W3C home > Mailing lists > Public > public-webid@w3.org > November 2013

IPv6+SSL Var. WebID?

From: Tim Holborn <timothy.holborn@gmail.com>
Date: Thu, 31 Oct 2013 15:51:39 +1100
Message-Id: <6DD78300-6A1D-48BF-B4EE-449B4CCCB362@gmail.com>
To: "public-webid@w3.org" <public-webid@w3.org>
Hi All,

Overnight, i was considering implementation methods, and i'm wondering if WebID would be better-off using an IPv6 address rather than a FOAF profile URI in the certificate structure itself?  

I've been looking at institutional deployment scenarios, where an "account holder" would get a WebID as part of their authentication process for managing public / private data.  

Currently a WebID points at an RDF FOAF Document; which is in-turn served up, via a domain, DB, etc.

If that WebID was allocated to an IPv6 address (or subnet); then the request logically, is being sent from a signed browser certificate, on behalf of an IP Address that represents the user; and has "identity tools" to further support the authentication method. 

In Effect; the IP could serve-up requests for permissions / ACL, FOAF or other documents that are associated to that IP address request, relating to the WebID CERT; rather than putting those assets into the FOAF profile itself as the primary target of the WebID Auth sequence.  

Many user-cases look at users working with WebID to perform tasks with private or ACL'd data, often in the context of the "social web". 

Assuming the majority of users will need a provider; that provider should be able to provide an IPv6 address (devices, people, etc.) then, If an account (or part of an account) is moved from one provider to another, data's migrated, new keys issued, but overall, targeting (in the x509 cert) an IPv6 address rather than domain.tld/businesscard/foaf.rdf 

Phone and postal companies have provided means to find a citizen should they have changed addresses.  Domain and IP Subnets are searchable by provider ID's who then can internally look at who's operating those IP's at any particular time.

IP address allocations have an array of processes that can link the cert to an identity (via an ISP's for example, or web hosting provider, etc.).  The difference (for the purpose of WebID), would probably also need to find a web server method to identify RDF resources using the domain pointer; in a standards orientated way, whereas the underlying WebID method links to layer 3 (logical addressing).  

This way other records could be better separated from the FOAF.rdf document itself which perhaps becomes a limiting factor.  the method would assuming an IPv6 address = a unique entity, which enables ACL's to target IPv6 addresses; in relation to FOAF documents. 

It would also change the requirement of software platforms to target a an IP Address; hosting space set-up to service a particular IP Address for a particular individual (which in-turn supports the ideas that WebID is trying to support, server side).

the other aspect i believe it may improve, is the ability to add a secondary auth. sequence (to identify the user, beyond the simplicity of the browser or machine itself).  I can think of a myriad of different ways this could be done, but the trigger point would ideally be the cert; and whatever the user implemented (directly or via a provider) to manage their identity related records.

Perhaps the implication is that a webid (or group of ids) can be assigned an IP; and targeting WebID enabled functions (inc. rdf) could be more broadly supported by targeting IP Addresses specifically, and 'linking' via address book like functional apps.  The ID Can also be reverse identified "What is my IP" style. 

Timothy Holborn

Received on Friday, 1 November 2013 16:21:32 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:05:52 UTC