Re: ACL from Stéphane Corlosquet on 2011-01-25 (public-xg-webid@w3.org from January 2011)

From: Stéphane Corlosquet <scorlosquet@gmail.com>
Date: Tue, 25 Jan 2011 14:33:16 -0500
To: Alexandre Passant <alexandre.passant@deri.org>
Cc: Henry Story <henry.story@bblfish.net>, nathan@webr3.org, WebID XG <public-xg-webid@w3.org>
Message-ID: <AANLkTik2QaEUx9wtL9w6cj=RUkfHVSdwWMnhP-QV-xwn@mail.gmail.com>

On Tue, Jan 25, 2011 at 2:14 PM, Alexandre Passant <
alexandre.passant@deri.org> wrote:

> Hi,
>
> On 25 Jan 2011, at 19:02, Henry Story wrote:
>
> > Not sure.
> >
> > I think WebID spec and testing interoperability of WebID implementations
> > is core, as well as issues in browsers that we can see that could improve
> > things.
> >
> > ACLs are not far from the core, and may even be needed to get
> implementations
> > going a bit beyond the simplest point. They may even be needed for
> testing.
> >
> > Every little thing we add can create a huge amount of workload. So we
> have to
> > be careful :-)
>
> Indeed, one year is quite short, and we have to follow the charter to avoid
> "off-topic" work and provide the expected deliverables on time.
>
> However, mentioning ACL and some existing ontologies could be relevant in
> the requirements document.
>
> > For example standardising ACLs could end up require work comparing
> > all kinds of ACLs ontologies, not an easy task.
> >
> > Perhaps the question to ask is: where does not having ACLs start creating
> > interoperability limitations for WebID implementations? Ie, how far can
> we
> > go without them?
>
> My feeling is that we could get WebID (authentication) without ACL issues.
> What people do when the user is authenticated (e.g. use ACL ontology to
> deliver X or Y) is IMO a matter of the implementation, not of WebID itself.
>

Alex has put it well and I agree: the WebID authentication mechanism merely
ensure you are who you say you are, and that you can trust that the WebID
profile doc is owned by the user trying to access something, but the
decisions that the server/app makes from there onwards are your problems :)
This feeling was also expressed on foaf-protocols a few times. That said,
ACL could relevant in the examples to show how WebID is useful in the bigger
picture, and what kind of applications it enables.

Steph.


>
> Alex.
>
> >
> > Henry
> >
> > On 25 Jan 2011, at 19:42, Nathan wrote:
> >
> >> Hi All,
> >>
> >> Quick scope check, is ACL, like http://esw.w3.org/WebAccessControlunder the scope of this IG?
> >>
> >> Best,
> >>
> >> Nathan
> >>
> >
> > Social Web Architect
> > http://bblfish.net/
> >
> >
>
> --
> Dr. Alexandre Passant
> Digital Enterprise Research Institute
> National University of Ireland, Galway
> :me owl:sameAs <http://apassant.net/alex> .
>
>
>
>
>
>
>
>

Received on Tuesday, 25 January 2011 19:37:15 UTC