Re: self-signed

On 4/19/11 10:44 AM, peter williams wrote:
> Forgive me, I will not be attending any Berlin meeting. And Im not writing
> anything for the US one - since it will be auto-rejected based on the name
> of the author, alone. My positions on user-centric identity are generally
> not welcome, in those circles.

Peter, Henry doesn't speak for all of us.

Personally, I value your contributions and encourage you to continue. 
Absolute worst case (but hope it *doesn't come to this*), ping me 
directly. At OpenLink we know .NET inside out. We know its potential in 
this arena, and that's why eons ago we tried to make Mono work outside 
Windows. I put those efforts on hold then, and it was the best decision 
I ever made. Circa., 2011 we have serious work taking place in this 
realm once again (.NET first and Mono later). Same even applies to Java. 
In both cases (.NET or Java) the core developers are extremely close to 
the Iron types and know a lot about security matters. Hopefully though, 
you'll continue to share your wealth of experience and wisdom in public 
via this forum of the original FOAF+SSL forum.

Please, if you can, stay the course!

> I'm happy with ftps (since it's an interesting two channel problem, and
> doesn't have redirect or cookie issues). What matters to me is demonstrating
> that we don't repeat history.

+1000

> If that means looking for theme #51, and then
> #52 then I will do so (for what matters is shaping the general form of the
> movement, for mass adoption that makes those who do muti-year platform
> engineering believing that the movement has built in "sustainability"). If
> we don't want suggestion #53, lets do what we said - and show ftps, as a non
> http scheme.

mailto: and acct: scheme are done, and they work, and ODS is open 
source. What I won't do, is go the Apache route or the Java route for 
sake of conforming to a so called "Open Source LAMP Stack" that I 
personally (and OpenLink) believe to be inherently flawed.

Kingsley
>
>
> -----Original Message-----
> From: public-xg-webid-request@w3.org [mailto:public-xg-webid-request@w3.org]
> On Behalf Of Henry Story
> Sent: Tuesday, April 19, 2011 7:26 AM
> To: peter williams
> Cc: 'Mo McRoberts'; 'Kingsley Idehen'; public-xg-webid@w3.org
> Subject: Re: self-signed
>
>
> On 19 Apr 2011, at 15:54, peter williams wrote:
>
>> Im just seeing filibuster, delay and a degree of specious argument, on
>> this issue
> The people who are trying to implement tests, get things working, keep
> things simple are filibustering? And the ones with mile long e-mails that
> bring issues always outside the space are the ones doing the serious work?
>
> Fillibuster:
> a. the use of irregular or obstructive tactics by a memberof a legislative
> assembly to prevent the adoption of ameasure generally favored or to force a
> decision againstthe will of the majority.
> b. an exceptionally long speech, as one lasting for a day or days, or a
> series of such speeches to accomplish thispurpose.
> c. a member of a legislature who makes such a speech.
>
> That is why I suggest we stop this chatter, and start with real tests. We
> have 50 issues on the table that you brought up. Now we are working bottom
> up.
>
>> We discussed this topic in setting up the group - that we were about
>> more than http URIs.
> Yes, I even wrote up how that works on
> http://www.w3.org/wiki/Foaf%2Bssl/FAQ#How_does_Secure_Authentication_Work_wi
> th_FOAF.2BSSL.3F
>
> And you can get the philosophical details in the talk "Philosophy of the
> Social Web"
> which is available on my home page http://bblfish.net/
>
>> We wanted to ensure we were not a linked data group (without denying
>> the legitimacy of that movement).
> We are setting foundations for Linked Data, but we restricted ourselves on
> purpose to start off with to identity, the part that does not require more
> of linked data than dereferencing the WebID. Well with webfinger we get a
> bit more linked data, as you have to do 2 dereferencings, one following the
> other. But linked data and linked pages is the whole point of WebId of
> course. If you think that is silly then you are in the wrong group.
>
>> We wanted to ensure we did not
>> fall into the political space that RDF typically falls into, whose
>> feedback properties ensure the failure of adoption. We did want to be
>> puritans, that is - "induced" to leave England (and even Holland),
>> because their literalness in positions of power caused 50 years of
>> constant war (to use a historical reference).
> We are just trying to be Web friendly. For some that is being puritain
> though, but not at the W3C.
> I myself have no trouble with the semantic web, xml and other formats. The
> current spec even is open to working with many other formats. It's just
> worth us getting what we have going before we move on.
>
>>
>> What I want to see is any non http URI adoption, to ensure that
>> multi-scheme'ness (per se) is being built into implementations.
> We can do FTP immediately. ftp and ftps. perhaps scp would also work? Would
> that help?
>
>> If I had a magic wand, Id have people agree to one that requires use
>> of the "start SSL" technique, wherein such as an http tunnel is
>> upgraded once it exists to an https tunnel. This forces the us to have
>> considered the edge cases of SSL, material to this protocol.
> Not so long ago a few people on the list asked us to get back to basics, as
> we were getting lost in complex TLS magic. This is why I am trying to get us
> to focus now on the simple implementation of the protocol we have now and
> that we understand well.
>
> I suggest that you write up a paper for the meeting in Berlin on one of your
> favorite schemes. Try to make it short. Show the UML description, security
> problems, and so on. An implementation that works would be even better. Then
> we can review that, and see how to fit these ideas all together here.
>
> But I would also suggest you try harder first to get WebID working as it is
> now, with a test suite for an enpoint you can put up, and open source code
> to go with it. Then we can better understand the issues you may have.
>
> Henry
>
>
>> -----Original Message-----
>> From: public-xg-webid-request@w3.org
>> [mailto:public-xg-webid-request@w3.org]
>> On Behalf Of Mo McRoberts
>> Sent: Tuesday, April 19, 2011 5:12 AM
>> To: Kingsley Idehen
>> Cc: public-xg-webid@w3.org
>> Subject: Re: self-signed
>>
>>
>> On 19 Apr 2011, at 13:05, Kingsley Idehen wrote:
>>
>>> On 4/19/11 3:36 AM, Mo McRoberts wrote:
>>>> On 19 Apr 2011, at 01:43, Kingsley Idehen wrote:
>>>>
>>>>>> You're saying "WebID should support more than just http URIs"
>>>>>>
>>>>> It shouldn't be scheme specific in any shape or form.
>>>> Okay, I have a practical problem with this as written: how do I
>>>> implement
>> a WebID relying party which doesn't restrict itself to certain schemes?
>>> Relying party needs to treat WebID as a protocol comprised of:
>>>
>>> 1. URIs for Agent Identity (Names)
>>> 2. Protocol for validating Agent Identity.
>>>
>>> A URI is scheme agnostic. The fact that HTTP can be used as
>>> Name/Access
>> mechanism doesn't imply this capability is unique to HTTP. You can
>> make other URIs resolve.
>>
>> Yes, but you still need to have that code which knows *how*.
>>
>> There is no double-standard in saying "I wish to implement a WebID
>> server which won't confuse people by only supporting half of the
>> schemes they expect. What do I need to support?", nor in providing the
>> answers to that question.
>>
>>
>> --
>> Mo McRoberts - Data Analyst - Digital Public Space, Zone 1.08, BBC
>> Scotland,
>> 40 Pacific Quay, Glasgow G51 1DA, Room 7066, BBC Television Centre,
>> London
>> W12 7RJ,
>> 0141 422 6036 (Internal: 01-26036) - PGP key 0x663E2B4A
>>
>>
>> http://www.bbc.co.uk/
>> This e-mail (and any attachments) is confidential and may contain
>> personal views which are not the views of the BBC unless specifically
> stated.
>> If you have received it in error, please delete it from your system.
>> Do not use, copy or disclose the information in any way nor act in
>> reliance on it and notify the sender immediately.
>> Please note that the BBC monitors e-mails sent or received.
>> Further communication will signify your consent to this.
>> 					
>>
>>
>>
> Social Web Architect
> http://bblfish.net/
>
>
>
>
>


-- 

Regards,

Kingsley Idehen	
President&  CEO
OpenLink Software
Web: http://www.openlinksw.com
Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca: kidehen

Received on Tuesday, 19 April 2011 17:50:32 UTC