W3C home > Mailing lists > Public > public-webid@w3.org > October 2013

Re: security/privacy sections specs

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Mon, 14 Oct 2013 12:35:06 +0200
Message-ID: <CAKaEYh+pZpWrhz3F5OUkKJRmVORo9kk4BVt4Q1jTctDHfLzKXg@mail.gmail.com>
To: Henry Story <henry.story@bblfish.net>
Cc: public-webid <public-webid@w3.org>
On 14 October 2013 12:09, Henry Story <henry.story@bblfish.net> wrote:

> Hi,
>
>  I have added a security and a privacy section to the identity spec.
> I have added a security section to the tls spec.
>
> Also I have added a section "Prototype Spec" to the main page
>
>   https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/index.html
>

Looks excellent.

The security measures all seem to involve a degree of centralization.  e.g.
CA's have become a relatively centralized service in a distributed
architecture.  DNSSEC is augmenting the centralization of DNS, remember
Tim's comment, "DNS is the Achilles heal of the web" and be wary about
putting too many eggs in one basket.

In recent years a new technique has become more popular, and that is to
have decentralized distributed databases, that replicate data across many
nodes and sync up.  This is the technique behind ripple (consensus of 80%
of nodes) and bitcion (proof of work of millions of nodes).  The web is
quite capable of distributed triples in many places, so, although not
mentioned in the spec, perhaps in future we'll see more security that
avoids central points of failure.


>
> with pointers to Web Access control and to Identity Interoperability,
> so that the role of these specs become clearer to people who see what
> work we have done.
>
>   I'd like to sending this off for review to the privacy group later this
> week to see what feedback they can give us.
>
>         Henry
>
>
> Social Web Architect
> http://bblfish.net/
>
>
>
Received on Monday, 14 October 2013 10:35:34 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:05:52 UTC