Re: [dane] Call for Adoption: "Using Secure DNS to Associate Certificates with Domain Names For S/MIME" from Ben Laurie on 2012-09-25 (public-webid@w3.org from September 2012)

From: Ben Laurie <benl@google.com>
Date: Tue, 25 Sep 2012 22:31:38 +0100
To: Kingsley Idehen <kidehen@openlinksw.com>
Cc: Henry Story <henry.story@bblfish.net>, "public-webid@w3.org" <public-webid@w3.org>, Andrei Sambra <andrei@fcns.eu>
Message-ID: <CABrd9SQAhEPTMidgkqA+Cy-r=4S1OMzXsKbskOcyHDcbioa34A@mail.gmail.com>

On 25 September 2012 20:16, Kingsley Idehen <kidehen@openlinksw.com> wrote:
> On 9/25/12 2:44 PM, Henry Story wrote:
>>
>>    I am just ccing Andrei, because Ben
>> (http://research.google.com/pubs/author9639.html  ) - has found a bug
>> inhttps://my-profile.eu/  . (see below) My guess is that Ben logged in with
>> a certificate that is not WebID enabled. So that's a good extra test case to
>> add. Of course for people like Ben, the failure of having a Logout button on
>> chrome is going to add to that inconvenience - because having logged in with
>> a certificate that may not be signed by a CA my-profile.eu knows about, he
>> won't be able to change his certificate later after having made a new one.
>
>
> Ben,
>
> Wondering if you evaluated WebID using any other services or scenarios? Your
> feedback would be much appreciated.
>
> Henry: I keep on telling you, one implementation doesn't canonically reflect
> WebID. As you can imagine, Ben is time challenged, if he plays with a
> solution that's pitched as canonical its natural for him to draw blanket
> conclusions.
>
> I continue to encourage you to separate the concept and virtues of WebID
> from a specific WebID solution that aligns with your personal world view
> etc..
>
> In my world view, the simplest demonstration of WebID's value takes the
> following form:
>
> 1. A resource is published to the Web
> 2. The resource is ACL protected
> 3. Existence of the resource is published via email, tweet, blog post etc..
> 4. A user tries to access the resource -- they fail or succeed subject to
> ACL membership
> 5. User requests access to resource by providing their WebID to resource
> owner -- this is also where signed email are useful since the WebID can be
> nipped from the senders signed email certificate.
>
> In addition to the above, the resource acl document can itself have ACLs
> that enable a variety of users expand its ACL memebership thereby making an
> organic social network.

Gah! What does this have to do with WebID? If I substitue "magic pixie
dust" for "WebID" in the above, well, I have a fantastic example of
how magic pixie dust secures the web. Great. Now what?

OK, I guess there's one nugget in there: apparently magic pixie dust
can be nipped from unauthenticated email I sent.

I'm not feeling very enlightened.

Received on Tuesday, 25 September 2012 21:32:06 UTC