Re: decentralized use cases

On 7/13/12 11:39 AM, Olivier Berger wrote:
> Hi.
>
> Kingsley Idehen <kidehen@openlinksw.com> writes:
>
>> On 7/12/12 11:21 AM, Henry Story wrote:
>>
>> Little glossary of terms:
>>
>> 1. WebID -- a cryptographically verifiable agent (humans, organizations,
>> and machines) identifier in the form of a de-referencable URI
>> 2. WebID Authentication Protocol -- a RESTful protocol for leverages
>> Linked Data for cryptographic verification of WebIDs .
>>
>>
>> WebID is all about a RESTful read-write-web driven by Linked Data.
> Uh... great to see so much enthusiasm for WebID (I share it too)... but
> WebID is not the alpha and omega of Linked Data, IMHO.

It isn't the alpha and omega of Linked Data in general, of course not.

It is currently the closest thing you have to an alpha and omega for a 
Read-Write-Web of Linked Data where fined grained access control lists 
and social relationship semantics are critical component of any quality 
of service oriented pursuits.

You can't have thriving read-write-web without policy based data access 
driven by access control lists and rules. OAuth doesn't give that, its 
scope it a little to coarse.

>
>> I (and I guess others) would like to know what you don't find RESTful
>> about the WebID protocol.
>>
> That is not the question, again.

I posed the question because I am still trying to understand what isn't 
considered RESTful. There have been responses from others seeking the 
same clarification re. this perception or misconception re. Linked Data 
etc..

Andy also outlined nice examples, using a slight different anecdote.

>
> WebID allows nice identification, authentication, and maybe soon
> authorization when/if we standardize ACLs and delegation of
> authiorization around it (thanks for your progress on that front and
> shaping the way).

It already provides the foundation for ACLs by combining the protocol 
with Linked Data based policy graphs [1].

>
> So if instead of inventing in LDP some identification mechanism based on
> whatever other standard, we agreee on reusing FOAF (thus WebID), we have
> immediate benefits of all the goodness of WebID.

The WebID protocol came into this conversation as a RESTful pattern 
example for controlled access to resources, that leverages Linked Data. 
Basically, yet another attempt to demonstrate that REST and Linked Data 
work fine, naturally.

>
> But, so far it remains to be evaluated how much of the other
> un-standardized aspects of building Linked Data and RESTful applicatios
> have to be agreed on, which don't find an answer precisely in WebID.

See my comments above.

The real question is still: why is there some perception that Linked 
Data and REST are somehow disconnected. I can curl my way to oblivion 
doing some darn sophisticated things than many applications today can't 
even pull off using their controlled UI and proprietary code. REST (as I 
know it) is about message based orchestration using age-old 
client-server patterns to manipulate resources, by leveraging some 
contemporary features (resource time variance, caching etc..) delivered 
by the architecture of the world wide web, and implemented by HTTP re. 
prime showcase, but not sole option.

A self describing resource bearing structured data is the best friend of 
REST; especially if you can do so without have to read any human docs/ 
Basically, a single URI should be the alpha and omega . De-reference 
said URI and you get a resource, and if structured the right way it will 
take you the rest of the way.

curl <URI> -X OPTIONS is all you should need to get going.



>
> And even if some WebID profile managers / identity providers /
> authentication system / delegated authorization systems use REST APIs,
> does it make it more important to LDP's charter [0] ?
>
>
> I don't mean to criticise too much the great enthusiasm you have for
> WebID, but I think that's just one of the nice technologies, compatible
> with the Linked Data approach, that can help for LDP, not maybe a
> "central" one.

Again, WebID came in as an example to prove that Linked Data and REST 
aren't somehow disconnected.

>
>
> Maybe a way to move forward is to identify precisely in that charter or
> in LDBP 1.0 [1] what exact points WebID helps addressing ?
>
>
> For instance, I'm a bit surprised not to find any match for
> "identification" in either [0] or [1] (like how to identify a client
> connecting to a service ?). The use cases document [2] is missing that
> too... on purpose ?

Okay, so you add that, what does it give you as the showcase anecdote? 
WebID?
>
> Shan't we need to identify (how) people or agents consuming Linked Data
> to properly exercise access control (and eventually provide adapted
> content depending on the requestor) ?

Of course. But you somehow disconnect that from the WebID protocol as an 
anecdote.

Links:

1.  bit.ly/M7hd4T -- Guide showcasing use of social relationships to 
control SPARQL service access to Link Data resources . You can perform 
the entire exercise using curl .

Kingsley
>
>
> Hope this helps.
>
>
> Best regards,
>
> [0] http://www.w3.org/2012/ldp/charter
> [1] http://www.w3.org/Submission/2012/02/
> [2] http://www.w3.org/2012/ldp/wiki/Use_Cases_And_Requirements


-- 

Regards,

Kingsley Idehen	
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen