W3C home > Mailing lists > Public > public-webid@w3.org > October 2017

Re: Status-Check

From: Henry Story <henry.story@bblfish.net>
Date: Sat, 21 Oct 2017 15:56:27 +0200
Message-Id: <64DE352D-429D-4FCF-8DBF-C217319766EA@bblfish.net>
Cc: Timothy Holborn <timothy.holborn@gmail.com>, "public-webid@w3.org" <public-webid@w3.org>
To: Martynas Jusevičius <martynas@atomgraph.com>


> On 21 Oct 2017, at 15:45, Martynas Jusevičius <martynas@atomgraph.com> wrote:
> 
> Why would WebID need the OpenID stuff?

It's not that WebID needs the OpenID connect stuff. It's more that the access control mechanism
on a server should not be incompatible with them working all together. So this is more how
one ties Web Access Control together with WebID, OpenID Connect, and even things
like HttpSignature .

So it is legitimate to do this research, but it need not necessarily be done here. 

> 
> On Sat, Oct 21, 2017 at 3:28 PM, Timothy Holborn <timothy.holborn@gmail.com <mailto:timothy.holborn@gmail.com>> wrote:
> 
> 
> On Sat, 21 Oct 2017 at 23:30 Henry Story <henry.story@bblfish.net <mailto:henry.story@bblfish.net>> wrote:
> 
>> On 19 Oct 2017, at 14:35, Timothy Holborn <timothy.holborn@gmail.com <mailto:timothy.holborn@gmail.com>> wrote:
>> 
>> Hi Henry / WebID,
>> 
>> What's going on with WebID?  
> 
> I am trying to write a PhD thesis on this area in order to explain to the security community
> its' properties in the mathematical language they understand.
> 
> good for you.  I'm working on a ISOC-SIG to progress things that don't fit into W3.  I'm hoping this will result in positive steps forward overall...  
>  
> 
> The WebID community is a nice group, but convincing ourselves that this is great is not
> much use to convince the wider world. 
> 
> I've just found that the Digital-Signatures work has moved around a bit, and i'm not 100% on board with the DID work (whilst admitting, i haven't fully investigated it).  it was my view, what is now many years ago, that the ability to build-out signed documents was an important constituent to 'identity' and that aptly, the requirement at the time was to change the terms as to ensure the scope was 'verifiable claims'; that this work is, well.  as done as i think it needs to be; and the other constituent of the 'identity' related stuff (as required for RWW related works) now needs a bit of rejuvenation seemingly...?  
> 
> 
>> 
>> I see the OIDC-WebID-Spec[1] but it doesn't seem to have made it into the WebID group[2] info, et.al <http://et.al/>.
> 
> There are a number of things to look at. But I'd rather have people in the security space confined of this,
> than various hackers more or less aware of security issues.
> 
> k. important point.
> 
> When you're talking about security experts; is this requirement important for updating the WebID docs to include the OIDC methods? 
> 
> my little map in my head; left me thinking that when it comes to the underlying ID bit - that's a WebID.   After the WebID it gets more complicated; and that some of those WebIDs probably should describe a machine (rather than its user, which is a different WebID) 
> 
> 
>> 
>> I note also; the ability to produce (and link) verifiable claims or 'credentials' I felt, some-time ago now, was quite an important extension to WebID theorem; yet the WebID Spec still makes no reference of JSON-LD which i still think is not ideal.  
> 
> That's something one could remedy quite easily....  Will see as I give in my first year report back. But the problem
> WebID is having is not because the spec does not mention json-ld. 
> 
> Understand.   If i'm successful in getting the ISOC method up and running (noting also, there's a related field of endeavour in IEEE[3] - i'm hoping for a good community) ; then the theory is we'll be able to deal with 'the social implications' a bit more broadly, and this in-turn should yield better means to get stuck into any tech. requirements needed thereafter, as well as better illustrating the need for RWW like deployment methods (and in-turn, forming a comprehensive global / regional framework via Local ISOC chapters to help educate local stakeholders, such as GOV, how, why, methods and benefits of doing so).
> 
> It's been a fair bit of effort, and its not even started yet.  Yet i think the WebID stuff is important, and it seems to the docs are all a bit out of date.  
>  
> 
>> 
>> Tim.H.
>> 
>> [1] https://github.com/solid/webid-oidc-spec <https://github.com/solid/webid-oidc-spec> 
>> [2] https://www.w3.org/community/WebID/ <https://www.w3.org/community/WebID/> 
> 
> Tim.H. 
> [3] https://standards.ieee.org/about/sasb/iccom/IC17-002-01_Di.pdf <https://standards.ieee.org/about/sasb/iccom/IC17-002-01_Di.pdf>  
> 


Received on Saturday, 21 October 2017 13:56:55 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:06:03 UTC