W3C home > Mailing lists > Public > public-webid@w3.org > May 2013

Re: WebID discussion in Debian

From: Jonas Smedegaard <dr@jones.dk>
Date: Thu, 16 May 2013 04:04:14 +0200
To: public-webid <public-webid@w3.org>
Message-ID: <20130516020414.23166.34858@bastian.jones.dk>
[ yeah - seems my mails are finally allowed at the list :-D ]

Quoting Melvin Carvalho (2013-05-15 12:02:21)

> So in TPAC 6 months ago we decided to split webid into two parts formally:
> 1. Webid -- Identity (for which there is a new spec)
> 2. WebID+TLS which is an authentication example.  Currently the WebID+TLS spec
> actually has dependencies on FOAF and RSA keys ... so technically it is more
> What we're going for is a clean separation of concerns with many 
> possible auth layers built on top of a solid identity system.  

Sounds good to define and document identity and authentication 
separately. Unfortunately that work is only in draft from which 
explicitly discourages promotion :-/

BTW https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/identity-respec.html 
has a typo: "Tim Bernsers Lee".

> On 15 May 2013 11:20, Jonas Smedegaard <dr@jones.dk> wrote:
>> When Russ says "do we really need [...FOAF]" then he is most likely 
>> referring to our PGP-based Web of Trust (possibly the largest in the 
>> World!).
> Side note:  The PGP strong set is about 40k?  FOAF is much bigger as a 
> DNS based WOT.  But facebook is biggest still.  Much depends on your 
> perspective.  

I meant possibly largest *PGP-based* WoT.  I did not mean to start a 
pissing contest :-P

>> Is he essentially correct that a) WebID is about *both* 
>> authentication and distributed identity management, and that b) when 
>> we already have strong distributed identity management with our PGP 
>> WoT then WebID is arguably unnecessary bloat?
> We try and separate these two concepts (identity and authentication) 
> as above, but it's a recent evolution so maybe not that well 
> explained.
> Id actually love to see the PGP WoT and the Web WoT be one big 
> system.  WebID is primarily HTTP based with GET used as discovery.  
> PGP is primarily email based (with keyservers for discovery?) and both 
> have (generally RSA) keys and some meta data.  GPG has the advantage 
> of some great tools and security, the web has the advantage of 
> delivery to a wide audience.  Maybe one day this dream will come 
> true.  As of today, it would be really great to find some common 
> ground, leading to convergence, rather than the either/or 
> perspectives.  

Uhm, I missed your answer to the question.

We share that dream, you and I.  Challenge here is not the dream, but 
how relevant that dream is for our friends that are not dreaming that 
same dream.

Debian already has PGP-based WoT.  So question remains: how is WebID 
relevant for *Debian*?

>> Please also read the follow-up by Daniel.
>> Russ has been with Debian since forever, and is excellent at keeping 
>> separate own opinions from general views of the project.
>> Daniel is slightly younger in Debian (about 10 years like myself, I 
>> think) and knows his way around crypto + can explain it in simple 
>> terms - he is involved in the development of Monkeysphere.
> Yes I know daniel from freedombox, we had a similar conversation, and 
> he's helped me a few times on the GPG user's list.

Yup. Perhaps you noticed that the email thread that I referred to in my 
initial post here links back to that very conversation you had with 
Daniel at the FreedomBox list.  I was happy you got involved there!

My remark above was for others here who might not know Daniel and Russ 
that well. :-)

> In summary, technologies like GPG, WebID, DANE/DNSSEC, monkeysphere 
> and even FOAF have a lot in common in terms of the problems we're 
> trying to solve.  If somehow we can learn to work together (based on 
> the URI for email/http/key data) we could maybe build something really 
> great.  

Fully agree.

 - Jonas

 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private
Received on Thursday, 16 May 2013 02:02:56 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:05:51 UTC