Re: Meeting Mintes for: Agenda for WebID Teleconf, Monday 11 April 2011

> On 4/12/11 8:57 AM, peter williams wrote:
>>
>> Think about what happens in the bar, afterwards, when the browser guys
>> meet and consider the presentations they heard. From what Harry H
>> briefed, they come with prejudice against us (based on year of
>> religious wars, and their aftermath). Remember, at least 50% of the
>> committee are associated with the US national id program (who are
>> behind the scenes paying real money, to "lead opinion").
>>
>> We can imagine the conversation
>>
>> 1. Yup. We heard the usual RDF/semantic web story. Its toned down a
>> bit (phew!), but at the end of the days it's the same old story of if
>> only we change how we think about browser making  and the web in
>> general, we can address *their* goals. What do they do for us? Well we
>> get the semantic web! The half-stated big picture of webid is to
>> eliminate the CA vendors ( billion dollar companies), and we need to
>> first upgrade our use of DNSsec in the SSL libraries. If we don't
>> include RDF parsing engines in the browser (re-igniting an VERY
>> CONTENTIOUS issue to all browser makers), it really doesn't hold. We
>> need to spend considerable amounts of money, on core platform issues
>> that will force million-dollar+ re-certifications by govt security
>> agencies doing crypto/security evals (directly relevant to our govt
>> and Fortune 100 sales).  This is going to require considerable
>> budgeting effort, and multi-year planning since it affects a billion
>> PCs. Issues of service packs for older operating systems all rears its
>> head. Hmm ($$$).
>>
>> Or,
>>
>> 2 We need to upgrade the APIs, to allow third parties to play with
>> cert and SSL state changes, at the browser UI. There are several views
>> on how to do this, some looking novel and interesting. Its time to let
>> third parties experiment. There are new markets here, it seems
>>
>> We also need to upgrade the cert validation classes, so the platform
>> can sensibly make n outstanding connections to each of the SAN URIs
>> mentioned in the cert. This probably means taking another look at how
>> we handle all URI, already in certs, for the parallelism issue, and
>> consider the use of async APIs. We have to consider the impact on
>> HSMs, when they are involved too!
>>
>> We could ensure that when a kernel or user process initiates a profile
>> connection, it can push the content through the malware scanner,
>> particularly in the case in RDFa. There may be reputation sources to
>> consult too, to even consider handling the content. Webid assume the
>> open web, and we don't want crappy content (e.g. porn) pushed into our
>> corporate customer's kernel-based web caches
>>
>> (In Windows) browsers and servers use kernel based process to do https
>> and that will not change now, just because webid exists. After all, it
>> works fine with ldap and ADSI calls -- similar to webid. Thought is
>> required on whether to perform https on URIs within certs as we do
>> today (for CRLDP and OCSP and certPolicy https URIs) or else consider
>> whether we need a more refined kernel/userspace delegate handoff . If
>> there are n of these handoffs to allow different URI SANs to be
>> evalulated in parallel for relevance (per validation spec), one needs
>> to consider the impact on performance in a server operating at 100
>> logins a second...  Hmm. Sounds like a good challenge, relevant to the
>> https and SSL future generically.
>>
>> My advice is pitch at the platform library level, if you want some
>> fundamental change that enables. Don't pitch the revolution, or the
>> killer app. What I heard in the abstract was tone down religion.
>> Semantic web light. To be fair , folks were advised to take that
>> position. My argument is, perhaps, is do away with the entire religion
>> element, altoghether. Just pitch what we need from https librarys (in
>> browsers and OS platforms like Windows and OSX).
>>
>> I don't expect anyone here to agree. But, Ive added my valueless
>> comment, per the process.
>>
>

+1.

The key to think is "What X things could browser vendors do that would
enable Y to work?" while keeping X a finite integer, as small as possible,
while Y is WebID. The same question will be asked of a number of
technologies, and I hope we get good overlap.

I'd stick messaging to convey "Web of Trust" with certs, and possibly URIs
in Subject-Alternative-Names (Think of ways this could not disrupt CAs,
but complement them, remember the CAs are very important here). Once the
browser vendors do whatever it is requried, servers can do the rest with
RDF, XML, or whatever it is they prefer.

Heck, you don't even have to be a URI in the certificate. You can just use
Webfinger to resolve to a URI using email.

I think mentioning that RDFa is a good way to get the contacts in a Webby
way is fine, but that the general algorithm also works with
PortableContacts (i.e. via GRDDL or whatever shim) and etc. would be best.

> Er. +10 :-)
>
> Do away with RDF and Semantic Web religion. The sooner the better for
> everyone IMHO.
>
> Kingsley
>>
>> -----Original Message-----
>> From: public-xg-webid-request@w3.org
>> [mailto:public-xg-webid-request@w3.org] On Behalf Of Henry Story
>> Sent: Monday, April 11, 2011 11:16 PM
>> To: WebID XG
>> Cc: Peter Williams
>> Subject: Re: Meeting Mintes for: Agenda for WebID Teleconf, Monday 11
>> April 2011
>>
>> On 12 Apr 2011, at 01:31, Peter Williams wrote:
>>
>> > Does this mean that non-browser clients (eg word, excel) cannot use
>> webids?
>>
>> No of course not. The topic of the talk is "W3C Workshop on Identity
>> in the Browser"
>>
>> http://www.w3.org/2011/identity-ws/
>>
>> If it were a talk on Web and Tools we'd have a different introduction.
>>
>> > Today, excel posts an HTML rendering of it's reports upto websites.
>> Presumably, this is not in scope, now. It's not a use case this group
>> is interested in standardizing.
>>
>> You do jump to conclusions don't you?
>>
>> In a later e-mail you posted
>>
>> > ne has been able to saveAS to a webDAV server since windows XP! One
>> used to map a drive letter to the remote site, and windows took care
>> of using SMB or WebDAV. This went out of fashion, when WebDAV went out
>> of fashion. Web standard come and go... SOAP is in SOAP is out. WebDav
>> is in; tomorrow its out. RDF comes in and out. RSS for site maps
>> didn't really make it.
>>
>> I think WebDav is pretty good and would be a very good use case for
>> WebID integration. So would Atom pub.
>>
>> We could mention those as a use case, given that microsoft will be in
>> the crowd.
>>
>> >
>>
>> > Presumably, FTP clients doing ftps with certs with San Uris are also
>> out of scope, as is the irc client (in opera) doing ssl client auth
>> against commercial irc servers.
>>
>> Nothing is stoping people here to go to a big conference on ftp and
>> give an ftp specific presentation :-)
>>
>> >
>>
>> > Since folk want 1 cert to be multiapp, validators can do a head
>> operation on the uri, to see if it is webid capable ( looking at the
>> mime type). If it's not, pass by that uri in the San uri list (for
>> webid purposes). If it is, then consult the rdf for even finer grain
>> metadata on the uri.
>>
>> >
>>
>> > Similarly, an ftps/irc server - without webid querying capabilities
>> - can figure which https Uris in the San  it can use (using non
>> rdf-based de-referencing).
>>
>> >
>>
>> >
>>
>> > On Apr 11, 2011, at 2:12 PM, Henry Story <henry.story@bblfish.net
>> <mailto:henry.story@bblfish.net>> wrote:
>>
>> >
>>
>> >> Minutes are here:
>>
>> >>
>>
>> >> The meeting started off with us getting even more lost than usual in
>>
>> >> IRC magic. But I have now written down the main magic spells. After
>>
>> >> that we covered the test cases, and spent a lot of time writing the
>> first part of the abstract for identity in the browser.
>>
>> >>
>>
>> >> Jeff Even wrote a Haiku for it
>>
>> >>
>>
>> >> WebID helps me
>>
>> >> identity, privacy
>>
>> >> Secure, simple, free
>>
>> >>
>>
>> >> Here is the first part for the talk:
>>
>> >> http://www.w3.org/2011/identity-ws/
>>
>> >>
>>
>> >> 1. Position Statement
>>
>> >>
>>
>> >> The browser is the interface to the web and should also serve as
>> the interface to a user's identity. Identity selection and deselection
>> should be a one-click gesture to secure authentication across the
>> entire web. It should put the user in control of the information he
>> shares with each site. And it should be available now.
>>
>> >>
>>
>> >> The WebID protocol achieves all of the above. It works in all
>> browsers now using the widely-deployed TLS protocol and client-side
>> certificates--but with a twist. It ties those certificates into the
>> web in a RESTful manner allowing identities to be linked together in a
>> secure social web of trust.
>>
>> >>
>>
>> >> After explaining how the WebID protocol works,  we will suggest a
>> roadmap for future improvements in the browser, starting from minimal
>> changes that can be done right now, to longer term ones that can be
>> deployed incrementally.
>>
>> >>
>>
>> >>
>>
>> >> We will be working on that this week and continue reviewing it next
>> week.
>>
>> >>
>>
>> >> Henry
>>
>> >>
>>
>> >>
>>
>> >>
>>
>> >> On 7 Apr 2011, at 22:53, Henry Story wrote:
>>
>> >>
>>
>> >>>
>>
>> >>> Meeting Time/Location:
>>
>> >>> Mondays, Weekly, from April 11th 2011
>>
>> >>> Time: 1600 UTC
>>
>> >>> W3C Zakim bridge, telecon code: WEBID (93243)
>>
>> >>>  SIP: zakim@voip.w3.org <mailto:zakim@voip.w3.org>
>>
>> >>>  Phone US: +1.617.761.6200
>>
>> >>>  Phone UK: +44.203.318.0479
>>
>> >>>  Phone FR: +33.4.26.46.79.03
>>
>> >>> irc://irc.w3.org:6665/#webid
>>
>> >>> Duration: 60 minutes
>>
>> >>>
>>
>> >>>
>>
>> >>> Meeting Agenda:
>>
>> >>> 1. Accept minutes from previous meeting 2a. Action Item Review
>>
>> >>> http://www.w3.org/2005/Incubator/webid/track/actions/open
>>
>> >>> http://www.w3.org/2005/Incubator/webid/track/actions/pendingreview
>>
>> >>> 2b. Issue Closing
>>
>> >>>  (more below)
>>
>> >>> 3. Anything else we need to discuss in the telecon?
>>
>> >>> (a time to raise any important news, updates etc) 4. A List of 1-4
>>
>> >>> predetermined ISSUEs or Topics, tbd weekly by the Chair in advance.
>>
>> >>>
>>
>> >>> - ISSUE-9: Develop WebID Test Suite
>>
>> >>> http://www.w3.org/2005/Incubator/webid/track/issues/9
>>
>> >>> - ACTION-23: Start a position paper for Identity in the browser
>> workshop http://www.w3.org/2011/identity-ws/
>>
>> >>>   This will take some time, and could continue for half an hour
>> after the conf I guess.
>>
>> >>>
>>
>> >>>
>>
>> >>> On 4 Apr 2011, at 19:14, Nathan wrote:
>>
>> >>>
>>
>> >>>> Hi All,
>>
>> >>>>
>>
>> >>>> I'd like to propose that we have weekly meetings every Monday at
>> 16:00 UTC from April 11th onwards.
>>
>> >>>>
>>
>> >>>> If anybody has any objections or is otherwise engaged every
>> Monday at this time, then please do say before Friday the 8th April.
>>
>> >>>>
>>
>> >>>> Meeting Time/Location:
>>
>> >>>> Mondays, Weekly, from April 11th 2011
>>
>> >>>> Time: 1600 UTC
>>
>> >>>> W3C Zakim bridge, telecon code: WEBID (93243)
>>
>> >>>>  SIP: zakim@voip.w3.org <mailto:zakim@voip.w3.org>
>>
>> >>>>  Phone US: +1.617.761.6200
>>
>> >>>>  Phone UK: +44.203.318.0479
>>
>> >>>>  Phone FR: +33.4.26.46.79.03
>>
>> >>>> irc://irc.w3.org:6665/#webid
>>
>> >>>> Duration: 60 minutes
>>
>> >>>>
>>
>> >>>> Scribes:
>>
>> >>>> - We'll generate a (random) scribe list and match them up to
>>
>> >>>> related dates, for an example see:
>>
>> >>>> http://www.w3.org/2011/rdf-wg/wiki/Scribes
>>
>> >>>> - If for any reason you can't scribe (ever) then do say so we can
>> remove you from the rotation.
>>
>> >>>> - If for any reason you won't be able to attend a meeting which
>> you are due to be scribing, please let us know via the mailing list so
>> an alternative can be arranged.
>>
>> >>>> - To save any unwanted surprises, I'll scribe the first weekly
>> meeting on the 11th.
>>
>> >>>>
>>
>> >>>> Generic Meeting Agenda:
>>
>> >>>> 1. Accept minutes from previous meeting 2a. Action Item Review
>>
>> >>>> http://www.w3.org/2005/Incubator/webid/track/actions/open
>>
>> >>>> http://www.w3.org/2005/Incubator/webid/track/actions/pendingreview
>>
>> >>>> 2b. Issue Closing
>>
>> >>>>  (more below)
>>
>> >>>> 3. Anything else we need to discuss in the telecon?
>>
>> >>>> (a time to raise any important news, updates etc) 4. A List of 1-4
>>
>> >>>> predetermined ISSUEs or Topics, tbd weekly by the Chair in advance.
>>
>> >>>>
>>
>> >>>> Generally:
>>
>> >>>> - I'd like us to try and get working through the open/raised
>> issues:
>>
>> >>>> http://www.w3.org/2005/Incubator/webid/track/issues/raised
>>
>> >>>> http://www.w3.org/2005/Incubator/webid/track/issues/open
>>
>> >>>> .. and advance the products:
>>
>> >>>> http://www.w3.org/2005/Incubator/webid/track/products
>>
>> >>>> .. so that we all feel that the time we commit to the meetings is
>> well spent, and typically is centred towards making progress on the
>> issues and products, pre discuss on the list, then come to final
>> resolutions on the calls.
>>
>> >>>>
>>
>> >>>> Quorum and resolving issues:
>>
>> >>>> - to close an issue, Quorum is usually 1/3 of the active members
>> in a group (in our case that would be 12). However I'd suggest that we
>> specify 6 plus-ones to move an issue to preliminarily close an issue,
>> at which point the ISSUE will be moved to a "Pending Review" status.
>>
>> >>>> - For any issue we propose to close, the resolution must be sent
>> to the mailing list and left on "Pending Review" for one week so that
>> others get a chance to comment on any proposed solution, or raise any
>> last minute objections/points/clarifications.
>>
>> >>>> - After one week of "Pending Review", all issues requiring no
>> further discussion will be closed at the subsequent meeting, and any
>> issues requiring further telecon time / another vote will be placed on
>> the Agenda by the Chair.
>>
>> >>>>
>>
>> >>>> Does that all sound okay?
>>
>> >>>>
>>
>> >>>> Best,
>>
>> >>>>
>>
>> >>>> Nathan
>>
>> >>>
>>
>> >>> Social Web Architect
>>
>> >>> http://bblfish.net/
>>
>> >>>
>>
>> >>
>>
>> >> Social Web Architect
>>
>> >> http://bblfish.net/
>>
>> >>
>>
>> >>
>>
>> >>
>>
>> Social Web Architect
>>
>> http://bblfish.net/
>>
>
>
> --
>
> Regards,
>
> Kingsley Idehen
> President&  CEO
> OpenLink Software
> Web: http://www.openlinksw.com
> Weblog: http://www.openlinksw.com/blog/~kidehen
> Twitter/Identi.ca: kidehen
>
>
>
>
>
>

Received on Tuesday, 12 April 2011 15:42:57 UTC