realization point; separating webid protocol from webid trust chains, and webid applications generally

Given the writing of the paper targeting the wants and needs of the usual US
identity crowd and then the fact that folks are turning their focus towards
the writing of a distinguishing paper for a conference on social web stuff
in Germany, we should realize we have hit a turning point. We should
consolidate the distinctions being drawn.

 

Webid is about the interplay of three technologies (not listed), in a tiny
small space that combines them in such a fashion that all three finally show
themselves suited to the times. It doesn't need in this one brand name
"webid" to be tied to other ideas ( see below). They need their own brand
names (much like "ssl" distinguishes itself from "PKI" (2000ish, coined by
Entrust) and "digitalids" (1995ish, coined by Sclavos))

 

Social networks are an "application" of webid. They focus on something the
technologies (above) do not: using foaf and semweb to build "trust chains".
I don't know much about it (and am not sure I want to); but Im hopeful. To
be honest im excited that advanced logic can do graph analysis, especially
if its using advanced computing models. It seems to be about profile
management (on the web), cert issuing (on the web), chain discovery (on the
web), and security context establishment via groupware (on the web, of
course). NONE of these topics are webid, but they are "federated social
networks".

 

SO, we realize we have made the classical split between protocol for
signaling and integrating (like SSL), and procedures for chaining trust
(like the cert chains used in the https "application" of SSL) and then
managing keys and names (like cert issuing). One feature is in kernel land
(in windows anyways), and the other in user space (In the middle of some
browser engine handling documents). That very architecture forces the
separation of concerns, for security enforcement. One is about channels, the
other about documents.

 

Arguably, the social network stuff done in other incubator groups goes
beyond trust chain discovery and closure, to address some of what https
further addressed: secure hypermedia documents. This may even include what
was done originally (in secure hypermedia theories cued of HTML anchors)
which was computation based on sets of (related) SSL connections. If folks
think carefully, one will realize the graphs of SSL connections emanating
from a 1995-era HTML document when combined with the SSL tunnels managed by
web proxy chains, as "Described by" actual hypermedia document rendered in
browsers, is a form a global  cipher run (back to that "web as a living
computing platform", meme). You can and should  view the space as a
complexity-generating mixer. It's a giant knights tour, if you will, and the
basis of a transposition step in (large space) cipher design.

 

I think we are starting to see the re-emergence of digital id and channel
composition as an interesting research topic, now we have re-learned to
DISTINGUISH its elements. Of course, it's even more fun that the previous
round of results are infact available at a global deployment level,
available for further experimentation to observer the GLOBAL properties.

 

Be nice if the folks who made that space and defined it and then brought ti
to global realization point (even to the headstrong W3C types) got a credit
once in a while. Is it time to turn off the endless litany of rants and
imputations about how all oppressive it all was/is, contrary to fact? The
global crypto scene is all a damn site better off than it was when we
started (1987 in my case).