W3C home > Mailing lists > Public > public-xg-webid@w3.org > February 2011

Re: Question: User Story -- Bootstrapping Facebook

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Thu, 10 Feb 2011 18:59:42 +0100
Message-ID: <AANLkTinM6QcR4+i-c6f84Wn2tc+VshGJdTY=iFwrMJQT@mail.gmail.com>
To: Peter Williams <home_pw@msn.com>
Cc: nathan@webr3.org, scorlosquet@gmail.com, henry.story@bblfish.net, "public-xg-webid@w3.org" <public-xg-webid@w3.org>
On 10 February 2011 18:38, Peter Williams <home_pw@msn.com> wrote:
>> >>> year. The use case we were discussing was about the Web in general wrt
>> >>> harvesting data for OGP, and the reason why OGP/FB will only consider
>> >>> the
>> >>> RDFa located in the <head> tag is that it's the only data they can
>> >>> trust
>> >>> to
>> >>> be authored by the author of the page (or the app), anything else on
>> >>> the
>> >>> page cannot be trusted and could be a comment left by some random
>> >>> person
>> >>> who
>> >>> would change the title of the page for example with some well crafted
>> >>> RDFa.
> if the webid claim asserted in via SSL client authn run ( using a
> self-signed or third party cert) points to self-signed version of the .crt
> file , then it can also contain in an extension some serialized RDF,
> including a bit of HTML with an RDFa component.
> There are variations
> 1. The webid's fragment tag can be a message-digest value, enabling the
> resource server to check the integrity of the graph culled from the profile
> document. AS Henry indicated, this makes it harder to rapidly change the
> profile doc (as one has to resign the self-signed cert, update the fragment
> tag for the new message digest value, and store it back on the server for
> use in identifier confirmation + graph integrity checking).
> 2. rather than use a self-signed cert, it could be a .crd file in windows
> land (that is just a self-signed xmldsig object, playing the same role as
> above).
> 3. its not hard to put either the xml of 2 or the serialized cert in an
> XHTML document. XML obviously works, and a cert can be reduced easily to a
> URI + querystring arg (with ascii-armored cert in "PEM" encoding) to be
> stored in the meta region as a LINK, tagged rel=webid.
> This all sacfices purity somewhat "of the foaf-agent". Buts, lots of graphs
> are getting sent around (which is what I want, right now) populating the
> world with graph processing capabilities. No major buyin is required of the
> IDPs (only their  billion, willing users able to edit a link...meta), since
> the dominant IDPs are usually a pretty parochial, self-centered lot - its a
> self-preservation thing, in order to stay being a dominant IDP that is not
> dis-intermediated.

Yes agree, tho for xmlsig you need to canonicalize and that can be tricky.

Contrary to popular belief, I think the W3C and The Web is not driven
by "purity".

In fact the W3C has no formal specifications, only recommendations.
The goal is for solutions to be universal and interoperable.

Tho, universal does not imply unique.  It's an acid test of a system,
imho, as to whether it can interoperate with a similar, universal
system.  Partly, this is what I wanted to try and explore in this

Received on Thursday, 10 February 2011 18:00:16 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:22 UTC