Re: "Basic profile" terminology ? from Steve K Speicher on 2012-07-22 (public-ldp-wg@w3.org from July 2012)

From: Steve K Speicher <sspeiche@us.ibm.com>
Date: Sun, 22 Jul 2012 11:22:51 -0400
To: public-ldp-wg@w3.org
Message-ID: <OFFCC601BE.954C4890-ON85257A43.0053F870-85257A43.00547E2F@us.ibm.com>

Kingsley Idehen <kidehen@openlinksw.com> wrote on 07/09/2012 05:11:29 PM:

> From: Kingsley Idehen <kidehen@openlinksw.com>
> To: public-ldp-wg@w3.org, 
> Date: 07/09/2012 05:12 PM
> Subject: Re: "Basic profile" terminology ?
> 
> On 7/9/12 4:56 PM, Erik.Wilde@emc.com wrote:
> > possible adversarial scenarios that come to mind are triple injection
> > where clients submit data that will be good for them in some context, 
such
> > as ratings or quality metrics or prices or whatever else are 
QoS-related
> > parameters in a given setting. possible badly implemented clients 
include
> > scenarios where clients submit inconsistent  data that will at least 
make
> > the data they submit worthless, and in bad cases will conflict with 
other
> > data in the platform and then renders other data worthless as well.
> > possible DOS scenarios are where clients intentionally submit data 
that is
> > know or they hope will make reasoning very slow, without any 
justification
> > as to why this data should be submitted in the first place. does this
> > illustrate things sufficiently? i guess i could produce a longer list 
of
> > potential problems, if that's required.
> 
> Valid concerns, but WebID based ACLs bury all of that :-)
> 

I agree with this as well.  We don't need to invent a service layer to 
define what an "authorized client" or "trusted client" application is.  It 
could be part of the LDP or some companion guidance (or follow on LDP 
work) on how to achieve based on top of the basic LDP HTTP+RDF data access 
patterns, which is why I believe the access control bits are left in the 
non-rec sections of our charter [1].

> Note, I comment as a person deeply paranoid about such matters re. 
> deploying Linked Data, ODBC, JDBC, ADO.NET, OLE-DB, and XMLA solutions.
> 
> Socially enhanced data access policies are the solution to this real 
> challenge. They were even a challenge 20 years ago as client-server 
> access to databases started exploding. A a deliberate or inadvertent 
> Cartesian Product is a sure way afflict an RDBMS with DOS.
> 
> Related:
> 
> 1. http://bit.ly/MVc15h -- a simple post about some simple scenarios, 
> Linked Data enables these policies to be much more sophisticated.
> 
> 
> -- 
> 
> Regards,
> 
> Kingsley Idehen 
> Founder & CEO
> OpenLink Software
> Company Web: http://www.openlinksw.com
> Personal Weblog: http://www.openlinksw.com/blog/~kidehen
> Twitter/Identi.ca handle: @kidehen
> Google+ Profile: https://plus.google.com/112399767740508618350/about
> LinkedIn Profile: http://www.linkedin.com/in/kidehen
> 

Thanks,
Steve Speicher | IBM Rational Software | (919) 254-0645
[1] - http://www.w3.org/2012/ldp/charter#deliverables

Received on Sunday, 22 July 2012 15:23:58 UTC