Re: ACL

On 25 Jan 2011, at 20:14, Alexandre Passant wrote:

>> 
>> Every little thing we add can create a huge amount of workload. So we have to
>> be careful :-)
> 
> Indeed, one year is quite short, and we have to follow the charter to avoid "off-topic" work and provide the expected deliverables on time.
> 
> However, mentioning ACL and some existing ontologies could be relevant in the requirements document.

Agree.

> 
>> For example standardising ACLs could end up require work comparing
>> all kinds of ACLs ontologies, not an easy task. 
>> 
>> Perhaps the question to ask is: where does not having ACLs start creating 
>> interoperability limitations for WebID implementations? Ie, how far can we
>> go without them?
> 
> My feeling is that we could get WebID (authentication) without ACL issues. 
> What people do when the user is authenticated (e.g. use ACL ontology to deliver X or Y) is IMO a matter of the implementation, not of WebID itself.

Yes, a lot of ACL stuff does not need to be public, especially if we are dealing with more
human readable web. I think at some point it may start becoming evident that one needs
to make ACLs public. For example imagine a web where WebID is widely used. I have a picture
that only my friend sees. One of my friends like it, and posts a new post with my image in an
<img src="..."> pointing to my image. When he looks at his blog post it will look great. But
most of his friends will see a broken image. Somehow we need to allow his tools to know
that he either needs to copy the image, or that he needs to restrict the users who can see it.

But before that becomes a big problem, we need people to use distributed auth a lot more widely.
Still this could be an issue sooner than we think. Experience building such apps and testing them
in the Federated Social Web XG will tell us soon.

Henry


> 
> Alex.

Social Web Architect
http://bblfish.net/

Received on Tuesday, 25 January 2011 19:24:42 UTC