W3C home > Mailing lists > Public > public-xg-webid@w3.org > November 2011

Re: WebID TLS

From: Peter Williams <home_pw@msn.com>
Date: Mon, 7 Nov 2011 12:41:49 -0800
Message-ID: <BLU0-P1-EAS4926EAA72DA75B0BCBFDFC92D90@phx.gbl>
To: Melvin Carvalho <melvincarvalho@gmail.com>
CC: "public-xg-webid@w3.org" <public-xg-webid@w3.org>
You note Henry's question.

It reads to me: I'll admit logically what Peter and melvin (and others) assert, but I want the group to agree that nothing can be done to advance it. What should be advanced is that which would have been advanced anyways should we have not logically extended the definition.

Net result: pointless decision and lack of trust in the method of formulating consensus on direction and end goal. It's pointless arguing and debating policy, that is.

Folks don't seem to understand that a consensus decision is measured as much by its tone as its results. Otherwise, it's just yet another pressure group, grinding some ax (some web doctrinal approach, or other).

There is nothing wrong with research projects grinding axes. But, that is the class they are assigned - which means one waits for maturity before  considering any adoption (beyond some throwaway demo sites).

On Nov 7, 2011, at 1:52 AM, "Melvin Carvalho" <melvincarvalho@gmail.com> wrote:

> On 6 November 2011 02:29, Peter Williams <home_pw@msn.com> wrote:
>> 
>>  Since webid was unable to pursuade anyone (at all?) to adopt https client
>> certs for use on the general internet, I guess the group nhas decided that
>> its appropirate to ensure webid is security protocol agnostic.  I heartily
>> agree. It will help the "portrayal" of W3C to show the webid is not tied to
>> any one security protocol (e.g. a transport layer or IPsec layer protocol).
>> That is, its not just another religiously-motivated group wanting its own
>> security token forma (for no particular reason other than it uses some or
>> other preferred presentation syntax/format).
>> 
>> Ive long argued that when my IDP using a signed SAML2 assertion delivers the
>> webid in a web services call, the properties of said "proof" version of
>> SAML2 are really not that different to a cert delivering the webid. The cert
>> is a signed object, and is carried by a security protocol between browser
>> and site. Said protocol ensures the cert is delivered to the intended
>> recipient (when TLS handshake tunneling is used).  Similarly, in the web
>> services world, the SAML2 token is a signal from browser-hosted script to
>> the site, similarly. The SAML2 handshakes accomplish what jhttps
>> accomplishes : deliverrs an identitificatio blob to the intended recipient.
>> Obviousl, this web services version of SAML2 (available worldwide in
>> windows, now) varies from the more traditional websso version of SAML2, in
>> which the browser is involved - being a mere conduit in the passing of a
>> signed token from one site, to another. Obvbiously, its pretty trivial to
>> move off of SAML2 blobs for web services and use signed JSON blobs, swapping
>> bit formats (yet again).
> 
> Peter, IMHO, this was always the case.  One reason this is a good
> opportunity to clear up possible confusion.
> 
>> 
>> 
>> 
>> 
>> ________________________________
>> From: henry.story@bblfish.net
>> Date: Sun, 6 Nov 2011 01:37:41 +0100
>> CC: public-xg-webid@w3.org
>> To: scorlosquet@gmail.com
>> Subject: Re: WebID TLS
>> 
>> 
>> On 5 Nov 2011, at 23:57, St├ęphane Corlosquet wrote:
>> 
>> Hi Henry,
>> 
>> On Sat, Nov 5, 2011 at 6:42 PM, Henry Story <henry.story@bblfish.net> wrote:
>> 
>> Can we agree to specialise on WebID over TLS for the rest of this Incubator
>> Group, and leave all the other possible protocol implementations for later,
>> say like for when the Cryptography Working Group has finished its API?
>> 
>> I thought that was already the case. Can you clarify and give some examples
>> of what would *not* be included then?
>> 
>> There was a bit of confusion in a few e-mail exchanges recently on the list,
>> so I just wanted to make sure we are in agreement. We can have this document
>> be WebID over TLS leaving open for later WebId over BrowserId type JSON
>> certificate for example.
>> We still have quite a bit of work to do to finish the current spec. It will
>> be quite an achievement to finish it. I'll put more energy back into the
>> spec now. ( I was of in Saint Etienne this week, and was taken up into a lot
>> of meetings at the university there - which also had very bad
>> connectivity).
>> Btw, don't forget we have our weekly meetings now in Skype, so we can do a
>> bit of video conferencing and even some screen sharing. Every month we then
>> will have a more formal meeting.
>> Henry
>> 
>> Steph.
>> 
>> 
>> We need to focus on getting something done so at the end we have some real
>> things to show.
>> 
>> Henry
>> 
>> 
>> Social Web Architect
>> http://bblfish.net/

>> 
>> 
>> 
>> 
>> Social Web Architect
>> http://bblfish.net/

>> 
> 
Received on Monday, 7 November 2011 20:42:59 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 November 2011 20:43:00 GMT