W3C home > Mailing lists > Public > public-xg-webid@w3.org > January 2012

Re: Matter of DN and what's possible

From: Henry Story <henry.story@bblfish.net>
Date: Mon, 9 Jan 2012 18:11:06 +0100
Cc: public-xg-webid@w3.org
Message-Id: <FF163D01-18FC-43F3-9BAB-641D6D6D1E1A@bblfish.net>
To: Kingsley Idehen <kidehen@openlinksw.com>

On 9 Jan 2012, at 17:40, Kingsley Idehen wrote:

> On 1/9/12 11:03 AM, Henry Story wrote:
>> On 9 Jan 2012, at 16:32, Kingsley Idehen wrote:
>> 
>>> On 1/9/12 10:15 AM, Henry Story wrote:
>>>> On 9 Jan 2012, at 15:20, Kingsley Idehen wrote:
>>>> 
>>>>> On 1/9/12 8:35 AM, Henry Story wrote:
>>>>>> On 9 Jan 2012, at 14:06, Kingsley Idehen wrote:
>>>>>> 
>>>>>>> On 1/9/12 7:20 AM, Mo McRoberts wrote:
>>>>>>>> Kingsley,
>>>>>>>> 
>>>>>>>> The point of mirroring the claim in a resource which can be retrieved by de-referencing the URI the holder assigns themselves is so that you can be sure they have a reasonable degree of authority over that URI, and so can use it as an identifier for them.
>>>>>>> That assurance doesn't come solely from the SAN. It comes from the certificate. The SAN simply offers a slot to hold Name(s). The fact that said Names are de-referencable is a Web scale luxury that most publishers simply cannot afford, as already demonstrated by Peter.
>>>>> Henry,
>>>>>> Peter Williams does not prove anything. Peter is not mentioned on the Alice and Bob page.
>>>>>>   http://en.wikipedia.org/wiki/Alice_and_Bob
>>>>> I did say he did. I am saying: he's efforts demonstrate the point I am trying to make. I speak about actual implementation examples. Peter is experimenting and showcasing reality.
>>> Henry,
>>> 
>>>> He is experimenting reality?
>>> Yes, his reality for his use-case scenarios.
>> Well one does not experiment reality even in that case.
>> 
>> What we would like to know about is his use-cases then. Or rather your use case, as its better if you speak for yourself.
> 
> The use case is simple:
> How do commodity / consumer level publisher profiles exploit WebID?
> 
> Characteristics of this profile:
> 
> 1. No control over HTTP server
> 2. No control over resource mime types
> 3. Rent space via SaaS model providers such as blogspot, wordpress, twitter, linkedin, facebook etc..
> 4. Cut & Paste is their basic entry point re. Web resource creation (which includes info cards and profile documents).

But people with those profiles will never be bothered about WebID at all in a technical way. They will only be interested if Wordpress, BlogSpot, etc offers it to them in a nicely integrated way. Everyone who at this stage is interested in WebID will be people with a modicum of technical know how. Such as people who have their own blog and people who are developers for BlogSpot or WordPress or Identica, and so who know how to do things technically and who do control an http server.

There will be some users such as  bloggers that will be able to add html to a blog to put their webid there. In a few months when clarity as to microdata/rdfa is made, they won't even have to have problems with mime types.

There is some cut and paste these people will do, but those are early adopters. We can make life a bit easier for those early adopters, but I don't see your proposals doing that. Or at least I don't see how it does, and whatever you seem to be saying seems to be done more easily some other way.

> 
>> 
>>>> As opposed to experimenting with the imaginary worlds?
>>> There you go again with counter productive subjective commentary.
>>> 
>>> Do you know how much it would cost to obtain a modicum of the QA that Peter is providing re. WebID. Ah! I forgot, this all about Open Source and free where individual times costs don't matter, right?
>> Do you know how much time it takes to read a lot of this?
> 
> Again, that's your problem not mine. I read through his documents because I value his commentary and experiments.
> 
> You might not agree with the  Subject Information Access Address extension,

Well  I prefer your use of Subject Information Address extension to your previous attempts to put that information in the DN.
So there is progress here.

> but in my world view, it solves a major headache. Thus, no more arguments about using CN for addresses when there is an existing extension with the appropriate semantics in place.

yes, good that  we moved away from trying to put this in the CN. But remember how adamant you were about this a few weeks ago.

> Said semantics are reproducable in a idp space hosted directed graph servicing as the description of the subject of a certificate using the identifiers in the certs SAN.

> 
> 
>>  Peter Williams has never implemented WebID at all.
> 
> But that's unimportant if this dialogue is about WebID utilization experiments and QA.

The QA he has done recently is good. If one looks at his attempts as attempts to break WebID then they are interesting. It's just that I would not go from that to trying to jump to conclusions about us needing to change the protocol. He is just looking for corner cases.

> Is this effort solely about implementing WebID rather than actually testing its practical utility via user profiles?

I don't have a problem with testing.


>>  So there is very little reason to listen to his always more and more complex ideas.
> 
> They might seem complex to your profile. They aren't complex to mine. I quickly hone into the practical and pragmatic utility of what Peter is seeking. I discern that from his comments and reconcile that with his experiments.

Well he has shown that many blogging services make it difficult to add any type of markup. Part of the reason for that is because of javascript's ability to take any freedom given to users and make use of that to create security holes. That is because javascript is a turing complete language of course and so makes security analysis impossible. 

[snip: enough speaking about Peter Williams, right? he manages to put himself in the headline of most threads here]
[snip: on the name/uri so called ambiguity which is too general to be of interest here]

Anyway, there is some kind of use case you seem to want to put forward about people who can't get URIs. Why not just offer them a service to give them a URL then on Virtuoso? All you need to do is make a service with a nice and very easy UI.

And otherwise you still would need to answer 1,2,3 below.

>> Perhaps show us:
>> 
>> 1. What you put exactly in your cert (written as n3, like I did)
>> 2. What you put in each of the profiles and documents you are referring to
>> 3. what the verification logic is that is being used.
>> 4. what the use case is you are solving. Please describe the actors, their needs, and what they are going to do.
>> 
Received on Monday, 9 January 2012 17:11:51 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 9 January 2012 17:11:52 GMT