- From: Olivier Berger <olivier.berger@it-sudparis.eu>
- Date: Thu, 16 May 2013 14:58:51 +0200
- To: Jonas Smedegaard <dr@jones.dk>, public-webid <public-webid@w3.org>
- Cc: obergix@debian.org
Hi. Let me add a few bits to the discussion, with some common interest to previous participants (both a younger Debian project member, aka obergix@debian.org, and a freedombox and WebID interested person). Jonas Smedegaard <dr@jones.dk> writes: > Debian already has PGP-based WoT. So question remains: how is WebID > relevant for *Debian*? > I've been among the few mentioning WebID on the Debian lists as I try and investigate the use of Linked Data in FLOSS projects [2], and as the TLS certs sign-on was discussed, it triggered my interest. But I've also been advocating WebID in the context of developer profiles, too, without a primary concern for authentication. It seems to me that instead of reinventing some wheels with other (hopefull standard) technologies, we could address multiple uses at once with FOAF/WebID for developer profiles and WebID+TLS for authentication. In order to try and test what's possible, I've already started webid.debian.net that demonstrates the generation of FOAF profiles for Debian participants. See for instance my profile [0]. It's work in progress. The main use was to try and convert what's on other portals about Debian participants in HTML to a more Linked Data compatible format, and test that on links with package descriptions in RDF [1]. I think that the community of Debian participants is diverse and could benefit from using WebID for participants identification, as the profiles could be interlinked, and include/interlink both meta-data provided (and asserted if needed) by Debian.org services and some "manually edited" by members, for instance to interlink with profiles in other projects they participate. Now, looking again at the Auth aspects, this means that the Debian GPG web of trust, which is somehow enforced by the Debian services could be mapped somehow to some TLS certs and even signed certs, but while allowing also some bits of personal / locally generated (self signed) certs, which could all be interlinked to the WebID profile. I envision a time when, ultimately, one could single-sign-on with the same WebID+TLS (eventuall several interlinked documents), to many communities/services which would trust different parts of the provided meta-data depending on the trust they grant if they recognize some particular certs. For instance, I could have a Linked Data WebID which has 2 certs, one personal self-signed that my FreedomBox knows, and one that is issued by a Debian CA or which is cross-signed by other Debian developers' (derived from the existing official Debian GPG WoT), which I could then use to login to Debian. Thus, some Debian services and my FreedomBox could eventually establish some kind of aknowledgement for back channel process, who knows... ;) I could also be recognized by my forge as a FusionForge contributor, which would also recognize my profile, etc. My employer's server would know me also as URI interlinked as a sameAs with the others, of course... This would be largely decentrilized, and me being in control of the "master" WebID document that binds them all (preferably GPG signed). I hope this makes sense. I've been thinking about reusing some bits of MyProfile [3] to extend webid.debian.net, but haven't found time/motivation yet to push this forward. It may be something I'd investigate in the direction of my participation to the Debian conference in August... Comments much welcome. Best regards, [0] http://webid.debian.net/maintainers/obergix [1] http://wiki.debian.org/qa.debian.org/pts/RdfInterface [2] http://www-public.telecom-sudparis.eu/~berger_o/papier-swese2012/ and associated bibliography [3] http://myprofile-project.org/ -- Olivier BERGER http://www-public.telecom-sudparis.eu/~berger_o/ - OpenPGP-Id: 2048R/5819D7E8 Ingenieur Recherche - Dept INF Institut Mines-Telecom, Telecom SudParis, Evry (France)
Received on Thursday, 16 May 2013 12:59:24 UTC