Re: openssh, etc and webid from Henry Story on 2011-02-14 (public-xg-webid@w3.org from February 2011)

From: Henry Story <henry.story@bblfish.net>
Date: Mon, 14 Feb 2011 20:33:53 +0100
To: peter williams <home_pw@msn.com>
Cc: "'WebID Incubator Group WG'" <public-xg-webid@w3.org>
Message-Id: <5005C683-B032-4B38-837C-088CDE5FC4C7@bblfish.net>

On 14 Feb 2011, at 19:42, peter williams wrote:

> When I look around at W3C community culture, folks seems to like irc and tools that use openssh to tunnel to a server. I must have used 4 tools in the last days that wrapped putty, simply to leverage its “application-layer” openssh tunneling capabilities.
>  
> Do we want to ensure that webid protocol is as viable in the ssh world, as ssl world?

I opened ISSUE-31  for that.

I would be interested to implement that in Clerezza. Clerezza has an SSH shell, and it would be really nice if
one could connect to the shell using SSH using the same key the admin created from his web browser.

So the use case is appealing.

>  This is really a topic question: should ssl be merely a “binding” of the protocol (to TLS), alongside a SAML binding (to SAML2), an openssh binding (….

could be, but at the same time we need to be careful not to re-invent something so abstract that we end up with SOAP.
And we are still quite limited with the number of people here on this list, as well as our attention span.

I notice that the IETF groups don't go try to solve all the problems simultaneously: they solve very specific problems one at a time. If it is well designed it should be easy to generalise.

 I think this in SSL sounds like a very easy addition.

>  
> Is there anything *innately SSLish* in the protocol (which has to work with https libraries, not only browsers, too recall). I keep calling for folks to leverage SSL’s inner nature to advantage; but I don’t believe anyone is listening – preferring that SSL be treated as a pretty generic way of letting control over private keys deliver certain crypto proofs to the protocol. If the use of SSL truly is generic “by posture”, then perhaps the whole scheme ought to be working with equivalents to SSL – particularly those that allow for really easy integration of tunnels – tunnels that the webid protocol to XYZ application, not only browsers.

WebID is really extremely simple. So it will have huge number of applications. I don't think we are limiting initially what can be done. We have a lot of applications that use WebIDs as defined now over HTTPS. This has led people to write the spec we see now. If people start applying WebID to other protocols, then their feedback would be greatly appreciated. Perhaps there is a use case that is very interesting that we can then tie in. 

And perhaps when we have two such examples, and three implementations and we want to tie it in, we will see the point of modularising the spec.

So I say: nothing stops people form playing around, and writing up reports on how WebID works with other protocols. That's what we have a wiki for. 

Henry

>  
>  

Social Web Architect
http://bblfish.net/

Received on Monday, 14 February 2011 19:34:31 UTC