- From: Michael Hausenblas <michael.hausenblas@deri.org>
- Date: Tue, 31 Jan 2012 15:22:18 +0000
- To: Ivan Herman <ivan@w3.org>
- Cc: Ryan McDonough <ryan.mcdonough@nokia.com>, martynas@graphity.org, Ora.Lassila@nokia.com, public-ldp@w3.org
PROPOSAL: The LDP charter states that the WG does not normatively specify solutions for access control, however should identify, based on a set of (real world) use cases, requirements for necessary authentication and authorisation technologies. Makes sense? Cheers, Michael -- Dr. Michael Hausenblas, Research Fellow LiDRC - Linked Data Research Centre DERI - Digital Enterprise Research Institute NUIG - National University of Ireland, Galway Ireland, Europe Tel. +353 91 495730 http://linkeddata.deri.ie/ http://sw-app.org/about.html On 31 Jan 2012, at 15:20, Ivan Herman wrote: > Just to see if I understand the proposal: > > - the core text on the WG would say something like 'define a set of > minimal requirement for access control for LD environments', or > something like that > - the text would still mark a full, normative solution for access > control as out of scope > > Is this the proposal? _Personally_, I can live with that, just want > to be sure > > Ivan > > On Jan 31, 2012, at 14:24 , Michael Hausenblas wrote: > >> >> >>> But rather than punt on >>> the issue completely, I would like propose we define the minimal >>> set of >>> requirements for auth/auth. From there, we can look at some of the >>> suggestions that have been raised on this list so far to see if >>> they are >>> capable of satisfying these requirements. >> >> +1 >> >> Cheers, >> Michael >> -- >> Dr. Michael Hausenblas, Research Fellow >> LiDRC - Linked Data Research Centre >> DERI - Digital Enterprise Research Institute >> NUIG - National University of Ireland, Galway >> Ireland, Europe >> Tel. +353 91 495730 >> http://linkeddata.deri.ie/ >> http://sw-app.org/about.html >> >> On 31 Jan 2012, at 13:21, <ryan.mcdonough@nokia.com> <ryan.mcdonough@nokia.com >> > wrote: >> >>> I don't think we wanted to boil the ocean here. The point was that >>> if >>> you're enabling read/write linked data on the web, or private >>> network, >>> identity and security are obvious requirements in my view. As Ora >>> pointed >>> out, these issues come up time and time again on the projects >>> we've been >>> working internally. >>> >>> At the very least, the LDP should offer some recommendations on >>> how to do >>> it. And I agree with you, let's not solve everyone's problems and >>> I'm not >>> suggesting the WG rolls our own solutions either. But rather than >>> punt on >>> the issue completely, I would like propose we define the minimal >>> set of >>> requirements for auth/auth. From there, we can look at some of the >>> suggestions that have been raised on this list so far to see if >>> they are >>> capable of satisfying these requirements. >>> >>> Ryan- >>> >>> >>> -- >>> Ryan J. McDonough >>> Architect >>> Location & Commerce >>> NOKIA INC. >>> >>> >>> >>> >>> >>> >>> On 1/31/12 6:59 AM, "ext Michael Hausenblas" <michael.hausenblas@deri.org >>> > >>> wrote: >>> >>>> >>>> Ryan, All, >>>> >>>> I guess we all agree that WebID and WebACL and the likes are >>>> necessary >>>> building blocks to achieve a true read/write enabled, enterprise- >>>> ready, industrial strength solution. However, for the sake of the >>>> success of this WG I also agree that we should not try to boil the >>>> ocean and hence: focus, focus, focus. >>>> >>>> In this sense: -1 to incl. auth/auth topics ... >>>> >>>> Cheers, >>>> Michael >>>> -- >>>> Dr. Michael Hausenblas, Research Fellow >>>> LiDRC - Linked Data Research Centre >>>> DERI - Digital Enterprise Research Institute >>>> NUIG - National University of Ireland, Galway >>>> Ireland, Europe >>>> Tel. +353 91 495730 >>>> http://linkeddata.deri.ie/ >>>> http://sw-app.org/about.html >>>> >>>> On 31 Jan 2012, at 11:56, <ryan.mcdonough@nokia.com> >>>> <ryan.mcdonough@nokia.com >>>>> wrote: >>>> >>>>> Back to the original question as to whether access control is in >>>>> scope or >>>>> not, I agree with Ora that we should not punt on this issue. >>>>> However, I'm >>>>> not sure that we need to attempt solve the problem this month ;) >>>>> Given all >>>>> of the ideas being offered, it would appear that Access control >>>>> mechanisms, WebACL, Web Identity might be in scope? >>>>> >>>>> Ryan- >>>>> >>>>> -- >>>>> Ryan J. McDonough >>>>> Architect >>>>> Location & Commerce >>>>> NOKIA INC. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> From: ext Martynas Jusevicius <martynas@graphity.org> >>>>> Date: Wed, 18 Jan 2012 02:35:21 +0100 >>>>> To: Ora Lassila <ora.lassila@nokia.com> >>>>> Cc: <ivan@w3.org>, <michael.hausenblas@deri.org>, <public-ldp@w3.org >>>>> > >>>>> Subject: Re: Linked Data Platform Working Group Charter comment >>>>> Resent-From: <public-ldp@w3.org> >>>>> Resent-Date: Wed, 18 Jan 2012 15:49:49 +0000 >>>>> >>>>> >>>>> Hey all, >>>>> how about Basic Access Control ontology http://www.w3.org/ns/auth/ >>>>> acl ? >>>>> >>>>> We're using it successfully in a Linked Data context -- in >>>>> combination >>>>> with foaf:Person and sioc:UserAccount, to express a number of >>>>> users >>>>> and >>>>> user groups and their access rights to resources and classes of >>>>> resources. >>>>> As a result, both authentication and authorization is a matter >>>>> of a >>>>> single >>>>> SPARQL query. >>>>> >>>>> It might be simplistic -- but it's a start? >>>>> >>>>> Martynas >>>>> graphity.org <http://graphity.org> >>>>> >>>>> On Tue, Jan 17, 2012 at 4:05 PM, <Ora.Lassila@nokia.com> wrote: >>>>> >>>>> Ivan, >>>>> >>>>> Indeed. [Sigh] If I knew of an access control mechanism that is >>>>> mature and >>>>> proven in the Linked Data context I would have made a much >>>>> stronger >>>>> statement in favor of addressing the issue. We do not want to >>>>> engage >>>>> in >>>>> R&D work (we have made that mistake before ;-) but my great fear >>>>> is >>>>> that >>>>> if we merely suggest that someone else will take care of this we >>>>> may >>>>> be >>>>> signaling that this is not an issue of paramount importance. >>>>> >>>>> I don't have any magical answers or advice here, I am merely >>>>> expressing >>>>> concern... I guess I would like there at least to be some >>>>> discussion >>>>> about >>>>> this. Saying that there is no solution and saying that something >>>>> is >>>>> out of >>>>> scope should, after all, not be the same thing. >>>>> >>>>> - Ora >>>>> >>>>> >>>>> On 2012-01-17 9:54 AM, "ext Ivan Herman" <ivan@w3.org> wrote: >>>>> >>>>>> Ora, >>>>>> >>>>>> I hear you. However (and that may show my complete >>>>>> ignorance...) is >>>>>> there >>>>>> any access control mechanism out there that has already proven >>>>>> itself in >>>>>> the area of Linked Data deployment that is in the maturity >>>>>> level of >>>>>> standardization? I am a bit concerned about chartering this group >>>>>> with an >>>>>> essentially R&D work while the other goals are much less so... >>>>>> >>>>>> Ivan >>>>>> >>>>>> On Jan 17, 2012, at 15:47 , <Ora.Lassila@nokia.com> wrote: >>>>>> >>>>>>> As much as I would like to have a "tight scope" for this WG, I >>>>>>> have to >>>>>>> observe that access control (or more like lack thereof) has >>>>>>> often >>>>>>> been a >>>>>>> problem in Semantic Web/Linked Data projects I have been >>>>>>> involved >>>>>>> in. >>>>>>> Particularly fine-grained access control of Semantic Web data. >>>>>>> >>>>>>> I fear that deeming access control strictly "out of scope" and >>>>>>> hoping >>>>>>> that >>>>>>> some (so far unspecified) liaison with other groups to solve >>>>>>> this >>>>>>> problem >>>>>>> will only result in the issue not being seen as important >>>>>>> enough. >>>>>>> >>>>>>> My $0.02. >>>>>>> >>>>>>> - Ora >>>>>>> >>>>>>> -- >>>>>>> Dr. Ora Lassila ora.lassila@nokia.com http://www.lassila.org >>>>>>> Principal Technologist, Nokia >>>>>>> >>>>>>> >>>>>>> >>>>>>> On 2012-01-17 6:25 AM, "ext Michael Hausenblas" >>>>>>> <michael.hausenblas@deri.org> wrote: >>>>>>> >>>>>>>> >>>>>>>> All, >>>>>>>> >>>>>>>> I'd suggest to improve the following section and be more >>>>>>>> explicit >>>>>>>> regarding the bigger picture [1]: >>>>>>>> >>>>>>>> [[ >>>>>>>> 2.3 Out of Scope >>>>>>>> Several possible standards that are out of scope for this >>>>>>>> group, >>>>>>>> such >>>>>>>> as those listed below: >>>>>>>> >>>>>>>> € Access control mechanisms, WebACL, Web Identity >>>>>>>> ]] >>>>>>>> >>>>>>>> Mention that both authentication and authorisation are >>>>>>>> orthogonal >>>>>>>> issues and hence, in order to stay focused and to be >>>>>>>> successful, >>>>>>>> the >>>>>>>> WG will not focus on these issues (but liaison with the >>>>>>>> respective >>>>>>>> groups to ensure compatibility and openness). >>>>>>>> >>>>>>>> Thoughts? >>>>>>>> >>>>>>>> Cheers, >>>>>>>> Michael >>>>>>>> >>>>>>>> [1] http://www.w3.org/wiki/WriteWebOfData >>>>>>>> -- >>>>>>>> Dr. Michael Hausenblas, Research Fellow >>>>>>>> LiDRC - Linked Data Research Centre >>>>>>>> DERI - Digital Enterprise Research Institute >>>>>>>> NUIG - National University of Ireland, Galway >>>>>>>> Ireland, Europe >>>>>>>> Tel. +353 91 495730 <tel:%2B353%2091%20495730> >>>>>>>> http://linkeddata.deri.ie/ >>>>>>>> http://sw-app.org/about.html >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> ---- >>>>>> Ivan Herman, W3C Semantic Web Activity Lead >>>>>> Home: http://www.w3.org/People/Ivan/ >>>>>> mobile: +31-641044153 <tel:%2B31-641044153> >>>>>> FOAF: http://www.ivan-herman.net/foaf.rdf >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>> >>>> >>> >> >> > > > ---- > Ivan Herman, W3C Semantic Web Activity Lead > Home: http://www.w3.org/People/Ivan/ > mobile: +31-641044153 > FOAF: http://www.ivan-herman.net/foaf.rdf > > > > >
Received on Tuesday, 31 January 2012 15:22:58 UTC