W3C home > Mailing lists > Public > public-xg-webid@w3.org > April 2011

RE: Position Paper for W3C Workshop on Identity

From: peter williams <home_pw@msn.com>
Date: Thu, 21 Apr 2011 16:14:42 -0700
Message-ID: <SNT143-ds14BBF78CD44B7B73ECF2EE92920@phx.gbl>
To: "'Kingsley Idehen'" <kidehen@openlinksw.com>, <public-xg-webid@w3.org>

I don’t find the "almost done, waiting adoption; major problem solved"
argument valid.

Folks have had client certs in the enterprise for a decade, bound to an ldap
entry (the directoryName SAN element). As the SSL authn is received, IIS (or
the firewall proxy more likely) gets the directory entry, maps the name to
the NT account, and accesses the resources as if you had an NT LAN session,
from a windows desktop. Its better the SPEGNO (tunneled through www-auth)
because its not even limited to the intranet. 

This cert stuff stuff is browser driven, has already been through QA, and
had lots of user studies looking at ergonomics etc. So has the smartcard
variant, particularly useful when encryption and signing documents/mails.
Swapping directory lookup for foaf card lookup is a minor shift - in browser
design terms.

This is partly why I want us to support ldap (and multi URIness in general).
And, to make it a feature. We have to remember that the role of directories
are changing (and its not good enough to hear SUN folks bleat about how
directories are passť, given SAML). Now, the enterprise tenant version of
"Office in the cloud" gives all willing tenants their own hosted
directory/ldap server - one that can be fronted by ADFS which makes that
tenant's office installation an IDP (via Azure ACS) to any website in the
world. It's no longer just the old "directory as" ...the LAN-centric hub of
a distributed system (LAN) managing PCs; it's now just an identity and
authorization mgt system, for cloud apps.  The directory/websso integration
already supports a client cert binding (into which one fits my cert
validator...pinging a foaf source) if one prefers foaf trust models, to PKI.

These are the forces at play, and they are quite monumental ("enterprise"
becomes "public cloud"). Websso, now mainstream, enables any number of
"Microsoft office" directories to interact with third parties relying
parties via websso (just like Google Apps tenants do, via openid).
Furthermore, the  directory stuff adds in "rights management" for office,
which gives fine grained access controls to documents - allowing for
intel-grade authorization/forwarding/control/printing/commenting etc etc.
The features folks have had in LAN world, are coming the web.

I'd love for us to be making the case that the enterprise stuff and the more
conventional public web HARMONISE in webid - just because webid works WITH
all that cloud stuff. All it requires ...is support for the ldap URI.

-----Original Message-----
From: public-xg-webid-request@w3.org [mailto:public-xg-webid-request@w3.org]
On Behalf Of Kingsley Idehen
Sent: Thursday, April 21, 2011 11:33 AM
To: public-xg-webid@w3.org
Subject: Re: Position Paper for W3C Workshop on Identity

On 4/21/11 2:06 PM, Henry Story wrote:
> On 21 Apr 2011, at 19:51, Alexandre Passant wrote:
>> Hi Jeff, all,
>> Agreed with all your statements, but in that case, imo, there should be
more focus on the USP of WebID, and less on the technical side.
>> *What* can WebID offer, and *why* that's needed, rather than *how* 
>> (i.e. expanding the section 2, and maybe shortening 3)
> I think you mean the other way around. You'll find that section 3 is quite
long in fact. Section 2 is only 1 page minus the graphics. Section 3 is one
and a half pages of much denser text.
> There is a big advantage of showing how WebID works, because its
simplicity is so transparent then. Without that explanation what we say is
just chatter. The point of our paper is to make clear that most of the work
for browser identity is already done, and that there is very little needed
for them to make a very big step. The less we ask the browser vendors to do,
the more likely they are to do it. All the rest can be done on the server
side, and they can benefit from anything that happens there, in fact they
have a stake in having a bit of presence in this process, as we show a few
of the things they can use from this to help improve the browser experience.
> What benefits do you feel we have not properly written up here?


I believe Alex is seeking more prominent What, Why, and How sectioning of
the paper. Basically, structural tweak that might boil down to these

1. What?
2. Why?
3. How?


>> m2c
>> Alex.
>> On 21 Apr 2011, at 19:07, Jeff Sayre wrote:
>>> One of the issues we faced in writing this paper is the 5-page 
>>> maximum. As it stands, the document (if printed) is five-and-a-half
pages right now.
>>> Therefore, we have no room to expand.
>>> The singular purpose of this paper is to pique the interest of the 
>>> committee that will choose the speakers. If we succeeded in doing 
>>> that, then we hope that we will be offered an opportunity to present 
>>> a 20-minute talk at the workshop. Assuming the WebID IG is offered 
>>> such an opportunity, we will cover certain details that, out of 
>>> necessity, we had to gloss over or simply leave out.
>>> So, when analyzing the paper, the question should be, Does the 
>>> position paper as it is currently written, present sufficient 
>>> enticements to be offered a presentation slot?
>>> Of course, we do need to make sure that we appropriately convey the 
>>> advantages and power of WebID in our oral presentation. So any and 
>>> all input is useful and appreciated!
>>> BTW Henry, last night I uploaded a corrected graphic for the 
>>> certificate picker screen. The most recent copy of our position 
>>> paper on your site does not have that change.
>>> Jeff
>>>> On 21 Apr 2011, at 17:40, Henry Story wrote:
>>>>> On 21 Apr 2011, at 16:56, Alexandre Passant wrote:
>>>>>> Hi Henry,
>>>>>> I've added some comments to the google doc yesterday, do you plan 
>>>>>> to integrate them.
>>>>> I was looking through the history of the google doc changes 
>>>>> yesterday, but I can't find them. I think I saw them before, but 
>>>>> my browsers currently don't show me anything in those diffs.
>>>>>> I think we shall mention somewhere the ties between WebID and 
>>>>>> FOAF (or any machine readable data about the WebID owner)
>>>>> I do mention foaf once there. We don't have any space left there 
>>>>> now I think.
>>>>>> Since we're talking about identity, we shall mention that WebID 
>>>>>> allows
>>>>>> (1) a user to give some of its information to an application 
>>>>>> (where s/he's authenticating) in a machine-readable form and
>>>>>> (2) an application (where someone logs in) to deliver some data 
>>>>>> based on the identify and the attributes
>>>>>> Multiple advantages: fight spam, contextual information delivery, 
>>>>>> personalisation etc.
>>>>> Fighting spam is there in section 4.
>>>>> Does that cover what you were looking for?
>>>> Kind of, but I think there should be more emphasis on it (using the 
>>>> previous combination) as part of section 3.
>>>> To me, the tie to a "machine readable profile" is a key advantage 
>>>> of WebID that should be streghten here
>>>> Alex.
>>>>>> m2c
>>>>>> Alex.
>>>>>> On 21 Apr 2011, at 12:51, Henry Story wrote:
>>>>>>> New version with some changes:
>>>>>>> http://bblfish.net/tmp/2011/04/21/
>>>>>>> The old one is here
>>>>>>> http://bblfish.net/tmp/2011/04/20/
>>>>>>> Is there a web diff tool?
>>>>>>> Henry
>>>>>>> On 21 Apr 2011, at 11:26, Harry Halpin wrote:
>>>>>>>> On 04/21/2011 10:41 AM, Henry Story wrote:
>>>>>>>>> Harry, are videos allowed in a submission?
>>>>>>>>> Btw. doing a good video is even more work that writing a good 
>>>>>>>>> text out, as it requires excellence in an even larger set of 
>>>>>>>>> media voice, music, film, writing.
>>>>>>>> Feel free to link to a video that you can show in your
>>>>>>>> The video cannot replace a position paper, which requires text.
>>>>>>>> HOWEVER, if you do get a video in with your paper, we might 
>>>>>>>> make a separate video part of the workshop homepage if enough 
>>>>>>>> people ping me with video requests. We've had about 3 others 
>>>>>>>> say this before. The idea would be people could watch the video 
>>>>>>>> before the workshop, to help start a conversation ASAP.  We 
>>>>>>>> want people at the workshop primed and ready to go.
>>>>>>>>> Henry
>>>>>>>>> On 21 Apr 2011, at 10:33, Alexandre Passant wrote:
>>>>>>>>>>> Links in the addendum or references sections or via anchored 
>>>>>>>>>>> text, as per normal practice. If you have a live link, you 
>>>>>>>>>>> negate the constraints of digital rendition of paper :-)
>>>>>>>>>> Since papers can be submitted in HTML, embedding a video is 
>>>>>>>>>> also an option to make the case of WebID.
>>>>>>>>>> Alex.
>>>>>>>>> Social Web Architect
>>>>>>>>> http://bblfish.net/
>>>>>>> Social Web Architect
>>>>>>> http://bblfish.net/
>>>>> Social Web Architect
>>>>> http://bblfish.net/
> Social Web Architect
> http://bblfish.net/



Kingsley Idehen	
President&  CEO
OpenLink Software
Web: http://www.openlinksw.com
Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca: kidehen
Received on Thursday, 21 April 2011 23:15:11 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:39:44 UTC