Re: Meeting Mintes for: Agenda for WebID Teleconf, Monday 11 April 2011

On 4/12/11 8:57 AM, peter williams wrote:
>
> Think about what happens in the bar, afterwards, when the browser guys 
> meet and consider the presentations they heard. From what Harry H 
> briefed, they come with prejudice against us (based on year of 
> religious wars, and their aftermath). Remember, at least 50% of the 
> committee are associated with the US national id program (who are 
> behind the scenes paying real money, to "lead opinion").
>
> We can imagine the conversation
>
> 1. Yup. We heard the usual RDF/semantic web story. Its toned down a 
> bit (phew!), but at the end of the days it's the same old story of if 
> only we change how we think about browser making  and the web in 
> general, we can address *their* goals. What do they do for us? Well we 
> get the semantic web! The half-stated big picture of webid is to 
> eliminate the CA vendors ( billion dollar companies), and we need to 
> first upgrade our use of DNSsec in the SSL libraries. If we don't 
> include RDF parsing engines in the browser (re-igniting an VERY 
> CONTENTIOUS issue to all browser makers), it really doesn't hold. We 
> need to spend considerable amounts of money, on core platform issues 
> that will force million-dollar+ re-certifications by govt security 
> agencies doing crypto/security evals (directly relevant to our govt 
> and Fortune 100 sales).  This is going to require considerable 
> budgeting effort, and multi-year planning since it affects a billion 
> PCs. Issues of service packs for older operating systems all rears its 
> head. Hmm ($$$).
>
> Or,
>
> 2 We need to upgrade the APIs, to allow third parties to play with 
> cert and SSL state changes, at the browser UI. There are several views 
> on how to do this, some looking novel and interesting. Its time to let 
> third parties experiment. There are new markets here, it seems
>
> We also need to upgrade the cert validation classes, so the platform 
> can sensibly make n outstanding connections to each of the SAN URIs 
> mentioned in the cert. This probably means taking another look at how 
> we handle all URI, already in certs, for the parallelism issue, and 
> consider the use of async APIs. We have to consider the impact on 
> HSMs, when they are involved too!
>
> We could ensure that when a kernel or user process initiates a profile 
> connection, it can push the content through the malware scanner, 
> particularly in the case in RDFa. There may be reputation sources to 
> consult too, to even consider handling the content. Webid assume the 
> open web, and we don't want crappy content (e.g. porn) pushed into our 
> corporate customer's kernel-based web caches
>
> (In Windows) browsers and servers use kernel based process to do https 
> and that will not change now, just because webid exists. After all, it 
> works fine with ldap and ADSI calls -- similar to webid. Thought is 
> required on whether to perform https on URIs within certs as we do 
> today (for CRLDP and OCSP and certPolicy https URIs) or else consider 
> whether we need a more refined kernel/userspace delegate handoff . If 
> there are n of these handoffs to allow different URI SANs to be 
> evalulated in parallel for relevance (per validation spec), one needs 
> to consider the impact on performance in a server operating at 100 
> logins a second...  Hmm. Sounds like a good challenge, relevant to the 
> https and SSL future generically.
>
> My advice is pitch at the platform library level, if you want some 
> fundamental change that enables. Don't pitch the revolution, or the 
> killer app. What I heard in the abstract was tone down religion. 
> Semantic web light. To be fair , folks were advised to take that 
> position. My argument is, perhaps, is do away with the entire religion 
> element, altoghether. Just pitch what we need from https librarys (in 
> browsers and OS platforms like Windows and OSX).
>
> I don't expect anyone here to agree. But, Ive added my valueless 
> comment, per the process.
>

Er. +10 :-)

Do away with RDF and Semantic Web religion. The sooner the better for 
everyone IMHO.

Kingsley
>
> -----Original Message-----
> From: public-xg-webid-request@w3.org 
> [mailto:public-xg-webid-request@w3.org] On Behalf Of Henry Story
> Sent: Monday, April 11, 2011 11:16 PM
> To: WebID XG
> Cc: Peter Williams
> Subject: Re: Meeting Mintes for: Agenda for WebID Teleconf, Monday 11 
> April 2011
>
> On 12 Apr 2011, at 01:31, Peter Williams wrote:
>
> > Does this mean that non-browser clients (eg word, excel) cannot use 
> webids?
>
> No of course not. The topic of the talk is "W3C Workshop on Identity 
> in the Browser"
>
> http://www.w3.org/2011/identity-ws/
>
> If it were a talk on Web and Tools we'd have a different introduction.
>
> > Today, excel posts an HTML rendering of it's reports upto websites. 
> Presumably, this is not in scope, now. It's not a use case this group 
> is interested in standardizing.
>
> You do jump to conclusions don't you?
>
> In a later e-mail you posted
>
> > ne has been able to saveAS to a webDAV server since windows XP! One 
> used to map a drive letter to the remote site, and windows took care 
> of using SMB or WebDAV. This went out of fashion, when WebDAV went out 
> of fashion. Web standard come and go... SOAP is in SOAP is out. WebDav 
> is in; tomorrow its out. RDF comes in and out. RSS for site maps 
> didn't really make it.
>
> I think WebDav is pretty good and would be a very good use case for 
> WebID integration. So would Atom pub.
>
> We could mention those as a use case, given that microsoft will be in 
> the crowd.
>
> >
>
> > Presumably, FTP clients doing ftps with certs with San Uris are also 
> out of scope, as is the irc client (in opera) doing ssl client auth 
> against commercial irc servers.
>
> Nothing is stoping people here to go to a big conference on ftp and 
> give an ftp specific presentation :-)
>
> >
>
> > Since folk want 1 cert to be multiapp, validators can do a head 
> operation on the uri, to see if it is webid capable ( looking at the 
> mime type). If it's not, pass by that uri in the San uri list (for 
> webid purposes). If it is, then consult the rdf for even finer grain 
> metadata on the uri.
>
> >
>
> > Similarly, an ftps/irc server - without webid querying capabilities 
> - can figure which https Uris in the San  it can use (using non 
> rdf-based de-referencing).
>
> >
>
> >
>
> > On Apr 11, 2011, at 2:12 PM, Henry Story <henry.story@bblfish.net 
> <mailto:henry.story@bblfish.net>> wrote:
>
> >
>
> >> Minutes are here:
>
> >>
>
> >> The meeting started off with us getting even more lost than usual in
>
> >> IRC magic. But I have now written down the main magic spells. After
>
> >> that we covered the test cases, and spent a lot of time writing the 
> first part of the abstract for identity in the browser.
>
> >>
>
> >> Jeff Even wrote a Haiku for it
>
> >>
>
> >> WebID helps me
>
> >> identity, privacy
>
> >> Secure, simple, free
>
> >>
>
> >> Here is the first part for the talk:
>
> >> http://www.w3.org/2011/identity-ws/
>
> >>
>
> >> 1. Position Statement
>
> >>
>
> >> The browser is the interface to the web and should also serve as 
> the interface to a user's identity. Identity selection and deselection 
> should be a one-click gesture to secure authentication across the 
> entire web. It should put the user in control of the information he 
> shares with each site. And it should be available now.
>
> >>
>
> >> The WebID protocol achieves all of the above. It works in all 
> browsers now using the widely-deployed TLS protocol and client-side 
> certificates--but with a twist. It ties those certificates into the 
> web in a RESTful manner allowing identities to be linked together in a 
> secure social web of trust.
>
> >>
>
> >> After explaining how the WebID protocol works,  we will suggest a 
> roadmap for future improvements in the browser, starting from minimal 
> changes that can be done right now, to longer term ones that can be 
> deployed incrementally.
>
> >>
>
> >>
>
> >> We will be working on that this week and continue reviewing it next 
> week.
>
> >>
>
> >> Henry
>
> >>
>
> >>
>
> >>
>
> >> On 7 Apr 2011, at 22:53, Henry Story wrote:
>
> >>
>
> >>>
>
> >>> Meeting Time/Location:
>
> >>> Mondays, Weekly, from April 11th 2011
>
> >>> Time: 1600 UTC
>
> >>> W3C Zakim bridge, telecon code: WEBID (93243)
>
> >>>  SIP: zakim@voip.w3.org <mailto:zakim@voip.w3.org>
>
> >>>  Phone US: +1.617.761.6200
>
> >>>  Phone UK: +44.203.318.0479
>
> >>>  Phone FR: +33.4.26.46.79.03
>
> >>> irc://irc.w3.org:6665/#webid
>
> >>> Duration: 60 minutes
>
> >>>
>
> >>>
>
> >>> Meeting Agenda:
>
> >>> 1. Accept minutes from previous meeting 2a. Action Item Review
>
> >>> http://www.w3.org/2005/Incubator/webid/track/actions/open
>
> >>> http://www.w3.org/2005/Incubator/webid/track/actions/pendingreview
>
> >>> 2b. Issue Closing
>
> >>>  (more below)
>
> >>> 3. Anything else we need to discuss in the telecon?
>
> >>> (a time to raise any important news, updates etc) 4. A List of 1-4
>
> >>> predetermined ISSUEs or Topics, tbd weekly by the Chair in advance.
>
> >>>
>
> >>> - ISSUE-9: Develop WebID Test Suite
>
> >>> http://www.w3.org/2005/Incubator/webid/track/issues/9
>
> >>> - ACTION-23: Start a position paper for Identity in the browser 
> workshop http://www.w3.org/2011/identity-ws/
>
> >>>   This will take some time, and could continue for half an hour 
> after the conf I guess.
>
> >>>
>
> >>>
>
> >>> On 4 Apr 2011, at 19:14, Nathan wrote:
>
> >>>
>
> >>>> Hi All,
>
> >>>>
>
> >>>> I'd like to propose that we have weekly meetings every Monday at 
> 16:00 UTC from April 11th onwards.
>
> >>>>
>
> >>>> If anybody has any objections or is otherwise engaged every 
> Monday at this time, then please do say before Friday the 8th April.
>
> >>>>
>
> >>>> Meeting Time/Location:
>
> >>>> Mondays, Weekly, from April 11th 2011
>
> >>>> Time: 1600 UTC
>
> >>>> W3C Zakim bridge, telecon code: WEBID (93243)
>
> >>>>  SIP: zakim@voip.w3.org <mailto:zakim@voip.w3.org>
>
> >>>>  Phone US: +1.617.761.6200
>
> >>>>  Phone UK: +44.203.318.0479
>
> >>>>  Phone FR: +33.4.26.46.79.03
>
> >>>> irc://irc.w3.org:6665/#webid
>
> >>>> Duration: 60 minutes
>
> >>>>
>
> >>>> Scribes:
>
> >>>> - We'll generate a (random) scribe list and match them up to
>
> >>>> related dates, for an example see:
>
> >>>> http://www.w3.org/2011/rdf-wg/wiki/Scribes
>
> >>>> - If for any reason you can't scribe (ever) then do say so we can 
> remove you from the rotation.
>
> >>>> - If for any reason you won't be able to attend a meeting which 
> you are due to be scribing, please let us know via the mailing list so 
> an alternative can be arranged.
>
> >>>> - To save any unwanted surprises, I'll scribe the first weekly 
> meeting on the 11th.
>
> >>>>
>
> >>>> Generic Meeting Agenda:
>
> >>>> 1. Accept minutes from previous meeting 2a. Action Item Review
>
> >>>> http://www.w3.org/2005/Incubator/webid/track/actions/open
>
> >>>> http://www.w3.org/2005/Incubator/webid/track/actions/pendingreview
>
> >>>> 2b. Issue Closing
>
> >>>>  (more below)
>
> >>>> 3. Anything else we need to discuss in the telecon?
>
> >>>> (a time to raise any important news, updates etc) 4. A List of 1-4
>
> >>>> predetermined ISSUEs or Topics, tbd weekly by the Chair in advance.
>
> >>>>
>
> >>>> Generally:
>
> >>>> - I'd like us to try and get working through the open/raised issues:
>
> >>>> http://www.w3.org/2005/Incubator/webid/track/issues/raised
>
> >>>> http://www.w3.org/2005/Incubator/webid/track/issues/open
>
> >>>> .. and advance the products:
>
> >>>> http://www.w3.org/2005/Incubator/webid/track/products
>
> >>>> .. so that we all feel that the time we commit to the meetings is 
> well spent, and typically is centred towards making progress on the 
> issues and products, pre discuss on the list, then come to final 
> resolutions on the calls.
>
> >>>>
>
> >>>> Quorum and resolving issues:
>
> >>>> - to close an issue, Quorum is usually 1/3 of the active members 
> in a group (in our case that would be 12). However I'd suggest that we 
> specify 6 plus-ones to move an issue to preliminarily close an issue, 
> at which point the ISSUE will be moved to a "Pending Review" status.
>
> >>>> - For any issue we propose to close, the resolution must be sent 
> to the mailing list and left on "Pending Review" for one week so that 
> others get a chance to comment on any proposed solution, or raise any 
> last minute objections/points/clarifications.
>
> >>>> - After one week of "Pending Review", all issues requiring no 
> further discussion will be closed at the subsequent meeting, and any 
> issues requiring further telecon time / another vote will be placed on 
> the Agenda by the Chair.
>
> >>>>
>
> >>>> Does that all sound okay?
>
> >>>>
>
> >>>> Best,
>
> >>>>
>
> >>>> Nathan
>
> >>>
>
> >>> Social Web Architect
>
> >>> http://bblfish.net/
>
> >>>
>
> >>
>
> >> Social Web Architect
>
> >> http://bblfish.net/
>
> >>
>
> >>
>
> >>
>
> Social Web Architect
>
> http://bblfish.net/
>


-- 

Regards,

Kingsley Idehen	
President&  CEO
OpenLink Software
Web: http://www.openlinksw.com
Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca: kidehen

Received on Tuesday, 12 April 2011 13:35:55 UTC