W3C home > Mailing lists > Public > public-webid@w3.org > May 2013

Re: WebID+TLS Spec was (Re: Signed WebID documents and trust wrt GPG Web of Trust)

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Wed, 29 May 2013 12:00:55 +0200
Message-ID: <CAKaEYhLJOvJ0mb6ZHj83-tRiSCD8yRsW=77EEW0-miuThZ9uTg@mail.gmail.com>
To: Henry Story <henry.story@bblfish.net>
Cc: Olivier Berger <olivier.berger@telecom-sudparis.eu>, public-webid <public-webid@w3.org>
On 29 May 2013 10:29, Henry Story <henry.story@bblfish.net> wrote:

>
> On 29 May 2013, at 10:08, Melvin Carvalho <melvincarvalho@gmail.com>
> wrote:
>
>
>
>
> On 29 May 2013 09:29, Henry Story <henry.story@bblfish.net> wrote:
>
>>
>> On 29 May 2013, at 01:14, Melvin Carvalho <melvincarvalho@gmail.com>
>> wrote:
>>
>>
>>
>>
>> On 28 May 2013 11:14, Olivier Berger <olivier.berger@telecom-sudparis.eu>wrote:
>>
>>> Hi.
>>>
>>> In the discussion about the potential use of WebID + TLS as a mean to
>>> sign-in to Debian Web services/apps, we somehow came to the conclusion
>>> [0] that it could be used provided that we establish trust in WebIDs
>>> presented by users, only if they are signed with a GnuPG signature made
>>> by an existing Debian contributor, leveraging the existing Debian GnuPG
>>> Web of Trust [1].
>>>
>>> This use of an existing GnuPG WoT, which is essentially distributed,
>>> fits well with many interesting aspects of WebID (under control of the
>>> user, etc.).
>>>
>>> Wrt Linked Data, this is not exactly optimal : GPG signatures apply for
>>> documents and not triples, so the model is not as elegant as we'd want
>>> it ? I guess other signature mechanisms could be more Linked Data proof,
>>> and may make more sense wrt WebID and trust.
>>>
>>> Has this topic of trust wrt WebID been discussed already ?
>>>
>>
>> Manu Sporny, who wrote the original WebID+TLS spec,
>>
>>
>> Saying that he wrote the original WebID+TLS spec is pure fantasy. He
>> helped host
>> the group for a while. The spec has it's origins way before Manu's
>> intervention.
>> He never participated in the WebID Incubator group.
>> As a result I have removed his name as a author from the latest spec
>> drafts,
>> given that he is in fact publically arguing against WebId. His name
>> remains in the contributors section though.
>>
>
> You could be right, though that may be slightly harsh.
>
> I seem to recall that Manu made a big contribution to putting the spec
> into a professional format.
>
>
> That may be. But that makes him a contributor, not an author or an editor.
> And so I have kept him as a
> contributor.
>
>
> Manu left the working group,
>
>
> He never joined as far as I recall, so he could not have left.
>
> among other reasons, because he felt that there would be greater adoption
> in the short to medium term, without the hard dependency on X.509
> certificates.  This was also the feedback we (Manu and I) got when speaking
> to Canonical on a conf call about getting WebID into Ubuntu.
>
>
> I was not at that call. So I am not sure what was said. Manu's aims were
> very different from what the group
> here was trying to do. His work may be compatible with what we are doing,
> as most standards in the end should
> be.
>

>From the normative webid site webid.info, if you click on spec you come to:

http://www.w3.org/2005/Incubator/webid/spec/

Authors:

Manu Sporny, Digital Bazaar, Inc. msporny@digitalbazaar.com
Toby Inkster
Bruno Harbulot
Reto Bachmann-Gmür

The first draft of which was

http://www.w3.org/2005/Incubator/webid/spec/drafts/ED-webid-20100711/

Manu was the sole editor of this spec, with Henry and Toby as Authors

Previous Version

http://www.w3.org/2008/09/msnws/papers/foaf+ssl.html

IMHO, the previous version was more a position paper than a specification.

Significant edits were made in the following weeks, where stephane was also
made an editor (and henry remained an author)

http://www.w3.org/2005/Incubator/webid/spec/drafts/ED-webid-20100809/

So, I think it was a slightly harsh decision to single him out.


>
>
>
>>
>>
>> put together another spec, WebKeys, to be used for encrypting and signing
>> messages.
>>
>> https://payswarm.com/specs/source/web-keys/
>>
>> Could this solve the problem?
>>
>> I'm unsure what you want to sign, the webid itself, the webid profile
>> page, or the triples associated with the agent ...
>>
>>
>>>
>>> I guess it could make an interesting use case anyway.
>>>
>>> Any comments ?
>>>
>>> Best regards,
>>>
>>> [0] http://lists.debian.org/debian-devel/2013/05/msg01098.html
>>> [1]
>>> http://www.debian.org/doc/manuals/developers-reference/new-maintainer.html#registering
>>> --
>>> Olivier BERGER
>>> http://www-public.telecom-sudparis.eu/~berger_o/ - OpenPGP-Id:
>>> 2048R/5819D7E8
>>> Ingenieur Recherche - Dept INF
>>> Institut Mines-Telecom, Telecom SudParis, Evry (France)
>>>
>>>
>>>
>>>
>>
>>    Social Web Architect
>> http://bblfish.net/
>>
>>
>
>    Social Web Architect
> http://bblfish.net/
>
>
Received on Wednesday, 29 May 2013 10:01:29 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:54:44 UTC