Re: Linked Data Platform Working Group Charter comment

PROPOSAL: The LDP charter states that the WG does not normatively  
specify solutions for access control, however should identify, based  
on a set of (real world) use cases,  requirements for necessary  
authentication and authorisation technologies.

Makes sense?

Cheers,
	Michael
--
Dr. Michael Hausenblas, Research Fellow
LiDRC - Linked Data Research Centre
DERI - Digital Enterprise Research Institute
NUIG - National University of Ireland, Galway
Ireland, Europe
Tel. +353 91 495730
http://linkeddata.deri.ie/
http://sw-app.org/about.html

On 31 Jan 2012, at 15:20, Ivan Herman wrote:

> Just to see if I understand the proposal:
>
> - the core text on the WG would say something like 'define a set of  
> minimal requirement for access control for LD environments', or  
> something like that
> - the text would still mark a full, normative solution for access  
> control as out of scope
>
> Is this the proposal? _Personally_, I can live with that, just want  
> to be sure
>
> Ivan
>
> On Jan 31, 2012, at 14:24 , Michael Hausenblas wrote:
>
>>
>>
>>> But rather than punt on
>>> the issue completely, I would like propose we define the minimal  
>>> set of
>>> requirements for auth/auth. From there, we can look at some of the
>>> suggestions that have been raised on this list so far to see if  
>>> they are
>>> capable of satisfying these requirements.
>>
>> +1
>>
>> Cheers,
>> 	Michael
>> --
>> Dr. Michael Hausenblas, Research Fellow
>> LiDRC - Linked Data Research Centre
>> DERI - Digital Enterprise Research Institute
>> NUIG - National University of Ireland, Galway
>> Ireland, Europe
>> Tel. +353 91 495730
>> http://linkeddata.deri.ie/
>> http://sw-app.org/about.html
>>
>> On 31 Jan 2012, at 13:21, <ryan.mcdonough@nokia.com> <ryan.mcdonough@nokia.com 
>> > wrote:
>>
>>> I don't think we wanted to boil the ocean here. The point was that  
>>> if
>>> you're enabling read/write linked data on the web, or private  
>>> network,
>>> identity and security are obvious requirements in my view. As Ora  
>>> pointed
>>> out, these issues come up time and time again on the projects  
>>> we've been
>>> working internally.
>>>
>>> At the very least, the LDP should offer some recommendations on  
>>> how to do
>>> it. And I agree with you, let's not solve everyone's problems and  
>>> I'm not
>>> suggesting the WG rolls our own solutions either. But rather than  
>>> punt on
>>> the issue completely, I would like propose we define the minimal  
>>> set of
>>> requirements for auth/auth. From there, we can look at some of the
>>> suggestions that have been raised on this list so far to see if  
>>> they are
>>> capable of satisfying these requirements.
>>>
>>> Ryan-
>>>
>>>
>>> -- 
>>> Ryan J. McDonough
>>> Architect
>>> Location & Commerce
>>> NOKIA INC.
>>>
>>>
>>>
>>>
>>>
>>>
>>> On 1/31/12 6:59 AM, "ext Michael Hausenblas" <michael.hausenblas@deri.org 
>>> >
>>> wrote:
>>>
>>>>
>>>> Ryan, All,
>>>>
>>>> I guess we all agree that WebID and WebACL and the likes are  
>>>> necessary
>>>> building blocks to achieve a true read/write enabled, enterprise-
>>>> ready, industrial strength solution. However, for the sake of the
>>>> success of this WG I also agree that we should not try to boil the
>>>> ocean and hence: focus, focus, focus.
>>>>
>>>> In this sense: -1 to incl. auth/auth topics ...
>>>>
>>>> Cheers,
>>>> 	Michael
>>>> --
>>>> Dr. Michael Hausenblas, Research Fellow
>>>> LiDRC - Linked Data Research Centre
>>>> DERI - Digital Enterprise Research Institute
>>>> NUIG - National University of Ireland, Galway
>>>> Ireland, Europe
>>>> Tel. +353 91 495730
>>>> http://linkeddata.deri.ie/
>>>> http://sw-app.org/about.html
>>>>
>>>> On 31 Jan 2012, at 11:56, <ryan.mcdonough@nokia.com>
>>>> <ryan.mcdonough@nokia.com
>>>>> wrote:
>>>>
>>>>> Back to the original question as to whether access control is in
>>>>> scope or
>>>>> not, I agree with Ora that we should not punt on this issue.
>>>>> However, I'm
>>>>> not sure that we need to attempt solve the problem this month ;)
>>>>> Given all
>>>>> of the ideas being offered, it would appear that Access control
>>>>> mechanisms, WebACL, Web Identity might be in scope?
>>>>>
>>>>> Ryan-
>>>>>
>>>>> -- 
>>>>> Ryan J. McDonough
>>>>> Architect
>>>>> Location & Commerce
>>>>> NOKIA INC.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> From:  ext Martynas Jusevicius <martynas@graphity.org>
>>>>> Date:  Wed, 18 Jan 2012 02:35:21 +0100
>>>>> To:  Ora Lassila <ora.lassila@nokia.com>
>>>>> Cc:  <ivan@w3.org>, <michael.hausenblas@deri.org>, <public-ldp@w3.org 
>>>>> >
>>>>> Subject:  Re: Linked Data Platform Working Group Charter comment
>>>>> Resent-From:  <public-ldp@w3.org>
>>>>> Resent-Date:  Wed, 18 Jan 2012 15:49:49 +0000
>>>>>
>>>>>
>>>>> Hey all,
>>>>> how about Basic Access Control ontology http://www.w3.org/ns/auth/
>>>>> acl ?
>>>>>
>>>>> We're using it successfully in a Linked Data context  -- in
>>>>> combination
>>>>> with foaf:Person and sioc:UserAccount, to express a number of  
>>>>> users
>>>>> and
>>>>> user groups and their access rights to resources and classes of
>>>>> resources.
>>>>> As a result, both authentication and authorization is a matter  
>>>>> of a
>>>>> single
>>>>> SPARQL query.
>>>>>
>>>>> It might be simplistic -- but it's a start?
>>>>>
>>>>> Martynas
>>>>> graphity.org <http://graphity.org>
>>>>>
>>>>> On Tue, Jan 17, 2012 at 4:05 PM,  <Ora.Lassila@nokia.com> wrote:
>>>>>
>>>>> Ivan,
>>>>>
>>>>> Indeed. [Sigh] If I knew of an access control mechanism that is
>>>>> mature and
>>>>> proven in the Linked Data context I would have made a much  
>>>>> stronger
>>>>> statement in favor of addressing the issue. We do not want to  
>>>>> engage
>>>>> in
>>>>> R&D work (we have made that mistake before ;-) but my great fear  
>>>>> is
>>>>> that
>>>>> if we merely suggest that someone else will take care of this we  
>>>>> may
>>>>> be
>>>>> signaling that this is not an issue of paramount importance.
>>>>>
>>>>> I don't have any magical answers or advice here, I am merely
>>>>> expressing
>>>>> concern... I guess I would like there at least to be some  
>>>>> discussion
>>>>> about
>>>>> this. Saying that there is no solution and saying that something  
>>>>> is
>>>>> out of
>>>>> scope should, after all, not be the same thing.
>>>>>
>>>>>     - Ora
>>>>>
>>>>>
>>>>> On 2012-01-17 9:54 AM, "ext Ivan Herman" <ivan@w3.org> wrote:
>>>>>
>>>>>> Ora,
>>>>>>
>>>>>> I hear you. However (and that may show my complete  
>>>>>> ignorance...) is
>>>>>> there
>>>>>> any access control mechanism out there that has already proven
>>>>>> itself in
>>>>>> the area of Linked Data deployment that is in the maturity  
>>>>>> level of
>>>>>> standardization? I am a bit concerned about chartering this group
>>>>>> with an
>>>>>> essentially R&D work while the other goals are much less so...
>>>>>>
>>>>>> Ivan
>>>>>>
>>>>>> On Jan 17, 2012, at 15:47 , <Ora.Lassila@nokia.com> wrote:
>>>>>>
>>>>>>> As much as I would like to have a "tight scope" for this WG, I
>>>>>>> have to
>>>>>>> observe that access control (or more like lack thereof) has  
>>>>>>> often
>>>>>>> been a
>>>>>>> problem in Semantic Web/Linked Data projects I have been  
>>>>>>> involved
>>>>>>> in.
>>>>>>> Particularly fine-grained access control of Semantic Web data.
>>>>>>>
>>>>>>> I fear that deeming access control strictly "out of scope" and
>>>>>>> hoping
>>>>>>> that
>>>>>>> some (so far unspecified) liaison with other groups to solve  
>>>>>>> this
>>>>>>> problem
>>>>>>> will only result in the issue not being seen as important  
>>>>>>> enough.
>>>>>>>
>>>>>>> My $0.02.
>>>>>>>
>>>>>>>  - Ora
>>>>>>>
>>>>>>> --
>>>>>>> Dr. Ora Lassila  ora.lassila@nokia.com  http://www.lassila.org
>>>>>>> Principal Technologist, Nokia
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On 2012-01-17 6:25 AM, "ext Michael Hausenblas"
>>>>>>> <michael.hausenblas@deri.org> wrote:
>>>>>>>
>>>>>>>>
>>>>>>>> All,
>>>>>>>>
>>>>>>>> I'd suggest to improve the following section and be more  
>>>>>>>> explicit
>>>>>>>> regarding the bigger picture [1]:
>>>>>>>>
>>>>>>>> [[
>>>>>>>> 2.3 Out of Scope
>>>>>>>> Several possible standards that are out of scope for this  
>>>>>>>> group,
>>>>>>>> such
>>>>>>>> as those listed below:
>>>>>>>>
>>>>>>>> € Access control mechanisms, WebACL, Web Identity
>>>>>>>> ]]
>>>>>>>>
>>>>>>>> Mention that both authentication and authorisation are  
>>>>>>>> orthogonal
>>>>>>>> issues and hence, in order to stay focused and to be  
>>>>>>>> successful,
>>>>>>>> the
>>>>>>>> WG will not focus on these issues (but liaison with the  
>>>>>>>> respective
>>>>>>>> groups to ensure compatibility and openness).
>>>>>>>>
>>>>>>>> Thoughts?
>>>>>>>>
>>>>>>>> Cheers,
>>>>>>>> Michael
>>>>>>>>
>>>>>>>> [1] http://www.w3.org/wiki/WriteWebOfData
>>>>>>>> --
>>>>>>>> Dr. Michael Hausenblas, Research Fellow
>>>>>>>> LiDRC - Linked Data Research Centre
>>>>>>>> DERI - Digital Enterprise Research Institute
>>>>>>>> NUIG - National University of Ireland, Galway
>>>>>>>> Ireland, Europe
>>>>>>>> Tel. +353 91 495730 <tel:%2B353%2091%20495730>
>>>>>>>> http://linkeddata.deri.ie/
>>>>>>>> http://sw-app.org/about.html
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> ----
>>>>>> Ivan Herman, W3C Semantic Web Activity Lead
>>>>>> Home: http://www.w3.org/People/Ivan/
>>>>>> mobile: +31-641044153 <tel:%2B31-641044153>
>>>>>> FOAF: http://www.ivan-herman.net/foaf.rdf
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>
>>
>
>
> ----
> Ivan Herman, W3C Semantic Web Activity Lead
> Home: http://www.w3.org/People/Ivan/
> mobile: +31-641044153
> FOAF: http://www.ivan-herman.net/foaf.rdf
>
>
>
>
>

Received on Tuesday, 31 January 2012 15:22:58 UTC