- From: Kingsley Idehen <kidehen@openlinksw.com>
- Date: Thu, 21 Apr 2011 20:44:19 -0400
- To: peter williams <home_pw@msn.com>
- CC: public-xg-webid@w3.org
On 4/21/11 7:14 PM, peter williams wrote: > I don’t find the "almost done, waiting adoption; major problem solved" > argument valid. > > Folks have had client certs in the enterprise for a decade, bound to an ldap > entry (the directoryName SAN element). As the SSL authn is received, IIS (or > the firewall proxy more likely) gets the directory entry, maps the name to > the NT account, and accesses the resources as if you had an NT LAN session, > from a windows desktop. Its better the SPEGNO (tunneled through www-auth) > because its not even limited to the intranet. Yes. URIs as mechanism for de-reference and address-of operations is the key to it all. > This cert stuff stuff is browser driven, has already been through QA, and > had lots of user studies looking at ergonomics etc. So has the smartcard > variant, particularly useful when encryption and signing documents/mails. > Swapping directory lookup for foaf card lookup is a minor shift - in browser > design terms. Yes. > This is partly why I want us to support ldap (and multi URIness in general). Yes. Funnily enough my earliest encounters with Henry centered on "ldap:" mapping when he was working on a Linked Data driven Address Book during his Sun days. We are in the processing of verifying ldap: URIs in our intranet re. WebID. > And, to make it a feature. We have to remember that the role of directories > are changing (and its not good enough to hear SUN folks bleat about how > directories are passé, given SAML). Now, the enterprise tenant version of > "Office in the cloud" gives all willing tenants their own hosted > directory/ldap server - one that can be fronted by ADFS which makes that > tenant's office installation an IDP (via Azure ACS) to any website in the > world. It's no longer just the old "directory as" ...the LAN-centric hub of > a distributed system (LAN) managing PCs; it's now just an identity and > authorization mgt system, for cloud apps. The directory/websso integration > already supports a client cert binding (into which one fits my cert > validator...pinging a foaf source) if one prefers foaf trust models, to PKI. Yes, but we just add this to the WebID dexterity showcase bucket, methinks; especially for the enterprise audience. > These are the forces at play, and they are quite monumental ("enterprise" > becomes "public cloud"). Websso, now mainstream, enables any number of > "Microsoft office" directories to interact with third parties relying > parties via websso (just like Google Apps tenants do, via openid). > Furthermore, the directory stuff adds in "rights management" for office, > which gives fine grained access controls to documents - allowing for > intel-grade authorization/forwarding/control/printing/commenting etc etc. > The features folks have had in LAN world, are coming the web. > Yes, the Web albeit ubiquitous is still far behind the enterprise re. these other areas. Thus, we mesh both realms courtesy of WebID which showcasing WebID. The lines between the enterprise and cloud continue to blur. Thus, importance of ACLs continues to rise, exponentially. > I'd love for us to be making the case that the enterprise stuff and the more > conventional public web HARMONISE in webid - just because webid works WITH > all that cloud stuff. All it requires ...is support for the ldap URI. Amen! Public demos coming soon, just need to get this royal wedding behind us :-) Kingsley > > > > -----Original Message----- > From: public-xg-webid-request@w3.org [mailto:public-xg-webid-request@w3.org] > On Behalf Of Kingsley Idehen > Sent: Thursday, April 21, 2011 11:33 AM > To: public-xg-webid@w3.org > Subject: Re: Position Paper for W3C Workshop on Identity > > On 4/21/11 2:06 PM, Henry Story wrote: >> On 21 Apr 2011, at 19:51, Alexandre Passant wrote: >> >>> Hi Jeff, all, >>> >>> Agreed with all your statements, but in that case, imo, there should be > more focus on the USP of WebID, and less on the technical side. >>> *What* can WebID offer, and *why* that's needed, rather than *how* >>> (i.e. expanding the section 2, and maybe shortening 3) >> I think you mean the other way around. You'll find that section 3 is quite > long in fact. Section 2 is only 1 page minus the graphics. Section 3 is one > and a half pages of much denser text. >> There is a big advantage of showing how WebID works, because its > simplicity is so transparent then. Without that explanation what we say is > just chatter. The point of our paper is to make clear that most of the work > for browser identity is already done, and that there is very little needed > for them to make a very big step. The less we ask the browser vendors to do, > the more likely they are to do it. All the rest can be done on the server > side, and they can benefit from anything that happens there, in fact they > have a stake in having a bit of presence in this process, as we show a few > of the things they can use from this to help improve the browser experience. >> What benefits do you feel we have not properly written up here? > Henry, > > I believe Alex is seeking more prominent What, Why, and How sectioning of > the paper. Basically, structural tweak that might boil down to these > sub-headings: > > 1. What? > 2. Why? > 3. How? > > :-) > > Kingsley >>> m2c >>> >>> Alex. >>> >>> >>> On 21 Apr 2011, at 19:07, Jeff Sayre wrote: >>> >>>> One of the issues we faced in writing this paper is the 5-page >>>> maximum. As it stands, the document (if printed) is five-and-a-half > pages right now. >>>> Therefore, we have no room to expand. >>>> >>>> The singular purpose of this paper is to pique the interest of the >>>> committee that will choose the speakers. If we succeeded in doing >>>> that, then we hope that we will be offered an opportunity to present >>>> a 20-minute talk at the workshop. Assuming the WebID IG is offered >>>> such an opportunity, we will cover certain details that, out of >>>> necessity, we had to gloss over or simply leave out. >>>> So, when analyzing the paper, the question should be, Does the >>>> position paper as it is currently written, present sufficient >>>> enticements to be offered a presentation slot? >>>> >>>> Of course, we do need to make sure that we appropriately convey the >>>> advantages and power of WebID in our oral presentation. So any and >>>> all input is useful and appreciated! >>>> >>>> BTW Henry, last night I uploaded a corrected graphic for the >>>> certificate picker screen. The most recent copy of our position >>>> paper on your site does not have that change. >>>> >>>> Jeff >>>> >>>>> On 21 Apr 2011, at 17:40, Henry Story wrote: >>>>> >>>>>> On 21 Apr 2011, at 16:56, Alexandre Passant wrote: >>>>>> >>>>>>> Hi Henry, >>>>>>> >>>>>>> I've added some comments to the google doc yesterday, do you plan >>>>>>> to integrate them. >>>>>> I was looking through the history of the google doc changes >>>>>> yesterday, but I can't find them. I think I saw them before, but >>>>>> my browsers currently don't show me anything in those diffs. >>>>>> >>>>>>> I think we shall mention somewhere the ties between WebID and >>>>>>> FOAF (or any machine readable data about the WebID owner) >>>>>> I do mention foaf once there. We don't have any space left there >>>>>> now I think. >>>>>> >>>>>>> Since we're talking about identity, we shall mention that WebID >>>>>>> allows >>>>>>> (1) a user to give some of its information to an application >>>>>>> (where s/he's authenticating) in a machine-readable form and >>>>>>> (2) an application (where someone logs in) to deliver some data >>>>>>> based on the identify and the attributes >>>>>>> >>>>>>> Multiple advantages: fight spam, contextual information delivery, >>>>>>> personalisation etc. >>>>>> Fighting spam is there in section 4. >>>>>> Does that cover what you were looking for? >>>>> Kind of, but I think there should be more emphasis on it (using the >>>>> previous combination) as part of section 3. >>>>> To me, the tie to a "machine readable profile" is a key advantage >>>>> of WebID that should be streghten here >>>>> >>>>> Alex. >>>>> >>>>>>> m2c >>>>>>> >>>>>>> Alex. >>>>>>> >>>>>>> On 21 Apr 2011, at 12:51, Henry Story wrote: >>>>>>> >>>>>>>> New version with some changes: >>>>>>>> >>>>>>>> http://bblfish.net/tmp/2011/04/21/ >>>>>>>> >>>>>>>> The old one is here >>>>>>>> >>>>>>>> http://bblfish.net/tmp/2011/04/20/ >>>>>>>> >>>>>>>> Is there a web diff tool? >>>>>>>> >>>>>>>> Henry >>>>>>>> >>>>>>>> On 21 Apr 2011, at 11:26, Harry Halpin wrote: >>>>>>>> >>>>>>>>> On 04/21/2011 10:41 AM, Henry Story wrote: >>>>>>>>>> Harry, are videos allowed in a submission? >>>>>>>>>> >>>>>>>>>> Btw. doing a good video is even more work that writing a good >>>>>>>>>> text out, as it requires excellence in an even larger set of >>>>>>>>>> media voice, music, film, writing. >>>>>>>>> Feel free to link to a video that you can show in your > presentation. >>>>>>>>> The video cannot replace a position paper, which requires text. >>>>>>>>> >>>>>>>>> HOWEVER, if you do get a video in with your paper, we might >>>>>>>>> make a separate video part of the workshop homepage if enough >>>>>>>>> people ping me with video requests. We've had about 3 others >>>>>>>>> say this before. The idea would be people could watch the video >>>>>>>>> before the workshop, to help start a conversation ASAP. We >>>>>>>>> want people at the workshop primed and ready to go. >>>>>>>>> >>>>>>>>>> Henry >>>>>>>>>> >>>>>>>>>> On 21 Apr 2011, at 10:33, Alexandre Passant wrote: >>>>>>>>>> >>>>>>>>>>>> Links in the addendum or references sections or via anchored >>>>>>>>>>>> text, as per normal practice. If you have a live link, you >>>>>>>>>>>> negate the constraints of digital rendition of paper :-) >>>>>>>>>>>> >>>>>>>>>>> Since papers can be submitted in HTML, embedding a video is >>>>>>>>>>> also an option to make the case of WebID. >>>>>>>>>>> >>>>>>>>>>> Alex. >>>>>>>>>> Social Web Architect >>>>>>>>>> http://bblfish.net/ >>>>>>>>>> >>>>>>>> Social Web Architect >>>>>>>> http://bblfish.net/ >>>>>>>> >>>>>>>> >>>>>> Social Web Architect >>>>>> http://bblfish.net/ >>>>>> >>>>> >> Social Web Architect >> http://bblfish.net/ >> >> >> > -- Regards, Kingsley Idehen President& CEO OpenLink Software Web: http://www.openlinksw.com Weblog: http://www.openlinksw.com/blog/~kidehen Twitter/Identi.ca: kidehen
Received on Friday, 22 April 2011 00:44:43 UTC