- From: Jonas Smedegaard <dr@jones.dk>
- Date: Thu, 16 May 2013 04:04:14 +0200
- To: public-webid <public-webid@w3.org>
[ yeah - seems my mails are finally allowed at the list :-D ] Quoting Melvin Carvalho (2013-05-15 12:02:21) > So in TPAC 6 months ago we decided to split webid into two parts formally: > > 1. Webid -- Identity (for which there is a new spec) > 2. WebID+TLS which is an authentication example. Currently the WebID+TLS spec > actually has dependencies on FOAF and RSA keys ... so technically it is more > like WebID+TLS+FOAF+RSA > > What we're going for is a clean separation of concerns with many > possible auth layers built on top of a solid identity system. Sounds good to define and document identity and authentication separately. Unfortunately that work is only in draft from which explicitly discourages promotion :-/ BTW https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/identity-respec.html has a typo: "Tim Bernsers Lee". > On 15 May 2013 11:20, Jonas Smedegaard <dr@jones.dk> wrote: >> When Russ says "do we really need [...FOAF]" then he is most likely >> referring to our PGP-based Web of Trust (possibly the largest in the >> World!). > > Side note: The PGP strong set is about 40k? FOAF is much bigger as a > DNS based WOT. But facebook is biggest still. Much depends on your > perspective. I meant possibly largest *PGP-based* WoT. I did not mean to start a pissing contest :-P >> Is he essentially correct that a) WebID is about *both* >> authentication and distributed identity management, and that b) when >> we already have strong distributed identity management with our PGP >> WoT then WebID is arguably unnecessary bloat? > > We try and separate these two concepts (identity and authentication) > as above, but it's a recent evolution so maybe not that well > explained. > > Id actually love to see the PGP WoT and the Web WoT be one big > system. WebID is primarily HTTP based with GET used as discovery. > PGP is primarily email based (with keyservers for discovery?) and both > have (generally RSA) keys and some meta data. GPG has the advantage > of some great tools and security, the web has the advantage of > delivery to a wide audience. Maybe one day this dream will come > true. As of today, it would be really great to find some common > ground, leading to convergence, rather than the either/or > perspectives. Uhm, I missed your answer to the question. We share that dream, you and I. Challenge here is not the dream, but how relevant that dream is for our friends that are not dreaming that same dream. Debian already has PGP-based WoT. So question remains: how is WebID relevant for *Debian*? >> Please also read the follow-up by Daniel. >> >> Russ has been with Debian since forever, and is excellent at keeping >> separate own opinions from general views of the project. >> >> Daniel is slightly younger in Debian (about 10 years like myself, I >> think) and knows his way around crypto + can explain it in simple >> terms - he is involved in the development of Monkeysphere. > > Yes I know daniel from freedombox, we had a similar conversation, and > he's helped me a few times on the GPG user's list. Yup. Perhaps you noticed that the email thread that I referred to in my initial post here links back to that very conversation you had with Daniel at the FreedomBox list. I was happy you got involved there! My remark above was for others here who might not know Daniel and Russ that well. :-) > In summary, technologies like GPG, WebID, DANE/DNSSEC, monkeysphere > and even FOAF have a lot in common in terms of the problems we're > trying to solve. If somehow we can learn to work together (based on > the URI for email/http/key data) we could maybe build something really > great. Fully agree. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
Received on Thursday, 16 May 2013 02:02:56 UTC