Re: Extending the WebID protocol with Access Delegation

On 8/17/12 3:42 PM, Henry Story wrote:
> On 17 Aug 2012, at 14:42, Kingsley Idehen <kidehen@openlinksw.com> wrote:
>
>> On 8/17/12 3:22 AM, Henry Story wrote:
>>> Still I think you make a good point. We should in the paper try to specify much more precisely
>>> WHEN this protocol is needed.
>>>
>>>
>>> So for example I think that if all the resources served by a server return the same representation irrespective of who makes the request, then the solution you outline may be thought to be completely satisfactory.
>> And it should be so. This is why we built Linked Data transformation middleware i.e., turn as many data formats as possible into 5-star Linked Data resources.
>>> But then if we think of it perhaps not. The On-Behalf-Of Request made by the secretary is a way for the
>>> secretary to indicate that she will not pass that information on to anyone other than the person she is working on behalf-of.
>> The ACL engine can figure that out once it has access to the identity that the secretary is acting on behalf-of. In the real world the secretary relationship is established and verifiable by way of organization structure (just another graph in a different realm).
> The secretary still needs to say for each request on whose behalf she is working. There is no way around that.

There is, what "goes around" also "comes around". The secretary (human) 
is driving a user agent (software) en route to accessing a resource 
protected by an ACL. This is what's happening.

The ACL engine should be able to determine if the user agent, by virtue 
of the verifiable identity of its driver, should be given access to a 
resource, subject to ACLs in place. Yes, its going to perform some 
network hops, but that's it en route to a SPARQL solution that 
determines True or False.

>
>>> It makes a commitment of secrecy by the client. This "legal" aspect could also be developed more in the paper.
>> The semantics are what matter.
> yes, they need to be spelled out. In CORS the server also acknowledges that it has understood the Origin header.

CORs came to be prior to Linked Data, WebID, and WebID ACLs. It also 
comes from a more coarse-grained line of thinking re. the Web.

Kingsley

>   We don't have that here, which should make us think that we are perhaps missing something.
>
>>> I am off for a week to a philosophy conference so I won't be very responsive.
>> Okay, enjoy :-)
>>
>>
>> -- 
>>
>> Regards,
>>
>> Kingsley Idehen	
>> Founder & CEO
>> OpenLink Software
>> Company Web: http://www.openlinksw.com
>> Personal Weblog: http://www.openlinksw.com/blog/~kidehen
>> Twitter/Identi.ca handle: @kidehen
>> Google+ Profile: https://plus.google.com/112399767740508618350/about
>> LinkedIn Profile: http://www.linkedin.com/in/kidehen
>>
>>
>>
>>
>>
> Social Web Architect
> http://bblfish.net/
>
>
>
>


-- 

Regards,

Kingsley Idehen	
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen