RE: Question: User Story -- Bootstrapping Facebook from peter williams on 2011-02-10 (public-xg-webid@w3.org from February 2011)

From: peter williams <home_pw@msn.com>
Date: Thu, 10 Feb 2011 04:17:29 -0800
To: "'Henry Story'" <henry.story@bblfish.net>, 'László Török' <ltorokjr@gmail.com>
CC: <nathan@webr3.org>, "'Melvin Carvalho'" <melvincarvalho@gmail.com>, "'WebID XG'" <public-xg-webid@w3.org>
Message-ID: <SNT143-ds2CBE8F46FED2A1DB5518992EC0@phx.gbl>

An implied requirement of webid protocol is being drawn out though, to be
made explicit in writing.

That the cert attribute in the profile must be publicly readable, and the
profile must have a public readability too.

If this was an IETF moderated process, the security section would have to
make it clear that - and ill use directory terminology to be generic - the
directory administrator typically has the power to avoid ACLs and write
security values (such as certs) and be well be the security authority who
issues a .p12 file to a directory user keying their user agent for strong
authyentication (to the directory, and public directory service consumers
like mail agents).

The security section is distinguishing the "orientation" of the main text
that may talk about users doing the above, implying there are security
properties that are normally true; normally until one considers the power of
the admin with elevated privileges.

-----Original Message-----
From: public-xg-webid-request@w3.org [mailto:public-xg-webid-request@w3.org]
On Behalf Of Henry Story
Sent: Thursday, February 10, 2011 3:22 AM
To: László Török
Cc: nathan@webr3.org; Melvin Carvalho; WebID XG
Subject: Re: Question: User Story -- Bootstrapping Facebook

On 10 Feb 2011, at 11:08, László Török wrote:

> 
> Ultimately, there are three questions for facebook here:
>  - would you ever allow users to sign in to facebook using webid(s)?
>  - would you ever allow people to use their facebook uri as a webid?
>  - would you publish users profile data (subject to their privacy
settings) in a machine readable way, at the profile uri?
> 
> Probably implicit, but: Would Fb let me publich my public key as part of
my profile? Could that be made public (without signing in)? 

None of these are technical questions. I don't see how we can answer them
here. 

That is why I was suggesting that if we turn this into a HOWTO for the wiki
to be turned into a deliverable, or added to the documentation, we should
not be using real company names. We can be a little bit more general and
speak of transforming Web2.0 services with profile pages into WebId enabled
services, as done here:

http://www.w3.org/wiki/Foaf%2Bssl/HOWTO#HOWTO_foaf.2Bssl_enable_your_Web_2.0
_application

At the same time I imagine that what will happen is that these types of
experiences will end up being written up in reviews, books and so on, and in
very great detail, taking into account all the special cases. But we don't
need to wait for that to happen. We can have a space to help people who are
willing to think for themselves enough to get going.

Henry

Social Web Architect
http://bblfish.net/

Received on Thursday, 10 February 2011 12:18:26 UTC