyway I have not implemented this part, and I wonder how many people have. This is also not something we have discussed. Perhaps we should open an issue on this one. I can see that there are other things to follow up on here. What about seeAlso links, or alternative relation links, or what perhaps a movedTo relation? But should someone still be using that WebID if they have a new WebID somewhere else? So this opens up a lot of interesting questions.

The semantics of predicates determine the meaning expressed in an 
eav/spo based relation. The issue of concern re. owl:sameAs is 
transitivity.


Kingsley
>
>> The ultimate challenge for WebID is this, you are going to have variation re. product quality. That's fine, a spec can't control actual engineering, it can only provide the specs for the act of engineering.
>>
>> The Internet was broken security wise before the WWW came along. WebID has a great shot of fixing this problem, but it really has to understand and honor the age-old practice known as separation of powers.
>>
>> The WebID spec shouldn't be about encouraging implementations that are fundamentally technology Camels -- the usual product of attempting innovation by committee. A spec must sit distinct from implementation engineering.
> ok.
>
>> -- 
>>
>> Regards,
>>
>> Kingsley Idehen	
>> Founder&   CEO
>> OpenLink Software
>> Company Web: http://www.openlinksw.com
>> Personal Weblog: http://www.openlinksw.com/blog/~kidehen
>> Twitter/Identi.ca handle: @kidehen
>> Google+ Profile: https://plus.google.com/112399767740508618350/about
>> LinkedIn Profile: http://www.linkedin.com/in/kidehen
>>
>>
>>
>>
>>
>>
> Social Web Architect
> http://bblfish.net/
>
>
>


-- 

Regards,

Kingsley Idehen	
Founder&  CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen








Received on Thursday, 22 December 2011 12:59:26 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 22 December 2011 12:59:26 GMT