- From: Melvin Carvalho <melvincarvalho@gmail.com>
- Date: Fri, 14 Jun 2013 17:40:20 +0200
- To: Peter Williams <home_pw@msn.com>
- Cc: public-webid Group <public-webid@w3.org>, Henry Story <henry.story@bblfish.net>, "foaf-protocols@lists.foaf-project.org" <foaf-protocols@lists.foaf-project.org>
- Message-ID: <CAKaEYh+abNyQ2q=yGP60MYYDpvvhOO9tzJ2rU5XH15j=m4VcYw@mail.gmail.com>
On 14 June 2013 17:20, Peter Williams <home_pw@msn.com> wrote: > When it was written, the public didn't know the meaning of the term > metadata. Now they do - educated by means of showing privacy > vulnerabilities specific to a web “founded on” insecure metadata. And they > have a good intuition of specifically -”social” class of threat models > specific to metadata. They also have a mental model of how vendors, > contractors and security professionals may be part of the threat (to > personal privacy invasion); willingly or otherwise. > > For a specifically social trust protocol the change in the public’s > perceptions and education level on the threats they face does changes the > (scope of the) problem. The freedom box is now perceived to be not so free > (depending on context); and may be actually rather worthless, unless you > count the “feel good” factor. > > How does WebID - in its updated philosophy - address the newly revealed > threat of specifically institutional snooping? > WebID is no longer tied to X.509 certs, it's just a linked data identifer. This is useful for discovery, friending, annotation and a whole host of other things, one of which is auth. WebID+TLS is an X.509 based method to use RSA keys to authenticate over TLS. WebID+WebKeys is a method to use any kind of key to authenticate over any protocol including javascript/websockets. WebID Simple (proposed) is a way to identify and authenticate via security by obscurity You can add many more auth systems onto this list, as you come up with them. > > If I look back at the concept of the VeriSign cert in netscape-grade > https, it was specifically intended (by VISA) to be a feel good security > technology, note, no ifs, no buts, no caveats. It was to change nothing > (but make you feel good about the new internet threats that came into the > concept set of the general public, circa 1994). > > > Sent from Windows Mail > > *From:* Henry Story > *Sent:* Friday, June 14, 2013 2:36 AM > *To:* public-webid Group > *Cc:* foaf-protocols@lists.foaf-project.org > > > On 13 Jun 2013, at 22:31, Henry Story <henry.story@bblfish.net> wrote: > > > Yes, we have two specs: > > > > https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/tls-respec.html > > https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/identity-respec.html > > > > I am not sure why we don't get the full html view anymore. > > Anyone know what we need to change? > > I fixed these. The problem is related to the move to the new > respec.js https://github.com/darobin/respec/ > > It no longer allows one to add spec refs to the js as one used > to be able to > > see diff https://dvcs.w3.org/hg/WebID/rev/7f01174c75b0 > > So the TLS spec now is missing two references > > [[ > berjon.biblio["RFC5746"] = "E. Rescorla, M. Ray, S. Dispensa, N. Oskov, > <a href=\"http://tools.ietf.org/html/rfc5746\"><cite>Transport Layer > Security (TLS) Renegotiation Indication Extension</cite></a> February 2010. > Internet RFC 5246. URL: <a href=\" > http://tools.ietf.org/html/rfc5746\">http://tools.ietf.org/html/rfc5746</a> > "; > > berjon.biblio["WEBID"] = "Andrei Sambra, Stéphane Corlosquet. <a href=' > https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/identity-respec.html' > ]] > > Any idea how one can get those added to the code using the new specref? > > https://github.com/tobie/specref > > > > > > > > We split the identity part from the TLS part, and we have a definition > > of WebID that is simple and implementable. Also a bit of philosophical > > > > We should be close to a new release. All we need is one document > > to describe the other two docs. And perhaps a few tweaks.... > > > > Henry > > > > Begin forwarded message: > > > >> From: Dan Brickley <danbri@danbri.org> > >> Subject: [foaf-protocols] WebID status recap? > >> Date: 13 June 2013 21:39:26 CEST > >> To: foaf-protocols@lists.foaf-project.org > >> > >> It's mid-2013. Can someone share an overview of the current status of > >> WebID aka foaf+ssl, in terms of implementations, adoption and > >> documentation at W3C? > >> > >> Thanks, > >> > >> Dan > >> _______________________________________________ > >> foaf-protocols mailing list > >> foaf-protocols@lists.foaf-project.org > >> http://lists.foaf-project.org/mailman/listinfo/foaf-protocols > > > > Social Web Architect > > http://bblfish.net/ > > > > Social Web Architect > http://bblfish.net/ > > _______________________________________________ > foaf-protocols mailing list > foaf-protocols@lists.foaf-project.org > http://lists.foaf-project.org/mailman/listinfo/foaf-protocols >
Received on Friday, 14 June 2013 15:40:49 UTC