Re: The WebID W3C activity. Re: Domains, Subdomains, Etc.

On 1/6/15 3:42 PM, Anders Rundgren wrote:
> Melvin,
> I'm 100% into authentication and I have never encountered WebID-TLS in 
> the wild.
> That WebID has a value of its own is possible but to me WebID without 
> TLS appears like a car without motor.

A WebID is simply an HTTP URI that identifies an Agent (Person, 
Organization, Software, Machinery etc..).

A WebID-Profile document is what describes an Agent that's identified by 
a WebID. This happens via sign->description document indirection that's 
inherent to HTTP URIs.

WebID-TLS is a protocol that uses the above to verify claims made in a 
WebID-Profile Document. It achieves this by looking up (de-referencing) 
a WebID that's the value of an X.509 SubjectAlternativeName property, 
and then performing a "proof of work" test [1].

Basically, Melvin is indicating to you that WebIDs are all over the 
place on the Web already. They can be used in a variety of ways to 
identify Agents. In addition, you can use a variety of protocols to 
verify this kind of Agent Identity.
>
> Anyway, as Henry said this community and activity has no 
> browser-vendor-support.

All he said was this isn't the place for a browser centric solution that 
depends solely on browser vendor buy-in.
>
> Does the W3C really have anything to offer in fields like identity, 
> payments and such?
> Currently it seems more like a bunch of disparate, semi-religious 
> "cults" run by people with fairly limited bandwidth.
> VISA and all the other biggies fled to FIDO.  There's no chance 
> getting them back using the current strategy.

I can't quite parse the paragraph above. It too "name calling" heavy etc..


Links:

[1] 
http://www.slideshare.net/kidehen/how-virtuoso-enables-attributed-based-access-controls 
-- Covers WebID, WebID-TLS, and controlled Enterprise Data Access using 
Attribute Based Access Controls (ABAC).


Kingsley
>
> Anders
> On 2015-01-06 19:16, Melvin Carvalho wrote:
>>
>>
>> On 5 January 2015 at 17:29, Anders Rundgren 
>> <anders.rundgren.net@gmail.com 
>> <mailto:anders.rundgren.net@gmail.com>> wrote:
>>
>>     Kingsley,
>>
>>     This discussion isn't going anywhere since You, Henry and a bunch
>>     of other people hangout out in this list insist that TLS CCA works
>>     just fine while Google and hundreds of other big companies are 
>> betting
>>     on an entirely different authentication technology (which BTW seems
>>     awfully difficult to merge with WebID).
>>
>>     Dirk Balfanz (inventor of named scheme) on TLS CCA:
>>     http://www.browserauth.net/__tls-client-authentication 
>> <http://www.browserauth.net/tls-client-authentication>
>>
>>
>> I must admit I'm a huge fan of WebID + TLS and use it constantly.  
>> However, I understand the TLS part is not for everything.  I think 
>> the WebID part is strong enough to stand alone.  Facebook already 
>> implement it with their own auth system, (Google have said in the 
>> past they wanted to serve FOAF, but havent yet done it fully) and I 
>> know of a team hoping to add 140+ new auth systems to WebID using 
>> passport.js
>>
>> http://passportjs.org/
>>
>> So while I would encourage you to use webid + tls and make it better, 
>> if it's not for you, I dont think anyone will force it upon you.
>>
>> I'd encourage you to look at the web axioms, in particular, 
>> "tolerance", which tries to make the web a platform offering freedom 
>> of choice.
>>
>> http://www.w3.org/DesignIssues/Principles.html
>>
>>
>>     Anders
>>
>>
>>     On 2015-01-05 16:42, Kingsley Idehen wrote:
>>
>>         On 1/4/15 2:34 PM, Anders Rundgren wrote:
>>
>>             On 2015-01-04 19:49, Kingsley Idehen wrote:
>>
>>                 On 1/4/15 10:27 AM, Anders Rundgren wrote:
>>
>>                     On 2015-01-04 16:21, Timothy Holborn wrote:
>>
>>                         Interesting. I found more info [1]
>>
>>                         Does it support WebID-TLS?
>>
>>
>>                     It is primarily intended to lower the cost (maybe 
>> to zero) for getting
>>                     a TLS server-certificate.
>>
>>                     For WebID-TLS there's no hope.  The industry have 
>> take another route.
>>
>>                     Anders
>>
>>
>>                 Happy New Year!
>>
>>                 Again, WebID-TLS and TLS are loosely coupled items. 
>> The industry hasn't
>>                 gone anywhere, it is mired in an identity and trust 
>> crisis.
>>
>>                 I strongly encourage you to put your personal biases 
>> aside. Doing that
>>                 will enable you understand where WebID-TLS and 
>> similar approached re.
>>                 Blogic (webby logic) fit into the mix re., addressing 
>> the identity and
>>                 trust problem that's putting every Web and Internet 
>> users privacy at
>>                 risk etc..
>>
>>
>>             There are 25M Korean users of X.509 certificates on the 
>> web.  How many
>>             users
>>             have WebID-TLS?  100? 1000? 10000?
>>
>>
>>         What is WebID-TLS to you?
>>         X.509 != TLS let alone WebID-TLS. X.509  its a standard for 
>> creating a
>>         digital representation of an Identity Card (Certificate).
>>
>>         There isn't an such notion as "having WebID-TLS" it is simply 
>> a protocol
>>         for verifying claims in a WebID-Profile document that you 
>> lookup via a
>>         WebID placed in an X.509 Certificate.
>>
>>
>>             What's worse is that the 25M users are being *pushed off 
>> the web* since
>>             plugins are about to be "outlawed".
>>
>>
>>         X.509 and Browser Plugins two distinct things. I don't 
>> understand why
>>         you continue to conflate all the puzzle-pieces.
>>
>>             Sweden, another big user of X.509+Web has
>>             already left the web (browser) for Android and iPhone 
>> app-based
>>             solutions.
>>
>>
>>         This isn't about Web Browsers. It is about verifying identity 
>> claims
>>         over HTTP using trust Webs crafted using logic.
>>
>>
>>             Do you have any solution to this?
>>
>>
>>         What is the problem?
>>
>>             Do I?  YES!  W3C must perform market
>>             research and not only rely on a handful of big-tech 
>> technologists who
>>             mainly run their own agenda.
>>
>>
>>         The W3C's job is to formalize aspects of Web usage that aren't
>>         formalized. For instance, RDF is a retrospective 
>> formalization of what's
>>         always been a nascent part of the Web, since inception.
>>
>>         Kingsley
>>
>>             Anders
>>
>>
>>                 Let's try to be more constructive in 2015, 
>> complaining about everything
>>                 without offering any practical alternatives, gets us 
>> nowhere!
>>
>>                 Kingsley
>>
>>
>>
>>                         [1] https://letsencrypt.org/__howitworks/ 
>> <https://letsencrypt.org/howitworks/>
>>
>>                         On 4 January 2015 at 22:01, cdr 
>> <mail@whats-your.name <mailto:mail@whats-your.name>
>>                         <mailto:mail@whats-your.name 
>> <mailto:mail@whats-your.name>>> wrote:
>>
>>                                > a financial issue, being the cost of a
>>                                > domain and wildcard SSL certificate.
>>
>>                                Let's Encrypt is attempting to address 
>> this
>>
>>                                seth@EFF giving a talk on how it works:
>> https://www.youtube.com/watch?__v=OZyXx8Ie4pA&t=17m 
>> <https://www.youtube.com/watch?v=OZyXx8Ie4pA&t=17m>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>
>


-- 
Regards,

Kingsley Idehen 
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog 1: http://kidehen.blogspot.com
Personal Weblog 2: http://www.openlinksw.com/blog/~kidehen
Twitter Profile: https://twitter.com/kidehen
Google+ Profile: https://plus.google.com/+KingsleyIdehen/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen
Personal WebID: http://kingsley.idehen.net/dataspace/person/kidehen#this