- From: Kingsley Idehen <kidehen@openlinksw.com>
- Date: Mon, 19 May 2014 12:16:01 -0400
- To: public-webid@w3.org
- Message-ID: <537A2E41.2030200@openlinksw.com>
On 5/19/14 11:32 AM, Kingsley Idehen wrote: > All, > > Summarizing the long thread that centered around valid concerns about > WebID based ACLs that got a little lost in language. > > Sandro's fundamental concern, as I've come to understand it, based on > what exists across all the relevant specs: > > We currently have the :key Relation as the basis WebID based ACLs, so > to speak. Net effect, A WebID's association with a Public Key (via the > :key Relation) is the basis for controlled access to protected > resources. Basically, we have a very restrictive Relation that amounts > to the WebID being the focal point of ACLs. > > The assertion above, if true, is basically consistent with Sandro's > fundamental point and valid concerns. > > On my part, our systems don't work this way, so naturally, I didn't > instinctively pick up on Sandro's core (and valid) concern. > > As I also indicated, these issues have been debated in varying guises > over the years, most recently, I believe Melvin raised concerns about > the :key Relation too being that :key is an IFP. Ditto the FOAF > specificity of the WebID-TLS protocol. > > What can we do to fix this? > > In our specs, we shouldn't create the illusion of a canonical Relation > (e.g., :key) for WebID based ACLs. Basically, doing that leads to the > WebID + Public Key (which is the object of :key Relation) being the > sole ACL basis, and that's equivalent to making a WebID the sole > basis, which is indeed problematic. > > At the very least, the specs should showcase alternative relations > e.g., :account , :holdsAccount etc.. If we do that, I believe the > problem goes away. > > Sandro: > > Long thread, but we've found ourselves at a point of clarity, I hope :-) > > Forgot to add a reference to the Identity Interoperability document which is relevant to this discussion. [1] http://www.w3.org/2005/Incubator/webid/wiki/Identity_Interoperability . -- Regards, Kingsley Idehen Founder & CEO OpenLink Software Company Web: http://www.openlinksw.com Personal Weblog: http://www.openlinksw.com/blog/~kidehen Twitter Profile: https://twitter.com/kidehen Google+ Profile: https://plus.google.com/+KingsleyIdehen/about LinkedIn Profile: http://www.linkedin.com/in/kidehen
Attachments
- application/pkcs7-signature attachment: S/MIME Cryptographic Signature
Received on Monday, 19 May 2014 16:16:24 UTC