Re: Proposal: Web Federation Protocol from Kingsley Idehen on 2012-07-02 (public-rww@w3.org from July 2012)

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Mon, 02 Jul 2012 13:38:47 -0400
To: public-rww@w3.org
Message-ID: <4FF1DCA7.8090208@openlinksw.com>

On 7/2/12 11:36 AM, Melvin Carvalho wrote:
>
>
> On 2 July 2012 16:32, Kingsley Idehen <kidehen@openlinksw.com 
> <mailto:kidehen@openlinksw.com>> wrote:
>
>     On 7/2/12 10:14 AM, Henry Story wrote:
>
>         Pingback does not require WebID
>         http://bblfish.net/tmp/2011/05/09/
>
>     True, but it doesn't scale in any practical way modulo WebID. The
>     limitations of Web 2.0 (a product of pingback laced blogosphere)
>     is living proof :-)
>
>
> A WebID is just a universal identifier on the web.

Yes, but without such an identifier, one that's cryptographically 
verifiable you don't have functional Web-scale ACLs, driven by an 
authentication protocol.

As you can see from this thread, we've failed to clearly define what a 
WebID actually is. For starters, it isn't just a personal URI. Those 
already exist in abundance, the distinguishing features of a WebID have 
to be verifiability and use as an X.509 cert. watermark. Of course, 
sitting in the midst is the actual WebID authentication protocol.

Now back to my comment re. pingbacks. They didn't scale re. blogosphere 
and Web 2.0 due to SPAM. A majority of Web 2.0 and blog oriented 
services ultimately shutdown their pingback services.
>
> Authentication of your identifier is an orthogonal problem.

See my comment above.

> You can use any authentication method that you want.  But X.509 was 
> chosen to demo things, because it has about 20 years of tooling and is 
> already supported by most web servers and browsers.

X.509 is a broadly used standard and an effective vehicle that's been 
underutilized. Thus, it make sense to exploit it as a mechanism of 
minimal or nil disruption re. Web-scale verifiable identity.

SPAM succeeds when identity isn't verifiable. Same applies to ACLs, they 
don't exist if identity isn't verifiable.

Kingsley
>
>
>
>     -- 
>
>     Regards,
>
>     Kingsley Idehen
>     Founder & CEO
>     OpenLink Software
>     Company Web: http://www.openlinksw.com
>     Personal Weblog: http://www.openlinksw.com/blog/~kidehen
>     <http://www.openlinksw.com/blog/%7Ekidehen>
>     Twitter/Identi.ca handle: @kidehen
>     Google+ Profile: https://plus.google.com/112399767740508618350/about
>     LinkedIn Profile: http://www.linkedin.com/in/kidehen
>
>
>
>
>
>

-- 

Regards,

Kingsley Idehen	
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen

Attachments

application/pkcs7-signature attachment: S/MIME Cryptographic Signature

Received on Monday, 2 July 2012 17:39:10 UTC