W3C home > Mailing lists > Public > public-xg-webid@w3.org > April 2011

Re: self-signed

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Tue, 19 Apr 2011 12:21:08 -0400
Message-ID: <4DADB674.8010005@openlinksw.com>
To: public-xg-webid@w3.org
On 4/19/11 8:11 AM, Mo McRoberts wrote:
> On 19 Apr 2011, at 13:05, Kingsley Idehen wrote:
>> On 4/19/11 3:36 AM, Mo McRoberts wrote:
>>> On 19 Apr 2011, at 01:43, Kingsley Idehen wrote:
>>>>> You're saying “WebID should support more than just http URIs”
>>>> It shouldn't be scheme specific in any shape or form.
>>> Okay, I have a practical problem with this as written: how do I implement a WebID relying party which doesn't restrict itself to certain schemes?
>> Relying party needs to treat WebID as a protocol comprised of:
>> 1. URIs for Agent Identity (Names)
>> 2. Protocol for validating Agent Identity.
>> A URI is scheme agnostic. The fact that HTTP can be used as Name/Access mechanism doesn't imply this capability is unique to HTTP. You can make other URIs resolve.
> Yes, but you still need to have that code which knows *how*.

Yes, but that doesn't negate the essence of scheme agnosticism. This 
isn't about code, it maybe more about conduct with regards to 
effectively conducting data across data spaces via a really powerful 
mechanism i.e., URIs :-)
> There is no double-standard in saying “I wish to implement a WebID server which won't confuse people by only supporting half of the schemes they expect. What do I need to support?”, nor in providing the answers to that question.

There is a double standard if you bend in one direction or the other 
subjectively. But lets not dwell on this. Ironically, Henry laid out 
some guidelines a few posts ago that covers the issue of conformance 
test suites and WebID compatible development in general. It just so 
happens that he often forgets (of late) that he's actually done what I 
seek re. guidelines, when he does responds to comments using:  "simple", 
"priority", and "time" to justify not reminding people about what WebID 
is essentially about.

To quote Henry re. my initial question, stated as follows:  "What 
happens when the SAN URI (WebID) isn't "http:" scheme based? That's a 
critical test.

Henry: "If the server does not know how to deal with it, the user is 
anonymous. In the tests we should have a way for the server to tell that 
he does not know how to deal with a URI type." .

Not knowing how to deal with URI type (scheme) != a valid or invalid 
WebID. Today, code is emerging that takes the view that WebIDs that 
aren't HTTP scheme based == invalid.

This whole thread started because I have a massive collection of Certs. 
carrying different variations of Identifiers in different slots. Thus, 
you can imagine what happened to me when I randomly did some testing 
only to assume bugs had crept into our code, initially. Then 
instinctively picking an HTTP scheme based WebID to see if it made a 
difference, which it did etc..

I test the purity of the concept first, shortcuts come second :-)




Kingsley Idehen	
President&  CEO
OpenLink Software
Web: http://www.openlinksw.com
Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca: kidehen
Received on Tuesday, 19 April 2011 16:21:31 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:39:44 UTC