Re: WebID questions -- was: [dane] Call for Adoption: "Using Secure DNS to Associate Certificates with Domain Names For S/MIME"

On 26 Sep 2012, at 19:10, Kingsley Idehen <kidehen@openlinksw.com> wrote:

> On 9/26/12 11:48 AM, Ben Laurie wrote:
>> No, the point you are missing is that in capabilities the_only_
>> authority I need to access a resource is the name of that resource -
>> the URI in your case.
> 
> You can seriously believe I am missing that point while also espousing the virtues of hyperlinks as denotation mechanisms for a global web of linked data. That doesn't compute. That's a contradiction.
> 
>> Security derives from the unforgeability of the
>> URI, rather than an independent system that decides if some principal
>> has permission.
> 
> Security is not derived from the persistence of a URI, its derived from the values exposed directly or indirectly via URI which logic handling routing. I can have many identifiers, but relationship semantics ultimately determine if I can access a resource at an address, directly or indirectly (i.e., name based indirection).

+1 

the idea of an unforgeable URI seems gobbledegook to me, frankly. When people spoke of unforgeable things they spoke of things like diamonds that could not be copied, swords that were made to such perfection that never could there be two identical versions of them, etc... A URI is by definition something that can be copied. In fact there is no way of telling of one URI is an original or another a copy! 

The idea of unforgeable URIs, the idea of a web that cannot be linked, all of these ideas seem to be like weird beasts from a netherworld that nobody has ever heard of, a Medusa that turns all that look at her into stone. 

> 
>> 
>> The problem that best shows the critical difference betweens caps and
>> ACLs is the confused deputy problem:
>> http://en.wikipedia.org/wiki/Confused_deputy_problem.
> 
> Not at all!
> 
> I can sign claims about co-reference by name or value. That's why we have semantics for equivalence by name, ditto. inverse functionality. These matters have been long addressed in computer science. We are at a point where there is a ubiquitous Web that let's us reapply what already exists in newer and more profound context.
> 
> At this juncture, my position hasn't changed. You haven't introduced a new insight that incongruent with what's possible via the Web today.
> 
> 
> 
> -- 
> 
> Regards,
> 
> Kingsley Idehen	
> Founder & CEO
> OpenLink Software
> Company Web: http://www.openlinksw.com
> Personal Weblog: http://www.openlinksw.com/blog/~kidehen
> Twitter/Identi.ca handle: @kidehen
> Google+ Profile: https://plus.google.com/112399767740508618350/about
> LinkedIn Profile: http://www.linkedin.com/in/kidehen
> 
> 
> 
> 
> 

Social Web Architect
http://bblfish.net/

Received on Wednesday, 26 September 2012 18:03:23 UTC