Re: WebID questions -- was: [dane] Call for Adoption: "Using Secure DNS to Associate Certificates with Domain Names For S/MIME"

On 9/26/12 11:48 AM, Ben Laurie wrote:
> No, the point you are missing is that in capabilities the_only_
> authority I need to access a resource is the name of that resource -
> the URI in your case.

You can seriously believe I am missing that point while also espousing 
the virtues of hyperlinks as denotation mechanisms for a global web of 
linked data. That doesn't compute. That's a contradiction.

> Security derives from the unforgeability of the
> URI, rather than an independent system that decides if some principal
> has permission.

Security is not derived from the persistence of a URI, its derived from 
the values exposed directly or indirectly via URI which logic handling 
routing. I can have many identifiers, but relationship semantics 
ultimately determine if I can access a resource at an address, directly 
or indirectly (i.e., name based indirection).

>
> The problem that best shows the critical difference betweens caps and
> ACLs is the confused deputy problem:
> http://en.wikipedia.org/wiki/Confused_deputy_problem.

Not at all!

I can sign claims about co-reference by name or value. That's why we 
have semantics for equivalence by name, ditto. inverse functionality. 
These matters have been long addressed in computer science. We are at a 
point where there is a ubiquitous Web that let's us reapply what already 
exists in newer and more profound context.

At this juncture, my position hasn't changed. You haven't introduced a 
new insight that incongruent with what's possible via the Web today.



-- 

Regards,

Kingsley Idehen	
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen