Re: [dane] Call for Adoption: "Using Secure DNS to Associate Certificates with Domain Names For S/MIME"

On 9/26/12 4:44 AM, Ben Laurie wrote:
> On 25 September 2012 23:39, Kingsley Idehen <kidehen@openlinksw.com> wrote:
>> On 9/25/12 5:31 PM, Ben Laurie wrote:
>>> On 25 September 2012 20:16, Kingsley Idehen <kidehen@openlinksw.com>
>>> wrote:
>>>> On 9/25/12 2:44 PM, Henry Story wrote:
>>>>>      I am just ccing Andrei, because Ben
>>>>> (http://research.google.com/pubs/author9639.html  ) - has found a bug
>>>>> inhttps://my-profile.eu/  . (see below) My guess is that Ben logged in
>>>>> with
>>>>> a certificate that is not WebID enabled. So that's a good extra test
>>>>> case to
>>>>> add. Of course for people like Ben, the failure of having a Logout
>>>>> button on
>>>>> chrome is going to add to that inconvenience - because having logged in
>>>>> with
>>>>> a certificate that may not be signed by a CA my-profile.eu knows about,
>>>>> he
>>>>> won't be able to change his certificate later after having made a new
>>>>> one.
>>>>
>>>> Ben,
>>>>
>>>> Wondering if you evaluated WebID using any other services or scenarios?
>>>> Your
>>>> feedback would be much appreciated.
>>>>
>>>> Henry: I keep on telling you, one implementation doesn't canonically
>>>> reflect
>>>> WebID. As you can imagine, Ben is time challenged, if he plays with a
>>>> solution that's pitched as canonical its natural for him to draw blanket
>>>> conclusions.
>>>>
>>>> I continue to encourage you to separate the concept and virtues of WebID
>>>> from a specific WebID solution that aligns with your personal world view
>>>> etc..
>>>>
>>>> In my world view, the simplest demonstration of WebID's value takes the
>>>> following form:
>>>>
>>>> 1. A resource is published to the Web
>>>> 2. The resource is ACL protected
>>>> 3. Existence of the resource is published via email, tweet, blog post
>>>> etc..
>>>> 4. A user tries to access the resource -- they fail or succeed subject to
>>>> ACL membership
>>>> 5. User requests access to resource by providing their WebID to resource
>>>> owner -- this is also where signed email are useful since the WebID can
>>>> be
>>>> nipped from the senders signed email certificate.
>>>>
>>>> In addition to the above, the resource acl document can itself have ACLs
>>>> that enable a variety of users expand its ACL memebership thereby making
>>>> an
>>>> organic social network.
>>> Gah! What does this have to do with WebID? If I substitue "magic pixie
>>> dust" for "WebID" in the above, well, I have a fantastic example of
>>> how magic pixie dust secures the web. Great. Now what?
>>>
>>> OK, I guess there's one nugget in there: apparently magic pixie dust
>>> can be nipped from unauthenticated email I sent.
>>>
>>> I'm not feeling very enlightened.
>>>
>>>
>>>
>> Ben,
>>
>> I assumed you attempted to explore WebID via my-profile.eu and hit some
>> problems. Hence my comments.
>>
>> If you are interested in taking a quick look at what's possible with WebID
>> and ACLs, I have a simple example on G+. Here are the components in use re.
>> aforementioned demo:
>>
>> 1. WebID -- verifiable identifier in the form of a personal URI
>> 2. X.509 Certificate -- watermarked with a WebID in its SAN slot
>> 3. Profile Document -- a document with structured content based on the RDF
>> data model
>> 4. Access Control List Ontology -- this describes the authorization modes
>> and how they are scoped to WebIDs.
>>
>> Links:
>>
>> 1. http://bit.ly/O4LNKf -- A simple guide to Web-scale verifiable identity
>> that leverages WebID based ACLs .
> A great example of something I could not possibly ask the average end
> user to do.

I am not 100% sure to what you direct that comment. I can tell you this, 
a 12 year old was able to complete the entire task in an hour. Full 
comprehension of Turtle as a digital notation for 
subject-predicate-object sentence took about half a day.

Underestimating the ability of users has a lot to do with all problems 
in the realm of identity and privacy. Most computer users know how to 
make a document. They also know how to drag and drop a document to a 
Dropbox, Skydrive etc., folder as part of a Web publication effort.

>
> Is anyone planning to address my questions?

What is the question?
>
>
>


-- 

Regards,

Kingsley Idehen	
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen