- From: Olivier Berger <olivier.berger@it-sudparis.eu>
- Date: Fri, 13 Jul 2012 17:21:47 +0200
- To: Erik.Wilde@emc.com, henry.story@bblfish.net
- Cc: public-ldp-wg@w3.org
Hi. Erik.Wilde@emc.com writes: > On 12 Jul 2012, at 10:33, <Erik.Wilde@emc.com> <Erik.Wilde@emc.com> wrote: > >> the concrete reason i am asking is that we are very interested in using >> linked data as a platform, but we also cannot go the route of a shared >> database model. we must have control over what a linked data platform >> exposes and what it does not expose, and we must have control over who can >> add what and when to a linked data platform. these are the questions we >> need to solve, and i am still trying to figure out how to best solve those >> questions in the context of this WG. > hello henry. > > On 2012-07-12 14:15 , "Henry Story" <henry.story@bblfish.net> wrote: >>In my view the best way to do that is to use WebID for authentication >>( see video at http://webid.info/ and the spec at http://webid.info/spec ) >>and access control ontologies as for example demonstrated in the README >>on https://dvcs.w3.org/hg/read-write-web/ >>The advantage of WebID is it ties right into LinkedData and you can use >>it to >>build webs of trust. I am working on building much more interesting >>demonstrations. > > to me, this looks mostly like an way of implementing the first concern, > and does not address the second one. I.e. : controlling access and identifying who's accessing ? (just to make sure I'm following the conversation, since not all the context was quoted : added it back above) > in terms of implementing the first > concern, very often you have to design and build platforms so that > existing clients and applications can build on top of them; telling your > enterprise and customer ecosystem components to all convert to WebID thus > is often not an option. > I too think that WebID is promising, but I'm not sure it's specifically a major building block of a REST platform, which is LDP's goal. For instance, in OSLC I've seen a lot of interest around OAuth for authenticating the clients interacting with the server's REST APIs. I wouldn't mind if WebID could serve of course, for instance in dialogues of discovery of server's features, which could be negociated based on the provided credentials of the clients (through WebID), but maybe that's not a first priority WRT other aspects of standardizing REST in LDP. My 2 cents, -- Olivier BERGER http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 2048R/5819D7E8 Ingenieur Recherche - Dept INF Institut Mines-Telecom, Telecom SudParis, Evry (France)
Received on Friday, 13 July 2012 15:22:19 UTC