- From: Kingsley Idehen <kidehen@openlinksw.com>
- Date: Wed, 26 Feb 2014 16:38:20 -0500
- To: public-webid@w3.org
- Message-ID: <530E5ECC.3040903@openlinksw.com>
On 2/26/14 7:48 AM, Timothy Holborn wrote: > Is certificate / account recovery part of the spec...? No, that would be a different spec :-) Kingsley > > Sent from my iPad > > On 26 Feb 2014, at 8:36 pm, "henry.story@bblfish.net > <mailto:henry.story@bblfish.net>" <henry.story@bblfish.net > <mailto:henry.story@bblfish.net>> wrote: > >> >> On 26 Feb 2014, at 01:37, Tim Holborn <timothy.holborn@gmail.com >> <mailto:timothy.holborn@gmail.com>> wrote: >> >>> Few ideas… >>> >>> re: https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/identity-respec.html >>> I wonder whether the term ‘person’ could be replaced with ‘actor’ >>> (meaning legal entity effectively? - whether alone or in relation to >>> another...) >>> >>> Idea being… from, >>> >>> /"A global distributed Social Web requires that each person be able >>> to control their identity, that this identity be linkable across >>> sites - placing each person in a Web of relationships - and that it >>> be possible to authenticate globally with such identities."/ >>> >>> to, (something like)…. >>> >>> /"A Semantic Web Platform providing a distributed world wide web of >>> meaning requires methods and systems that provide each actors the >>> ability to control and manage their identity, and the read-write >>> permissions of web-based resources associated to an actors identity. >>> In-order for this to become compliant with the vision of the >>> semantic web, the identity must be linkable across sites - placing >>> each actor in a Web of relationships - so that it be possible to >>> authenticate globally identity information and directives with >>> actors and agents.”/ >>> >>> the old w3 Web sessions [1] inspired a few ideas about naming. >>> IoT/WoT (perhaps meaning both Web of Things and Web of Trust?) may >>> seemingly provide the ability for something like a RWW Server (with >>> ACLS) to have the capacity to approve/deny when a user is offline >>> (using existing permissions structures, etc.); therein, agent not >>> just person. >> >> yes, I agree that we should generalise this intro to Agents. Though I >> like the term actors, foaf uses Agent as its most generic class, and >> so it's easier if we stick to that for the moment. For Tim Berner's >> Lee's WebID it is clear that we should add a { <#i> a foaf:Person } >> relation, since Tim is A Person and not an institution ( yet ). :-) >> >>> Further down in 5.1 “WebID Profile Vocabulary” i think this is >>> overly exacting; re: foaf - perhaps point to foaf? re: ontology - >>> what others could be used? (i imagine not solely / specifically - >>> foaf); I envisage models where my phone as a WebID, my PC / MAC a >>> WebID, my RWW-Server (i might have it as a person, as a company - or >>> buy a service from someone-else.) has a WebID and my rww-server >>> account (i might have a bunch of them and script data-storage across >>> distributed locations, etc.) has as WebID. Therein; in-order to >>> authenticate and communicate i’m using both a person (me) and my >>> agents (my things); to get to a point where i’m capable of having an >>> ‘active web’ environment for linking resources with others. >> >> I think you are right here, even though section 5.1 is non-normative, >> there should be a link to the foaf ontology. But I also think that an >> example with >> a public key should be given too. Adding a public key to the profile >> does not tie one to WebID-TLS. The same could be used for Persona. >> >>> >>> In effect WebID is linking a Certificate to an RDF Document. >>> Validation comes to mind? does that mean it needs to be a HTML+RDFa >>> 1.1 valid document? http://www.w3.org/TR/rdfa-in-html/ ?? >> >> The section specified that Turtle is the minimal requirement. Of >> course anything should validate. >> >>> >>> Perhaps rather than specifying the style; specify the structure? I’m >>> thinking WoT becomes important herein? >> >> Yes, you are probably right here too. A little bit on trust may be >> useful here. But a full document on calculations of >> trust would be a spec by itself. >> >>> >>> Re: https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/tls-respec.html >>> >>> The document expresses "Web of trust using vocabularies such as >>> [FOAF >>> <https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/tls-respec.html#bib-FOAF>]” >>> however perhaps tangentially; how is the user notified of the >>> authenticating agent / details. does consideration need to be made >>> around user-notification of the entity / information in the cert… >>> >>> Underlying is the idea that a WebID exists within an existing Web of >>> Trust. Is there an example somewhere that shows how the "confidence >>> level (?)” might improve in a web of WebID’s inclusive of agents >>> (things: apps, servers, etc.) & actors (companies, people)? >>> >>> consideration being; say, i go build a Webid enabled website saying >>> i’m an existing bank. build a fake online banking page, with my new >>> authentication method - asking for people to login, update. (perhaps >>> that’s outside scope? but…) do we need some sorta guide to assess >>> confidence level? >> >> WebID Authentication is about Authentication of a given WebID. I think >> >>> >>> second issue that’s more problematic; the relationship between a >>> webid and openID (or other password / username); i have computer, i >>> leave for uni / work / coffee with friend; someone in the house >>> decides to sit at my computer and use sites that authenticate with >>> webid.. >> >> The relation to OpenId and other protocols is the role of a further >> document which we started working on and which is linked to from >> the first page: >> >> https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/index.html >> >> >> >>> >>> on the other side of the coin; if a machine doesn’t have a WebID, >>> doesn’t have the right WebID or more particularly; doesn’t have my >>> specific WebID - then worrying about all sorts of things that >>> are specifically related to the ‘knowledge’ of PWD/USERNAME (stored >>> in some DB somewhere) becomes far less of an issue… I think though, >>> naming the certificate “my mac pro” or “alice’s MAC @ 28 WebID >>> Valley Road” whatever; will likely become important. >>> >>> The question then becomes why issue more than one certificate to a >>> machine is you can establish ‘alice' and ‘bob’ are friends >>> and ‘alice’ gave ‘bob’ permission to use her computer to access his >>> rww account... >>> >>> Perhaps the spec needs to outline what WebID does not do…. >> >> A lot of things :-) >> >>> hope there’s something useful in there... >>> >>> timh. >>> >>> [1] http://www.w3.org/2004/Talks/w3c10-Overview/ >>> >>> On 26 Feb 2014, at 4:15 am, Kingsley Idehen <kidehen@openlinksw.com >>> <mailto:kidehen@openlinksw.com>> wrote: >>> >>>> On 2/25/14 11:17 AM, Andrei Sambra wrote: >>>>> Hi all, >>>>> >>>>> I would like to formally invite everyone to review the current >>>>> version of the specs for WebID [1] and WebID-TLS [2] so that we >>>>> can have a formal call this Friday (Feb 28th), at the usual time >>>>> [3]. The purpose of this call will be to agree on the contents of >>>>> the new documents so that the editors can finally publish them. >>>>> >>>>> Best, >>>>> Andrei >>>>> >>>>> >>>>> [1] >>>>> https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/identity-respec.html >>>>> [2] https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/tls-respec.html >>>>> [3] http://www.w3.org/2005/Incubator/webid/wiki/Main_Page#Meetings >>>> >>>> Andrei, >>>> >>>> >>>> Wouldn't it be prudent to separate these items in regards to >>>> voting? By that I mean, #1 shouldn't be delayed if voting for #2 is >>>> inconclusive, for instance. >>>> >>>> We really need to get #1 out, as soon as possible. >>>> >>>> -- >>>> >>>> Regards, >>>> >>>> Kingsley Idehen >>>> Founder & CEO >>>> OpenLink Software >>>> Company Web: http://www.openlinksw.com <http://www.openlinksw.com/> >>>> Personal Weblog: http://www.openlinksw.com/blog/~kidehen >>>> <http://www.openlinksw.com/blog/%7Ekidehen> >>>> Twitter Profile: https://twitter.com/kidehen >>>> Google+ Profile: https://plus.google.com/+KingsleyIdehen/about >>>> LinkedIn Profile: http://www.linkedin.com/in/kidehen >>>> >>>> >>>> >>>> >>>> >>> >> >> Social Web Architect >> http://bblfish.net/ >> -- Regards, Kingsley Idehen Founder & CEO OpenLink Software Company Web: http://www.openlinksw.com Personal Weblog: http://www.openlinksw.com/blog/~kidehen Twitter Profile: https://twitter.com/kidehen Google+ Profile: https://plus.google.com/+KingsleyIdehen/about LinkedIn Profile: http://www.linkedin.com/in/kidehen
Attachments
- application/pkcs7-signature attachment: S/MIME Cryptographic Signature
Received on Wednesday, 26 February 2014 21:38:46 UTC