Re: WebID prehistory

On 3 Feb 2011, at 17:12, Henry Story wrote:
> 
>> We also have a "scoping" decision to take: just like http/https is defined for use in intranets, is webid protocol to be usable in an intranet setting, using private profiles that are NEVER to be exposed to the web?
> 
> Of course, it should work there too, as specced out now.
> 
> You will need to teach your users when they are in the intranet and when they are out, and so you will loose in ease of use and in the other advantages that come from tying yourself into a global information space.
> 
> In my view the internet/intranet/extranet distinction will fade away with time. WebID makes it no longer necessary. Intranet/extranet form just very coarse grained access control. Access control on the level of a company. Access control at the (fire)walls of the company to be precise. That is exactly what led to wikileaks btw. 500 million to 1 million people having access to sensitive documents because once your inside the wall your OK, is not that good of a security model. 
> 
> It is much better to have resource level access control. This is what WebID enables. So why really should one still need the intranet/extranet distinction? It just makes things unwieldy. 


Yes, +1 here. 

How would you call what is happening around the private user profiles on Facebook? 

Facebook is a centralised hub storing user profiles, which contain data aggregated from all over the web via e.g. the "like" buttons. 
Some of those profiles are private, some ore public, most of them contain both private and public data, using fine grained controls, 
to define exactly which other Facebook identities can access which of the personal resources. 
Third parties (e.g. photo sharing services) can access a user profile, if the user authorises this. 

Does this correspond in any way to the intra-net / extranet / internet distinction ? 

I would characterise it as the type of eco-system which could get standardised and universal, as long as WebID provides the required foundation for authorisation of private resource access. 

Received on Friday, 4 February 2011 12:37:38 UTC