- From: Andrei SAMBRA <andrei.sambra@gmail.com>
- Date: Mon, 12 Nov 2012 00:04:28 -0500
- To: public-ldp-wg@w3.org
- Message-ID: <CAFG79ehbe=xFJ97+voXktcgSc9QDJR_pAM3Zwt8yH8bCfETkCQ@mail.gmail.com>
Dear all, I would like to start by admitting that I might be asking a question that has already been answered. I have tried looking for this topic on the mailing list archive, but I was unable to find any relevant information. I have recently begun implementing the current LDP spec, and I find myself at the point where I need to add access control to LDP operations and resources/containers. However, there is no mention in the current spec draft about any kind of access control. While I understand why some of you may be against discussing AC at this point, I can't stop asking myself why there is no effort of adding it by design, instead of a future feature. I know that mentioning access control at this point in the spec implies opening the Pandora's box with all its issues (not the least being the lack of a proper definition for identity in general). I suppose my _personal_ point here is that access control should be a fundamental part of LDP, unless LDP will only be used in the public domain. I believe some (many?) of you are probably familiar with WebID. As an active member of the WebID CG, I hope that we can find common ground between LDP and WebID, leading to a proposal on how access control can be achieved in LDP. The reason I mentioned WebID is that following recent discussions at TPAC, we have come to agree on a WebID definition that decouples the identity part from the authentication part, potentially leading to WebID over (TLS, OpenID, BrowserID, etc..). By abstracting the authentication part, LDP can instantly take advantage of WebID's _identity_ part. I am sure that access control is far from being the main priority of the LDP WG at this point, so I would like to propose that those of us interested in access control could at least try to build a wiki page that would serve as a basis for future work. Please accept my apologies if this subject has been discussed already, as well as for the length of this email. I have recently started getting involved in LDP, and I haven't had the time to go over the minutes for all the previous teleconfs, though I am catching up with the mailing list discussions. Best wishes, Andrei Sambra (MyProfile)
Received on Monday, 12 November 2012 12:21:45 UTC