- From: Stéphane Corlosquet <scorlosquet@gmail.com>
- Date: Mon, 31 Jan 2011 11:12:44 -0500
- To: Benjamin Heitmann <benjamin.heitmann@deri.org>
- Cc: public-xg-webid@w3.org
- Message-ID: <AANLkTimTR-Q0k6v6E4CsF8RWtqJPjAAUdqd+orgkd6-g@mail.gmail.com>
Hi Benjamin, These are fair questions, thanks for raising them. Some assumptions might be so obvious for some of us, we should state them somewhere so newcomers are not confused. On Mon, Jan 31, 2011 at 10:09 AM, Benjamin Heitmann < benjamin.heitmann@deri.org> wrote: > Hello, > > the people in this incubator group come from different organisations and > have different motivations and goals > for participating. So I was wondering if it might make sense to start > documenting some (currently) implicit > assumptions (or requirements) about a future WebID standard, or at least > flagging those assumptions for discussion. > > > As a start, I want to repeat something which has been stated in > WebID-ISSUE-6: > > * a single user can have more then one certificate attached to a single > WebID URI ("multiple SSL certs for one identity") > That would actually by the typical scenario for the regular Joe user browsing the web from different browsers, on different machines. That's multiple certs at a given time, but also multiple certs over time when some certs expire (it's nice to garbage collect them on the WebID profile too, to keep it clean, but that's up to your WebID profile manager). > > It might be an interesting exercise to figure out more implicit assumptions > / requirements, document and discuss them, > to figure out if there is a decision attached or if something is actually > out of scope. > > > Here are two implicit assumptions I have noticed: > > * the list of friends which is published together with a WebID is assumed > to be public > hum, not an assumption I've made, and my WebIDs don't have any of my friends on it. We should not prevent anyone from using the WebID just because they have no (public) friends, dorks can have WebIDs too. With no public friend claims, you might have a harder time once you log in to make yourself known and trusted, but I can imagine some cases where you could be granted some access just based your WebID URI, and that's it. > (alternative: in order to participate in a web of trust, a WebID user has > to make a part of his list of friends public) > > * the RDF which is returned when accessing a WebID is assumed to be public > some of it yes, at least the assertions needed for the authentication process. Anything beyond is nice to have, best practice, part of the "WebID etiquette". Steph. > > > > Are these two assumptions widely agreed on? Because if not, provisions are > required in order to allow the deviation from these assumptions. > > > Equally importantly: Are there other assumptions which need to be > documented? > > > > > > cheers, Benjamin. > >
Received on Monday, 31 January 2011 16:18:07 UTC