Re: On behalf of from 远洋 on 2011-02-04 (public-xg-webid@w3.org from February 2011)

From: 远洋 <corani@gmail.com>
Date: Fri, 4 Feb 2011 22:24:43 +0800
To: nathan@webr3.org
Cc: WebID XG <public-xg-webid@w3.org>
Message-ID: <AANLkTikkFshpu_29iqt6g5dV+C=1pbZdu1_ESnu1WfAA@mail.gmail.com>

On Fri, Feb 4, 2011 at 21:13, Nathan <nathan@webr3.org> wrote:
> Hi All,
>
> An increasingly common use case on the web, and one we may need to factor
> in, is the mashing of computations and continuations, as outlined in CREST
> [1].
>
> A common model outlined in the CloudStorage DI [2], is to separate the
> applications from the storage, such that each x in the (rough) model below
> is a data source, and the app is running in the agent (client side) with
> auth being peer to peer, app to data tier, as enabled by web id.
>
>  x   x   x   x   x
>   \  \   |   /  /
>    \  \  |  /  /
>        agent
>
> However, if we factor in services which mashup data, as below where each s
> is a service:
>
>  x   x  x   x   x
>  \  /   |   \  /
>   s     |    s
>    \    |   /
>     \   |  /
>       agent
>
> And we suppose that each x is ident/acl controlled, then s will need to
> contact x on behalf of the agent. We currently don't have a solution for
> this (?)
>

It would of course be trivially easy to let a service generate a key
pair, and then insert the public key into your profile document. The
service can then act on your behalf. This may however not be desired,
as it will give tremendous power to this service (they can impersonate
you anywhere on the web)

A kind of ACL, where restrictions per public key can be specified, may
be used to solve this problem.

> Such that currently, each agent would have to GET the data from x, pass it
> to s for computation, then GET back the result from s - which means s would
> be handling private data, and thus would need to be trusted.
>
>  x    x    x
>  \   |   /
>   \  |  /
>    agent
>    |   |
>    s   s
>
> Alternatively, each s could be an agent with a webid of it's own, and we
> could give a acl access to our x's - loosing the distinction between
> services and user agents, such that we just have agents, and agents have
> identities.
>
>  x   x     x     x   x
>   \   \    |    /   /
>    a - a - a - a - a
>
> Or perhaps, we have data storage agents, thus making no distinctions at all,
> and everything is just an agent
>
>  a--a--a
>  |\/|\/|
>  a--a--a
>
> I'm unsure which of these models is optimal, and whether we can preclude
> any, or have to cater for each, but it may be good to spend some time
> thinking about it.
>
> [1] http://www.erenkrantz.com/CREST/
> [2] http://www.w3.org/DesignIssues/CloudStorage.html
>
> Thanks to Joe Geldart (@arnia) for pointing this out.
>
> Best,
>
> Nathan
>
>



-- 
远洋 / Daniël Bos

email  : corani@gmail.com
phone  : +31-318-711063 (Dutch) / +86-18-701330735 (Chinese)
weblog : http://blog.loadingdata.nl/
ostatus: corani@status.loadingdata.nl

Received on Friday, 4 February 2011 14:25:37 UTC