- From: Ben Laurie <benl@google.com>
- Date: Tue, 25 Sep 2012 22:31:38 +0100
- To: Kingsley Idehen <kidehen@openlinksw.com>
- Cc: Henry Story <henry.story@bblfish.net>, "public-webid@w3.org" <public-webid@w3.org>, Andrei Sambra <andrei@fcns.eu>
On 25 September 2012 20:16, Kingsley Idehen <kidehen@openlinksw.com> wrote: > On 9/25/12 2:44 PM, Henry Story wrote: >> >> I am just ccing Andrei, because Ben >> (http://research.google.com/pubs/author9639.html ) - has found a bug >> inhttps://my-profile.eu/ . (see below) My guess is that Ben logged in with >> a certificate that is not WebID enabled. So that's a good extra test case to >> add. Of course for people like Ben, the failure of having a Logout button on >> chrome is going to add to that inconvenience - because having logged in with >> a certificate that may not be signed by a CA my-profile.eu knows about, he >> won't be able to change his certificate later after having made a new one. > > > Ben, > > Wondering if you evaluated WebID using any other services or scenarios? Your > feedback would be much appreciated. > > Henry: I keep on telling you, one implementation doesn't canonically reflect > WebID. As you can imagine, Ben is time challenged, if he plays with a > solution that's pitched as canonical its natural for him to draw blanket > conclusions. > > I continue to encourage you to separate the concept and virtues of WebID > from a specific WebID solution that aligns with your personal world view > etc.. > > In my world view, the simplest demonstration of WebID's value takes the > following form: > > 1. A resource is published to the Web > 2. The resource is ACL protected > 3. Existence of the resource is published via email, tweet, blog post etc.. > 4. A user tries to access the resource -- they fail or succeed subject to > ACL membership > 5. User requests access to resource by providing their WebID to resource > owner -- this is also where signed email are useful since the WebID can be > nipped from the senders signed email certificate. > > In addition to the above, the resource acl document can itself have ACLs > that enable a variety of users expand its ACL memebership thereby making an > organic social network. Gah! What does this have to do with WebID? If I substitue "magic pixie dust" for "WebID" in the above, well, I have a fantastic example of how magic pixie dust secures the web. Great. Now what? OK, I guess there's one nugget in there: apparently magic pixie dust can be nipped from unauthenticated email I sent. I'm not feeling very enlightened.
Received on Tuesday, 25 September 2012 21:32:06 UTC