W3C home > Mailing lists > Public > public-xg-webid@w3.org > April 2011

Re: Position Paper for W3C Workshop on Identity

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Sat, 23 Apr 2011 12:14:19 -0400
Message-ID: <4DB2FADB.6000409@openlinksw.com>
To: public-xg-webid@w3.org
On 4/23/11 11:05 AM, peter williams wrote:
> Webid doesn’t solve the trust problem. It just binds a key to a
> name/identifier, and specifies a validation procedure (for SSL).
> Nicely, the same validation procedure works for other secure channel
> protocols (e.g. websso). If the browser posting an openid assertion to the
> consumer also release the SSL client cert to the relying party site, the
> site can augment its relying party control set with the webid validation
> procedure, for example. This resulting foaf card might "qualify" the openid
> OP, leading to the super-position of a foaf (not webid) trust model on
> openid.
> We have to decide:
> Is the term webid the URI in cert idea?
Yes, that's the Personal URI in the Cert.
> Is it the use of a client cert (with...) in SSL (only)?

That's the WebID Protocol aspect that covers validation.

> Is it the validation procedure , working with http/s URIs (only)?

Yes, but not "only". WebID is an acronym that covers: Personal 
Identifier and a validation/verification protocol.

> Is it the validation procedure, with any scheme of URI?


> Is it the tie in to federation social networks, which impose webbiness on
> each and every step (users may NOT generate certs on their PC, they MUST use
> a web provider)?

Webbines != WWW. To me Linked Data graphs are data object oriented 

> Is webid the use of particular foaf or other ontologies relationship specs,
> when computing trust chains?

There is a trust logic in play, but it isn't confined to any syntax. Its 
a conceptual thing that has first-order logic as the definition and 
constrains mechanism re. content of resources that bear the profile graph.

> For me, webid is the first 4 (above). It stops as federated social networks.
> For all i care, one can use webid in nntps, creating groupware concept based
> on threaded conversations.

Yep! And that's exactly how we've implemented it, and we do infact use 
it with nntp based threaded discussions (which isn't always obvious to 

It is scheme agnostic.

> This can use PKI trust or social feedback in an
> nntps context, that never ever uses a foaf-card borne relationship
> statement.

There has to be a discernible pathway that binds a WebID to one or more 
public keys in a data oriented address space hosting a graph structure.

> If one seeks mass adoption in a crypto-political sphere full of well-manned
> roadblocks, one has to decouple the security protocol from the (motivating)
> application. That is: you have to let HTTP be used for the evil SOAP, if you
> are to get buyin to HTTP for the web architecture you really believe in. You
> have to give, to get. If you get 30% of what you set out for at the outset
> of a social plan in crypto-politics, you are usually doing pretty well! What
> I want is massive number of foaf cards as homepages, with SOME set of
> triples being consumed thereby, to create the beachhead from which one
> expands further.

Try to think less about FOAF and more about a network addressable data 
structure that represents a structured profile. FOAF is just an example :-)

> -----Original Message-----
> From: public-xg-webid-request@w3.org [mailto:public-xg-webid-request@w3.org]
> On Behalf Of Stéphane Corlosquet
> Sent: Saturday, April 23, 2011 6:52 AM
> To: Henry Story
> Cc: WebID XG
> Subject: Re: Position Paper for W3C Workshop on Identity
> [[[
> The user can create and control his own, self sign his certificates, and if
> needed use short lived, throwaway ones.
> ]]]
> control his own what? "The user can create and control his own, self signed
> certificates" maybe?
> [[[
> The selected X509 certificate is sent back ]]] be more precise than "sent
> back": i.e. the browser sends the selected certificate to the server. The
> following shows an excerpt of the certificate:...
> The indentation of the last 2 lines looks odd, they should be indented
> further right than the line above them:
> X509v3 extensions:
>   X509v3 Subject Alternative Name:
>               URI:https://bob.net/id/bob
> Do you mean to have a yellow background? a box around it would probably look
> better.
> Make sure you're using the same WebID for Bob, the certificate specifies
> https://bob.net/id/bob and further in 6. you use https://bob.net/id/bob#me
> The point 7. is beyond the WebID authentication realm but that's good to
> give an idea of the type of things you can do once you have a WebID. I
> wonder if this could be made optional though, as otherwise it might make the
> reader think that WebID requires to have a whole FOAF network - quite the
> opposite, you can start using WebID with just one WebID URI and a public key
> in your profile document (as simple as that).
> [[[
> Passwords are difficult to remember or they are bad ]]] what do you mean by
> passwords being bad? because they are made too weak to be easier to
> remember? or are you criticizing the whole concept of using passwords?
> [[[
> as shipped in current browser
> ]]]
> s/browser/browsers
> [[[
> solving the trust problem - the biggest issue of WebID ]]] The biggest issue
> of WebID is the trust problem? you probably mean that the biggest issue
> WebID solves is the trust problem?
> Make sure to spell OpenID with uppercase ID: s/OpenId/OpenID
> [[[
> OpenId is especially important for a number of devices (cell phones
> often) that have not implemented client side certificates properly.
> ]]]
> I would add 'yet' so it reads "that have not yet implemented client side
> certificates properly", giving hope that they will in the future, and
> emphasizing that it is something that can be fixed by the browser vendors.
> [[[
> The browser could then make use of the information found in the WebID
> profile ....
> This WebID anchor can then be used by browsers ]]] Firefox Weave does not
> use WebID yet, right? so be consistent with could/can, I believe you want to
> use could here, otherwise 'can'
> implies it is already available...
> [[[
> With the rollout of critical infrastructure element such as DNSsec and
> IPV6 WebID should rise
> ]]]
> add comma after IPV6
> s/IPV6/IPv6
> [[[
>   that encompass everything from to personally controlled identities ]]]
> s/from to/from
> [[[
> role playing and employee identities
> ]]]
> what's a role playing identity???
> The HTML is not very clean and several spaces break the read flow at
> times....
> Steph.
> On Fri, Apr 22, 2011 at 6:42 AM, Henry Story<henry.story@bblfish.net>
> wrote:
>>  From yesterdays comments I have now tweaked the paper to the following
>>   http://bblfish.net/tmp/2011/04/22/
>> I think we really are there, it reads very well now, is clear, open to
>> new protocols (ldap included), makes friends in the TLS, dane, openid
>> and freedom box community, whilst also showing the government how they
>> can get some of what they want for little cost (important in the
> government cut back season, when Democratic presidents have to work with
> Republicans).
>> I'll  start passing this to members of this group who are not
>> participating here so actively, probably due to combined reason of
>> volume of mail  and holiday season, to see if we can get some other
>> feedback, some other points of views.
>> We can review some of this on Monday.
>> Henry



Kingsley Idehen	
President&  CEO
OpenLink Software
Web: http://www.openlinksw.com
Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca: kidehen
Received on Saturday, 23 April 2011 16:14:42 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:39:44 UTC