- From: Peter Williams <home_pw@msn.com>
- Date: Fri, 14 Jun 2013 18:16:35 +0000
- To: "nathan@webr3.org" <nathan@webr3.org>, Henry Story <henry.story@bblfish.net>
- CC: "foaf-protocols@lists.foaf-project.org" <foaf-protocols@lists.foaf-project.org>, public-webid Group <public-webid@w3.org>
- Message-ID: <SNT403-EAS193FA48E108B6455622C87D92800@phx.gbl>
Melvin’s first implementation was important to me. It featured a particular design style - that was common in the foaf world. I assumed that this was what foaf WANTED - to always want everyone to be able, at the end of the day, to edit documents - using very basic tools. It seemed to be a core part of the FOAF/webid project that it should re-capture the HTML-writing days of the early web - when folks learned HTML directly. That the security model assumed such low-tech ...was something I found interesting. Its much harder to subvert low tech, than high tech. If I want a vendors product, I go buy one. There are a million places to buy security UIs; starting with PGP. Designed for a commodity-phase marketplace (of consumers, vs web users), I think we all know how trustworthy they are (given the news). webid was not supposed to be a commodity-phase project; but claimed to be a research phase project - leading to early-adopter usages. It was supposed to add to the semweb storyline - showing how the world is a different place (after the paradigm shift). Building upon some of the semweb properties that failed to make their case sans security model (outside NSA using huge semweb techniques... on custom graph-processing server clusters), the idea was that security (of metadata) would showcase semweb’sinner rightness. Sent from Windows Mail From: Henry Story Sent: Friday, June 14, 2013 10:48 AM To: nathan@webr3.org Cc: foaf-protocols@lists.foaf-project.org, public-webid Group On 14 Jun 2013, at 19:00, Nathan <nathan@webr3.org> wrote: > Henry Story wrote: >>> You can add many more auth systems onto this list, as you come up with them. >> It's nice to see Melvin list all these new possibilities. Given that >> he never implements any of these protocols, and only suggests >> that others develop and implement them, his enthusiasm is always the same as on the first days of WebID, and clearly will still be in 10 years time. > > Henry, I'm surprised at you, Melvin has tirelessly promoted and evangelised WebID for years, most of the people working on it, implementing it, and using it, were introduced to it by Melvin. He understands the web specs, the intersection of the and how they all fit together in the bigger picture. > > What is the point in a specification if nobody is aware of it, what is the point of implementations if nobody uses them? I also seem to remember Melvin working on the very first implementations of the spec and creating some of the first publicly available libraries for it. > Your words were unkind and uncalled for, he's backed you and webid up for years, as long as I've known him, and since WebIDs inception. That is true, Melvin had an early first implementation. That was great at the time. But the UI made it nearly impossible to explain the simplicity of WebID. One had to edit the XML by hand if you recall, and the security was nearly non existent. It took ages before we started getting good implementations that showed just how simple things could be for the end user. We've had a few generations in between then. Since then http://data.fm, http://myprofile.eu and recently some great advances by openlink have raised the bar a lot (and there is still a lot further to go) In the meantime the notion that WebID was difficult to use was being repeated by detractors, and Melvin himself often continues repeating those things as if they were absolutely true, instead of just problems with the initial implementations he had. The solutions Melvin come up with usually end up making things more complicated, however much he argues they don't. I know because I have implemented WebID quite a few times over the years now. Piling on new options is not the answer to make things more widely adopted: rather it is the opposite - make each thing simple and then move to the next layer which needs developing. Simple is beautiful. WebID is part of a larger stack of which: - Web Access Control - Linked Data Platform - Pingback and other small but important tricks So I think it is good that we made the WebID identity distinction from the WebID Authentication over TLS distinction. Others can come to the table. But I think we have wasted a huge amount of time here discussion options as if the problems were with the protocol, where they really were with the implementations. I am building another implementation now in Scala. For this to work I have come to the conlcusion that one does in fact need the whole stack, and one needs to implement it perfectly... We need to now get to the point of creating tools that merge the data layer of http://data.fm and http://myprofile.eu This is where we start having very powerful tools to do what we wanted to do initially: that is create a secure social web. New ideas on how to build a slightly different authentication protocol are cheap and easy. Building the full stack is hard. I'd rather we help people work on building the stack we have then thinking that building yet another variant of an authentication system is going to help. We really need now great implementations that interoperate. So please let us help developers get on board with what we have now, and then if you want to develop new protocols, the foaf-protocols mailing list is the better place to do that, and I'd suggest having an initial implementation too. Hope this helps Nathan, and thanks for your great and always very details contributions over the years. Henry Social Web Architect http://bblfish.net/ _______________________________________________ foaf-protocols mailing list foaf-protocols@lists.foaf-project.org http://lists.foaf-project.org/mailman/listinfo/foaf-protocols
Received on Friday, 14 June 2013 18:26:56 UTC