W3C home > Mailing lists > Public > public-webid@w3.org > May 2013

WebID+TLS Spec was (Re: Signed WebID documents and trust wrt GPG Web of Trust)

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Wed, 29 May 2013 10:08:02 +0200
Message-ID: <CAKaEYhL1=jrEUC-1OuRXZbqiZf9FP3h22=15bBNa3AdRF4W1rQ@mail.gmail.com>
To: Henry Story <henry.story@bblfish.net>
Cc: Olivier Berger <olivier.berger@telecom-sudparis.eu>, public-webid <public-webid@w3.org>
On 29 May 2013 09:29, Henry Story <henry.story@bblfish.net> wrote:

>
> On 29 May 2013, at 01:14, Melvin Carvalho <melvincarvalho@gmail.com>
> wrote:
>
>
>
>
> On 28 May 2013 11:14, Olivier Berger <olivier.berger@telecom-sudparis.eu>wrote:
>
>> Hi.
>>
>> In the discussion about the potential use of WebID + TLS as a mean to
>> sign-in to Debian Web services/apps, we somehow came to the conclusion
>> [0] that it could be used provided that we establish trust in WebIDs
>> presented by users, only if they are signed with a GnuPG signature made
>> by an existing Debian contributor, leveraging the existing Debian GnuPG
>> Web of Trust [1].
>>
>> This use of an existing GnuPG WoT, which is essentially distributed,
>> fits well with many interesting aspects of WebID (under control of the
>> user, etc.).
>>
>> Wrt Linked Data, this is not exactly optimal : GPG signatures apply for
>> documents and not triples, so the model is not as elegant as we'd want
>> it ? I guess other signature mechanisms could be more Linked Data proof,
>> and may make more sense wrt WebID and trust.
>>
>> Has this topic of trust wrt WebID been discussed already ?
>>
>
> Manu Sporny, who wrote the original WebID+TLS spec,
>
>
> Saying that he wrote the original WebID+TLS spec is pure fantasy. He
> helped host
> the group for a while. The spec has it's origins way before Manu's
> intervention.
> He never participated in the WebID Incubator group.
> As a result I have removed his name as a author from the latest spec
> drafts,
> given that he is in fact publically arguing against WebId. His name
> remains in the contributors section though.
>

You could be right, though that may be slightly harsh.

I seem to recall that Manu made a big contribution to putting the spec into
a professional format.

Manu left the working group, among other reasons, because he felt that
there would be greater adoption in the short to medium term, without the
hard dependency on X.509 certificates.  This was also the feedback we (Manu
and I) got when speaking to Canonical on a conf call about getting WebID
into Ubuntu.


>
>
> put together another spec, WebKeys, to be used for encrypting and signing
> messages.
>
> https://payswarm.com/specs/source/web-keys/
>
> Could this solve the problem?
>
> I'm unsure what you want to sign, the webid itself, the webid profile
> page, or the triples associated with the agent ...
>
>
>>
>> I guess it could make an interesting use case anyway.
>>
>> Any comments ?
>>
>> Best regards,
>>
>> [0] http://lists.debian.org/debian-devel/2013/05/msg01098.html
>> [1]
>> http://www.debian.org/doc/manuals/developers-reference/new-maintainer.html#registering
>> --
>> Olivier BERGER
>> http://www-public.telecom-sudparis.eu/~berger_o/ - OpenPGP-Id:
>> 2048R/5819D7E8
>> Ingenieur Recherche - Dept INF
>> Institut Mines-Telecom, Telecom SudParis, Evry (France)
>>
>>
>>
>>
>
> Social Web Architect
> http://bblfish.net/
>
>
Received on Wednesday, 29 May 2013 08:08:34 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:54:44 UTC