Re: [dane] Call for Adoption: "Using Secure DNS to Associate Certificates with Domain Names For S/MIME" from Kingsley Idehen on 2012-09-25 (public-webid@w3.org from September 2012)

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Tue, 25 Sep 2012 15:16:16 -0400
To: Henry Story <henry.story@bblfish.net>
CC: Ben Laurie <benl@google.com>, "public-webid@w3.org" <public-webid@w3.org>, Andrei Sambra <andrei@fcns.eu>
Message-ID: <50620300.9060008@openlinksw.com>

On 9/25/12 2:44 PM, Henry Story wrote:
> I am just ccing Andrei, because Ben (http://research.google.com/pubs/author9639.html ) - has found a bug inhttps://my-profile.eu/ . (see below) My guess is that Ben logged in with a certificate that is not WebID enabled. So that's a good extra test case to add. Of course for people like Ben, the failure of having a Logout button on chrome is going to add to that inconvenience - because having logged in with a certificate that may not be signed by a CA my-profile.eu knows about, he won't be able to change his certificate later after having made a new one.

Ben,

Wondering if you evaluated WebID using any other services or scenarios?
Your feedback would be much appreciated.

Henry: I keep on telling you, one implementation doesn't canonically
reflect WebID. As you can imagine, Ben is time challenged, if he plays
with a solution that's pitched as canonical its natural for him to draw
blanket conclusions.

I continue to encourage you to separate the concept and virtues of WebID
from a specific WebID solution that aligns with your personal world view
etc..

In my world view, the simplest demonstration of WebID's value takes the
following form:

1. A resource is published to the Web
2. The resource is ACL protected
3. Existence of the resource is published via email, tweet, blog post etc..
4. A user tries to access the resource -- they fail or succeed subject
to ACL membership
5. User requests access to resource by providing their WebID to resource
owner -- this is also where signed email are useful since the WebID can
be nipped from the senders signed email certificate.

In addition to the above, the resource acl document can itself have ACLs
that enable a variety of users expand its ACL memebership thereby making
an organic social network.

Regards,

Kingsley Idehen
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen

Attachments

application/pkcs7-signature attachment: S/MIME Cryptographic Signature

Received on Tuesday, 25 September 2012 19:16:40 UTC