Re: RWW Use-Case Example: Web-Scale Ticketing Ideas from Melvin Carvalho on 2021-05-20 (public-rww@w3.org from May 2021)

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Thu, 20 May 2021 18:05:50 +0200
To: Henry Story <henry.story@bblfish.net>
Cc: Kingsley Idehen <kidehen@openlinksw.com>, Read-Write-Web <public-rww@w3.org>
Message-ID: <CAKaEYhJQGeOBeCBC1U2FOnoibFMxeAntjxRL=7BSnr+k3tr9SA@mail.gmail.com>

On Thu, 20 May 2021 at 17:58, Henry Story <henry.story@bblfish.net> wrote:

>
>
> > On 20. May 2021, at 17:48, Melvin Carvalho <melvincarvalho@gmail.com>
> wrote:
> >
> >> On Thu, 20 May 2021 at 17:22, Henry Story <henry.story@bblfish.net>
> wrote:
> >>
> >> > On 20. May 2021, at 17:17, Kingsley Idehen <kidehen@openlinksw.com>
> wrote:
> >> >
> >> > Changed title to orient focus.
> >> >
> >> > Here's what exists currently, putting blockchains aside.
> >> >
> >> >       • I can generate an X.509 Certificate (which an expiration
> date) that functions as my Web Ticket
> >> >       • I can ACL protect my RDF documents and even associated
> services
> >> > Adding a blockchain to the mix solves the following:
> >>
> >> Btw. with Verifiable Credentials we should now be in a position to go
> beyond X509 - finally!
> >> It is also quite possible to bypass the TLS layer for authentication.
> >> Finally one can use description logic to describe access rights.
> >>
> >> I am trying to bring all these ideas together here:
> >>
> >>
> https://github.com/solid/authentication-panel/blob/main/proposals/HttpSignature.md
> >>
> >> One type of description could be ownership of a ticket, signed by the
> agency giving out the tickets.
> >>
> > Interesting
> >
> >     acl:agent   [ cert:key </2019-09-02#k1> ],
> >
> > Are agent bnodes of this kind actually working, right now?
> >
>
> If you have good Linked Data libraries those things just work themselves
> out nearly
> automatically.
>
> I think I built that in rww-play 5 or 6 years ago, but I can’t remember
> clearly.
> But in any case, I am rewriting the server right now from scratch as part
> of an EU project
>   https://github.com/co-operating-systems/Reactive-SoLiD
>
> The implementation is guding me in writing up these specs.
>

Looks good.  Two questions:

1. Can ECC keys be used right now -- last I checked webid was only RSA, DSA
(and slow to change)

2. can the predicate / literal be inlined and use the publicKeyPEM
predicate from the security vocabulary [1]

If so, I think this could be implemented somewhat quickly and be spec
compliant

[1] https://w3c-ccg.github.io/security-vocab/#publicKeyPem


>
> Henry Story
>
> https://co-operating.systems
> WhatsApp, Signal, Tel: +33 6 38 32 69 84‬
> Twitter: @bblfish
>
>

Received on Thursday, 20 May 2021 16:06:15 UTC