Re: Request for Review of WebID specs before publishing from Erich Bremer on 2013-09-14 (public-webid@w3.org from September 2013)

From: Erich Bremer <erich@ebremer.com>
Date: Sat, 14 Sep 2013 12:39:20 -0400
To: Henry Story <henry.story@bblfish.net>
CC: "public-webid@w3.org" <public-webid@w3.org>
Message-ID: <52349138.5090301@ebremer.com>
On 9/12/2013 2:13 AM, Henry Story wrote:
> On 12 Sep 2013, at 05:19, Erich Bremer <erich@ebremer.com> wrote:
>
>> On 9/11/2013 12:27 PM, Henry Story wrote:
>>> On 11 Sep 2013, at 18:20, "Erich Bremer" <erich@ebremer.com> wrote:
>>>
>>>> Would it be better to name WebID-TLS:
>>>>
>>>> WebID-HTTP/TLS
>>>>
>>>> Considering TLS is used in other protocols like SMTP, IMAP, POP, etc?  Whereas it is indicated that it is over HTTP given the definition of WebID in the TLS context, it may be clearer to the WebID newcomer to explicitly mention HTTP in the title rather than to have to discover the fact only after reading the specification?  - Erich
>>> The spec should make it clear that this works with other TLS protocols. I think it does.
>>> See the section with the UML sequeence diagram.
>> Hi Henry,
>>
>> However, the way it is written, I think it is a bit confusing. First the WebID-TLS name does not indicate which protocol the document is supporting.  Second, in "1.2 Terminology of the WebID-TLS document", A WebID is defined as, "A WebID is a URI with an HTTP or HTTPS scheme".  Third, in section 3.1 of the WebID-TLS document, in the steps section, it says, "If the protocol is HTTP" which hints that it could be something other than http but contradicts "A WebID is a URI with an HTTP or HTTPS scheme".
>> The other document:
>> https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/identity-respec.html
>> also defines "A WebID is a URI with an HTTP or HTTPS scheme" and section 3 of this document is entitled "The WebID HTTP URI".  I think it is clear that http is a focus, but I don't think it is very clear that other protocols potentially could be implemented.  - Erich
>
> You are confusing the WebID - The identifier - and its method of dereferencing (HTTP) with the protocol used by
> the Agent doing the authentication of the client. That is in diagram 3 of
>    https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/tls-respec.html#authentication-sequence
> you are confusing the protocol used between Bob's Client and Alice's Server, and the Protocol used between
> Alice's Server and Bob's Server. The first protocol can be any protocol using TLS, (all we need is the certificate)
> the second must dereference a WebID  which is restricted to http(s) and so that protocol MUST be http based.
>
> Perhaps you can suggest some language to make that clearer?
>
> Henry
  Hi Henry,

     In part I am confused.  I was remembering (and perhaps incorrectly 
so) some discussion months back on a WebID telcom, where there were some 
disagreements of whether a WebID was a HTTP(S) URI in a particular 
implementation, or a WebID was always a HTTP(S) URI.  This stemming from 
a difference of interpretation of the vote that was taken on the 
definition of a WebID.  If that discussion has been closed, and a WebID 
will always be a HTTP(S) URI (and never something else like a WS(S) 
URI), then I withdraw most of my confusion comments I made on this 
particular email thread.  I would still suggest in:

https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/tls-respec.html
3.1 Auhentication Sequence
"Bob 
<https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/tls-respec.html#dfn-bob> 
initiates a connection to Alice 
<https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/tls-respec.html#dfn-alice>'s 
server via a TLS enabled protocol such as HTTPS in order..."
to something like:
"Bob 
<https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/tls-respec.html#dfn-bob> 
initiates a connection to Alice 
<https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/tls-respec.html#dfn-alice>'s 
server via a TLS enabled protocol such as HTTPS (but could also be other 
TLS enabled protocols like but not limited to IMAP, SMTP, POP) in order..."

In this way, making it a bit more obvious that other TLS-enabled 
protocols could be used.

Further, in "The steps in detail are as follows:" section, I would modify:
"If the protocol is HTTP then the client..."
to
"If the TLS-enabled client protocol is HTTP then the client..." to 
further emphasize that the TLS client protocols have a greater range 
than HTTP.  - Erich

>
>
>>>
>>>> ==========================================================
>>>> Erich Bremer
>>>> http://www.ebremer.com
>>>> http://haylyn.io
>>>>
>>>>
>>>> On Sep 5, 2013, at 9:53 AM, "Henry Story" <henry.story@bblfish.net> wrote:
>>>>
>>>>> Dear WebID Community Group,
>>>>>
>>>>> we now have three specs up on github here
>>>>>
>>>>>   https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/index.html
>>>>>
>>>>> All editors think that it is time to publish a new version
>>>>> on the W3C WebID Incubator space, to finalise the distinction
>>>>> between WebID, WebID-TLS, and the cert ontology.
>>>>>
>>>>> So we would like to be able to publish the specs above
>>>>> at the following location, by Friday 20 September 2013
>>>>>
>>>>> http://www.w3.org/2005/Incubator/webid/spec/
>>>>>
>>>>> We would be very happy to receive feedback from
>>>>> the community before doing so. If you can spot
>>>>> any errors or improvements please let us know,
>>>>> we'll do our best to get them in before publication.
>>>>>
>>>>>   Thanks,
>>>>>
>>>>>        Henry Story
>>>>>
>>>>>
>>>>> Social Web Architect
>>>>> http://bblfish.net/
>>>>>
>>>>>
>>> Social Web Architect
>>> http://bblfish.net/
>>>
> Social Web Architect
> http://bblfish.net/
>
Received on Saturday, 14 September 2013 16:39:46 UTC