W3C home > Mailing lists > Public > public-webid@w3.org > February 2014

Re: Publishing updated spec documents.

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Wed, 26 Feb 2014 16:38:20 -0500
Message-ID: <530E5ECC.3040903@openlinksw.com>
To: public-webid@w3.org
On 2/26/14 7:48 AM, Timothy Holborn wrote:
> Is certificate / account recovery part of the spec...?

No, that would be a different spec :-)

> Sent from my iPad
> On 26 Feb 2014, at 8:36 pm, "henry.story@bblfish.net 
> <mailto:henry.story@bblfish.net>" <henry.story@bblfish.net 
> <mailto:henry.story@bblfish.net>> wrote:
>> On 26 Feb 2014, at 01:37, Tim Holborn <timothy.holborn@gmail.com 
>> <mailto:timothy.holborn@gmail.com>> wrote:
>>> Few ideas…
>>> re: https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/identity-respec.html
>>> I wonder whether the term ‘person’ could be replaced with ‘actor’ 
>>> (meaning legal entity effectively? - whether alone or in relation to 
>>> another...)
>>> Idea being… from,
>>> /"A global distributed Social Web requires that each person be able 
>>> to control their identity, that this identity be linkable across 
>>> sites - placing each person in a Web of relationships - and that it 
>>> be possible to authenticate globally with such identities."/
>>> to, (something like)….
>>> /"A Semantic Web Platform providing a distributed world wide web of 
>>> meaning requires methods and systems that provide each actors the 
>>> ability to control and manage their identity, and the read-write 
>>> permissions of web-based resources associated to an actors identity. 
>>>  In-order for this to become compliant with the vision of the 
>>> semantic web, the identity must be linkable across sites - placing 
>>> each actor in a Web of relationships - so that it be possible to 
>>> authenticate globally identity information and directives with 
>>> actors and agents.”/
>>> the old w3 Web sessions [1] inspired a few ideas about naming. 
>>>  IoT/WoT (perhaps meaning both Web of Things and Web of Trust?) may 
>>> seemingly provide the ability for something like a RWW Server (with 
>>> ACLS) to have the capacity to approve/deny when a user is offline 
>>> (using existing permissions structures, etc.); therein, agent not 
>>> just person.
>> yes, I agree that we should generalise this intro to Agents. Though I 
>> like the term actors, foaf uses Agent as its most generic class, and 
>> so it's easier if we stick to that for the moment. For Tim Berner's 
>> Lee's WebID it is clear that we should add a { <#i> a foaf:Person } 
>> relation, since Tim is A Person and not an institution ( yet ). :-)
>>> Further down in 5.1 “WebID Profile Vocabulary” i think this is 
>>> overly exacting; re: foaf - perhaps point to foaf? re: ontology - 
>>> what others could be used? (i imagine not solely / specifically - 
>>> foaf);  I envisage models where my phone as a WebID, my PC / MAC a 
>>> WebID, my RWW-Server (i might have it as a person, as a company - or 
>>> buy a service from someone-else.) has a WebID and my rww-server 
>>> account (i might have a bunch of them and script data-storage across 
>>> distributed locations, etc.) has as WebID.  Therein; in-order to 
>>> authenticate and communicate i’m using both a person (me) and my 
>>> agents (my things); to get to a point where i’m capable of having an 
>>> ‘active web’ environment for linking resources with others.
>> I think you are right here, even though section 5.1 is non-normative, 
>> there should be a link to the foaf ontology. But I also think that an 
>> example with
>> a public key should be given too. Adding a public key to the profile 
>> does not tie one to WebID-TLS. The same could be used for Persona.
>>> In effect WebID is linking a Certificate to an RDF Document.   
>>> Validation comes to mind? does that mean it needs to be a HTML+RDFa 
>>> 1.1 valid document? http://www.w3.org/TR/rdfa-in-html/ ??
>> The section specified that Turtle is the minimal requirement. Of 
>> course anything should validate.
>>> Perhaps rather than specifying the style; specify the structure? I’m 
>>> thinking WoT becomes important herein?
>> Yes, you are probably right here too. A little bit on trust may be 
>> useful here. But a full document on calculations of
>> trust would be a spec by itself.
>>> Re: https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/tls-respec.html
>>> The document expresses "Web of trust using vocabularies such as 
>>> [FOAF 
>>> <https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/tls-respec.html#bib-FOAF>]” 
>>> however perhaps tangentially; how is the user notified of the 
>>> authenticating agent / details.  does consideration need to be made 
>>> around user-notification of the entity / information in the cert…
>>> Underlying is the idea that a WebID exists within an existing Web of 
>>> Trust.  Is there an example somewhere that shows how the "confidence 
>>> level (?)” might improve in a web of WebID’s inclusive of agents 
>>> (things: apps, servers, etc.) & actors (companies, people)?
>>> consideration being; say, i go build a Webid enabled website saying 
>>> i’m an existing bank.  build a fake online banking page, with my new 
>>> authentication method - asking for people to login, update. (perhaps 
>>> that’s outside scope? but…) do we need some sorta guide to assess 
>>> confidence level?
>> WebID Authentication is about Authentication of a given WebID. I think
>>> second issue that’s more problematic; the relationship between a 
>>> webid and openID (or other password / username); i have computer, i 
>>> leave for uni / work / coffee with friend; someone in the house 
>>> decides to sit at my computer and use sites that authenticate with 
>>> webid..
>> The relation to OpenId and other protocols is the role of a further 
>> document which we started working on and which is linked to from
>> the first page:
>> https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/index.html
>>> on the other side of the coin; if a machine doesn’t have a WebID, 
>>> doesn’t have the right WebID or more particularly; doesn’t have my 
>>> specific WebID - then worrying about all sorts of things that 
>>> are specifically related to the ‘knowledge’ of PWD/USERNAME (stored 
>>> in some DB somewhere) becomes far less of an issue…  I think though, 
>>> naming the certificate “my mac pro” or “alice’s MAC @ 28 WebID 
>>> Valley Road” whatever; will likely become important.
>>> The question then becomes why issue more than one certificate to a 
>>> machine is you can establish ‘alice' and ‘bob’ are friends 
>>> and ‘alice’ gave ‘bob’ permission to use her computer to access his 
>>> rww account...
>>> Perhaps the spec needs to outline what WebID does not do….
>> A lot of things :-)
>>> hope there’s something useful in there...
>>> timh.
>>> [1] http://www.w3.org/2004/Talks/w3c10-Overview/
>>> On 26 Feb 2014, at 4:15 am, Kingsley Idehen <kidehen@openlinksw.com 
>>> <mailto:kidehen@openlinksw.com>> wrote:
>>>> On 2/25/14 11:17 AM, Andrei Sambra wrote:
>>>>> Hi all,
>>>>> I would like to formally invite everyone to review the current 
>>>>> version of the specs for WebID [1] and WebID-TLS [2] so that we 
>>>>> can have a formal call this Friday (Feb 28th), at the usual time 
>>>>> [3]. The purpose of this call will be to agree on the contents of 
>>>>> the new documents so that the editors can finally publish them.
>>>>> Best,
>>>>> Andrei
>>>>> [1] 
>>>>> https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/identity-respec.html
>>>>> [2] https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/tls-respec.html
>>>>> [3] http://www.w3.org/2005/Incubator/webid/wiki/Main_Page#Meetings
>>>> Andrei,
>>>> Wouldn't it be prudent to separate these items in regards to 
>>>> voting? By that I mean, #1 shouldn't be delayed if voting for #2 is 
>>>> inconclusive, for instance.
>>>> We really need to get #1 out, as soon as possible.
>>>> -- 
>>>> Regards,
>>>> Kingsley Idehen
>>>> Founder & CEO
>>>> OpenLink Software
>>>> Company Web: http://www.openlinksw.com <http://www.openlinksw.com/>
>>>> Personal Weblog: http://www.openlinksw.com/blog/~kidehen 
>>>> <http://www.openlinksw.com/blog/%7Ekidehen>
>>>> Twitter Profile: https://twitter.com/kidehen
>>>> Google+ Profile: https://plus.google.com/+KingsleyIdehen/about
>>>> LinkedIn Profile: http://www.linkedin.com/in/kidehen
>> Social Web Architect
>> http://bblfish.net/



Kingsley Idehen	
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter Profile: https://twitter.com/kidehen
Google+ Profile: https://plus.google.com/+KingsleyIdehen/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen

Received on Wednesday, 26 February 2014 21:38:46 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:05:53 UTC