- From: Timothy Holborn <timothy.holborn@gmail.com>
- Date: Wed, 26 Feb 2014 23:48:27 +1100
- To: "henry.story@bblfish.net" <henry.story@bblfish.net>
- Cc: Andrei Sambra <andrei@fcns.eu>, public-webid WebID Group <public-webid@w3.org>
- Message-Id: <2E9B8667-CE2B-4D80-BCBA-703480327D22@gmail.com>
Is certificate / account recovery part of the spec...?
Sent from my iPad
> On 26 Feb 2014, at 8:36 pm, "henry.story@bblfish.net" <henry.story@bblfish.net> wrote:
>
>
>> On 26 Feb 2014, at 01:37, Tim Holborn <timothy.holborn@gmail.com> wrote:
>>
>> Few ideas…
>>
>> re: https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/identity-respec.html
>> I wonder whether the term ‘person’ could be replaced with ‘actor’ (meaning legal entity effectively? - whether alone or in relation to another...)
>>
>> Idea being… from,
>>
>> "A global distributed Social Web requires that each person be able to control their identity, that this identity be linkable across sites - placing each person in a Web of relationships - and that it be possible to authenticate globally with such identities."
>>
>> to, (something like)….
>>
>> "A Semantic Web Platform providing a distributed world wide web of meaning requires methods and systems that provide each actors the ability to control and manage their identity, and the read-write permissions of web-based resources associated to an actors identity. In-order for this to become compliant with the vision of the semantic web, the identity must be linkable across sites - placing each actor in a Web of relationships - so that it be possible to authenticate globally identity information and directives with actors and agents.”
>>
>> the old w3 Web sessions [1] inspired a few ideas about naming. IoT/WoT (perhaps meaning both Web of Things and Web of Trust?) may seemingly provide the ability for something like a RWW Server (with ACLS) to have the capacity to approve/deny when a user is offline (using existing permissions structures, etc.); therein, agent not just person.
>
> yes, I agree that we should generalise this intro to Agents. Though I like the term actors, foaf uses Agent as its most generic class, and so it's easier if we stick to that for the moment. For Tim Berner's Lee's WebID it is clear that we should add a { <#i> a foaf:Person } relation, since Tim is A Person and not an institution ( yet ). :-)
>
>> Further down in 5.1 “WebID Profile Vocabulary” i think this is overly exacting; re: foaf - perhaps point to foaf? re: ontology - what others could be used? (i imagine not solely / specifically - foaf); I envisage models where my phone as a WebID, my PC / MAC a WebID, my RWW-Server (i might have it as a person, as a company - or buy a service from someone-else.) has a WebID and my rww-server account (i might have a bunch of them and script data-storage across distributed locations, etc.) has as WebID. Therein; in-order to authenticate and communicate i’m using both a person (me) and my agents (my things); to get to a point where i’m capable of having an ‘active web’ environment for linking resources with others.
>
> I think you are right here, even though section 5.1 is non-normative, there should be a link to the foaf ontology. But I also think that an example with
> a public key should be given too. Adding a public key to the profile does not tie one to WebID-TLS. The same could be used for Persona.
>
>
>>
>> In effect WebID is linking a Certificate to an RDF Document. Validation comes to mind? does that mean it needs to be a HTML+RDFa 1.1 valid document? http://www.w3.org/TR/rdfa-in-html/ ??
>
> The section specified that Turtle is the minimal requirement. Of course anything should validate.
>
>>
>> Perhaps rather than specifying the style; specify the structure? I’m thinking WoT becomes important herein?
>
> Yes, you are probably right here too. A little bit on trust may be useful here. But a full document on calculations of
> trust would be a spec by itself.
>
>>
>> Re: https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/tls-respec.html
>>
>> The document expresses "Web of trust using vocabularies such as [FOAF]” however perhaps tangentially; how is the user notified of the authenticating agent / details. does consideration need to be made around user-notification of the entity / information in the cert…
>>
>> Underlying is the idea that a WebID exists within an existing Web of Trust. Is there an example somewhere that shows how the "confidence level (?)” might improve in a web of WebID’s inclusive of agents (things: apps, servers, etc.) & actors (companies, people)?
>>
>> consideration being; say, i go build a Webid enabled website saying i’m an existing bank. build a fake online banking page, with my new authentication method - asking for people to login, update. (perhaps that’s outside scope? but…) do we need some sorta guide to assess confidence level?
>
> WebID Authentication is about Authentication of a given WebID. I think
>
>>
>> second issue that’s more problematic; the relationship between a webid and openID (or other password / username); i have computer, i leave for uni / work / coffee with friend; someone in the house decides to sit at my computer and use sites that authenticate with webid..
>
> The relation to OpenId and other protocols is the role of a further document which we started working on and which is linked to from
> the first page:
>
> https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/index.html
>
>
>
>>
>> on the other side of the coin; if a machine doesn’t have a WebID, doesn’t have the right WebID or more particularly; doesn’t have my specific WebID - then worrying about all sorts of things that are specifically related to the ‘knowledge’ of PWD/USERNAME (stored in some DB somewhere) becomes far less of an issue… I think though, naming the certificate “my mac pro” or “alice’s MAC @ 28 WebID Valley Road” whatever; will likely become important.
>>
>> The question then becomes why issue more than one certificate to a machine is you can establish ‘alice' and ‘bob’ are friends and ‘alice’ gave ‘bob’ permission to use her computer to access his rww account...
>>
>> Perhaps the spec needs to outline what WebID does not do….
>
> A lot of things :-)
>
>>
>> hope there’s something useful in there...
>>
>> timh.
>>
>> [1] http://www.w3.org/2004/Talks/w3c10-Overview/
>>
>>> On 26 Feb 2014, at 4:15 am, Kingsley Idehen <kidehen@openlinksw.com> wrote:
>>>
>>>> On 2/25/14 11:17 AM, Andrei Sambra wrote:
>>>> Hi all,
>>>>
>>>> I would like to formally invite everyone to review the current version of the specs for WebID [1] and WebID-TLS [2] so that we can have a formal call this Friday (Feb 28th), at the usual time [3]. The purpose of this call will be to agree on the contents of the new documents so that the editors can finally publish them.
>>>>
>>>> Best,
>>>> Andrei
>>>>
>>>>
>>>> [1] https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/identity-respec.html
>>>> [2] https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/tls-respec.html
>>>> [3] http://www.w3.org/2005/Incubator/webid/wiki/Main_Page#Meetings
>>>
>>> Andrei,
>>>
>>>
>>> Wouldn't it be prudent to separate these items in regards to voting? By that I mean, #1 shouldn't be delayed if voting for #2 is inconclusive, for instance.
>>>
>>> We really need to get #1 out, as soon as possible.
>>>
>>> --
>>>
>>> Regards,
>>>
>>> Kingsley Idehen
>>> Founder & CEO
>>> OpenLink Software
>>> Company Web: http://www.openlinksw.com
>>> Personal Weblog: http://www.openlinksw.com/blog/~kidehen
>>> Twitter Profile: https://twitter.com/kidehen
>>> Google+ Profile: https://plus.google.com/+KingsleyIdehen/about
>>> LinkedIn Profile: http://www.linkedin.com/in/kidehen
>
> Social Web Architect
> http://bblfish.net/
>
Received on Wednesday, 26 February 2014 12:48:58 UTC