- From: Melvin Carvalho <melvincarvalho@gmail.com>
- Date: Wed, 8 Nov 2023 09:34:50 +0100
- To: Jacopo Scazzosi <jacopo@scazzosi.com>
- Cc: public-webid <public-webid@w3.org>, Nathan Rixham <nathan@webr3.org>
- Message-ID: <CAKaEYh+jnCsDub2jb2vR7fvU=JOHM=XcrD_xqXy5GcONGECLcA@mail.gmail.com>
st 8. 11. 2023 v 9:25 odesílatel Jacopo Scazzosi <jacopo@scazzosi.com>
napsal:
> I think that the WebID-Turtle subspec would benefit from being drafted
> against the WebID superspec, or at least a draft of the latter. Starting
> from a subspec is risky, IMHO.
>
> To this end, I’d be happy to have a go at the WebID superspec, perhaps
> based on any further work already done by Nathan, perhaps working with
> Nathan if he’s willing and able to.
>
Great, some food for thought here:
Web Identity and Discovery (WebID) Specification
Abstract
WebID defines a standard means by which user agents and servers interact to
establish a user's identity, ensuring a structured, decentralized approach
for identity discovery on the web. This specification delineates a URI that
dereferences to a machine readable response, asserting a webid:Agent to
qualify as a WebID. This spec encompasses an open-ended list of
sub-specifications, each addressing a valid machine readable response type.
1. Introduction
The WebID protocol enables secure and decentralized identity verification
on the web, allowing users and services to establish verifiable identities.
2. Terminology
WebID: A URI which, when dereferenced, leads to an RDF document that
asserts the URI is related to a webid:Agent.
webid:Agent: An entity that can be authenticated and identified via a
WebID.
A WebID is a URI which, when dereferenced, should result in a machine
readable document. This document should assert the URI to be an entity of
type webid:Agent. The dereference must adhere to the HTTP/1.1 status code
303 (See Other) to ensure the URI is not ambiguous and that the machine
readable document is a description of the identified URI.
<uri> :type webid:Agent.
4. WebID Sub-Specifications
WebID introduces an extensible list of sub-specifications for each valid
machine readable response type. Denoted as webid-{type}, each
sub-specification is constrained to require only that specific machine
readable type.
Examples:
WebID-Turtle: Requires Turtle RDF response type.
WebID-JSON-LD: Requires JSON-LD RDF response type.
Additional sub-specifications can be defined in an analogous manner,
promoting a flexible, inclusive framework for varied machine readable types.
5. Implementation
Implementing WebID involves creating a URI which, upon dereferencing,
results in a machine readable response that asserts the URI identifies a
webid:Agent. Sub-specifications enforce the type of RDF used in the
response.
Example:
@prefix : <#>.
@prefix webid: <http://webid.example.org/>.
:me rdf:type webid:Agent.
Where :me is a URI identifying an agent, and the document is available in
Turtle format at a dereferenceable URI.
6. Security Considerations
Dereferencing URIs: Ensure secure, private, and integral URI
dereferencing.
Verification: Verification of assertions in the RDF document must be
secure to prevent spoofing and injection attacks.
Privacy: Protect the privacy of users and consider data minimalism to
avoid exposure of sensitive or unnecessary information.
7. Acknowledgments
The author acknowledges the contributions and discussions from the WebID
community and related working groups.
Notes
This spec acts as a succinct, adaptable framework, allowing the community
to define and utilize a variety of machine readable types within the WebID
protocol. It achieves universality and potentially infinite applicability
without necessitating further modifications to the primary specification.
>
> Best,
> J.
>
>
Received on Wednesday, 8 November 2023 08:35:08 UTC