Re: Simple WebID, WebID+TLS Protocol, and ACL Dogfood Demo

On 7 Aug 2013, at 19:34, Nick Jennings <nick@silverbucket.net> wrote:

> Hi Kingsley,
> 
>  Thanks for the links. Trying out the first link (http://youid.openlinksw.com/) now, some notes:
> 
> 1. Certificate Name: maybe there could be some examples of ways to name your certificate. I was speaking with Henry Story about this during the OHM2013 conference, because at one time I had inadvertently 3 different WebID certs in my browser, when I would visit a WebID enabled site, I'd have no idea which one to choose, they were all the same "Nick Jennings ..." ... He suggested that I give them unique names like "Work" "Home" "Junk" etc. so I know when to use them in which cases... but this isn't very obvious to a new user.

That's why it should be done by the server generating the certificate.
The details are here:
  https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/tls-respec.html#the-certificate

Please let us know if you can think of improvements to the spec text, as we will be 
publishing it soon.


> In general, that brings up some thoughts for me, maybe here's the place to share them. It would be cool in browsers could bake the idea of a WebID into the persona/profile of the browser session. (ie. chromes profiles, and firefox has a profile plugin). Just allowing (by default, i guess) one WebID per persona. This way you are encouraged to manage different profiles at the browser level, rather than juggling a bunch of certificates with naming hacks to figure out which is which... ?

You can contribute your feedback as bug reports to the browsers.
A place to start is here:
http://www.w3.org/wiki/Foaf%2Bssl/Clients#Further_User_Interface_Issues

> 
> 
> 2. With firefox, after filling out the form, I get a download dialogue for the cert instead of it installing into the browser. So I saved, then went into preferences and "import" ... which was successful with "Successfully restored your security certificate(s) and private key(s)". Previously, with my-profile.eu, this was automatically installed into the browser (I was using Chrome then). Though I guess it's better to have it export/save by default so you can install the same cert on any number of browsers without hassle. Still, it creates more steps and could be confusing for new users.

In the case of WebID certs downloading the certificate is in fact silly as you can produce a different one for each browser. So that message is a little
misleading. A good UI should warn the user about that.

> 
> 
> 3. After importing the cert, when I go to rww.io, it asks me to select a cert (which I do) but then when I view silverbucket.rww.io it still says in the upper right "webid login"... I can't tell if I registered this spot and it's working, or not. There's no real user feedback as to login state. Same with taskify.org. I don't know if this is a site UI problem or a cert issue.

yes, a good web server should tell you if you are logged in in an obvious way. If they don't then it is a server UI issue.

> 
> Would be cool to have login state also baked into the browser/profile/webid. I imagine something like what chrome has, an avatar in the upper-left which indicates who you "are" at the moment, with an overlay (padlock?, green/red light?) icon of your login state for that particular site.

yes, that is bug issue 
https://code.google.com/p/chromium/issues/detail?id=29784

This should also be followed up with other browser.

> 
> I know most of my suggestions are for browser developers, I just wanted to share my overall impression of WebID. I think it's a great idea, but it still feels very intangible as a user.

One can make pretty good UIs for this.

> -Nick
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> On Wed, Aug 7, 2013 at 6:54 PM, Kingsley Idehen <kidehen@openlinksw.com> wrote:
> On 8/7/13 12:43 PM, Nick Jennings wrote:
>> It would help if there was some way one could reliably get and manage WebID. As it is right now, neither rww.io nor my-profile.eu (which are the only ones I know about) are functioning in terms of generating a WebID for the browser.
> 
> Does this also apply to:
> 
> 1. http://youid.openlinksw.com 
> 2. http://id.myopenlink.net/certgen .
> 
> Note, both of these provide the pkcs#12 option (as opposed to keygen) by default. 
> 
> In addition, if you already have a FOAF profile doc, use the second tab (we forgot to list FOAF where you see OpenID). Then follow the wizard to then end of the process which basically provides content for you to manually add to your FOAF profile. Of course, if you don't manage your own profile document, you take the defaults which leads to the profile document be hosted at id.myopenlink.net.
> 
> As I type, I just realized we overlooked a key feature and that's setting an ACL on the profile document generated on id.myopenlink.net so that you control the ACLs going forward. 
> 
> Note to self (and rest of OpenLink Data Spaces team), that's a new feature zilla :-)
> 
> 
> Kingsley 
>> 
>> I had some from my-profile.eu that were generated several months ago, but I removed them all during some tests and was unable to get a new one. I tried in both Firefox and Chrome. Anyone having trouble as well?
>> 
>>  
>> 
>> 
>> On Tue, Aug 6, 2013 at 8:01 PM, Kingsley Idehen <kidehen@openlinksw.com> wrote:
>> All,
>> 
>> Following the earlier posts about WebID (and by implication, WebID+TLS), here is a very simple demonstration of how we can put this technology to good use re., protected document authoring and editing.
>> 
>> For this exercise I've performed the following steps:
>> 
>> 1. Created a protected Turtle document at: <http://kingsley.idehen.net/DAV/home/kidehen/Public/Linked%20Data%20Documents/WebID-ACL-Demos/simple-shared-turtle-doc.ttl>
>> 
>> 2. Used WebID (Agent entity type denotation), WebID+TLS (for agent identity authentication), and an ACL (itself expressed in Turtle) to create a data access policy that enables anyone read the document's content, but only allowing those with verifiable WebIDs to perform read, write, and delete operations.
>> 
>> This entire exercise is driven by Linked Data.
>> 
>> Let everyone know how you get on :-)
>> 
>> 
>> -- 
>> 
>> Regards,
>> 
>> Kingsley Idehen 
>> Founder & CEO
>> OpenLink Software
>> Company Web: http://www.openlinksw.com
>> Personal Weblog: http://www.openlinksw.com/blog/~kidehen
>> Twitter/Identi.ca handle: @kidehen
>> Google+ Profile: https://plus.google.com/112399767740508618350/about
>> LinkedIn Profile: http://www.linkedin.com/in/kidehen
>> 
>> 
>> 
>> 
>> 
>> 
> 
> 
> -- 
> 
> Regards,
> 
> Kingsley Idehen	      
> Founder & CEO 
> OpenLink Software     
> Company Web: http://www.openlinksw.com
> Personal Weblog: http://www.openlinksw.com/blog/~kidehen
> Twitter/Identi.ca handle: @kidehen
> Google+ Profile: https://plus.google.com/112399767740508618350/about
> LinkedIn Profile: http://www.linkedin.com/in/kidehen
> 
> 
> 
> 
> 

Social Web Architect
http://bblfish.net/

Received on Thursday, 8 August 2013 15:15:13 UTC