Re: Documenting implicit assumptions? from Stéphane Corlosquet on 2011-01-31 (public-xg-webid@w3.org from January 2011)

From: Stéphane Corlosquet <scorlosquet@gmail.com>
Date: Mon, 31 Jan 2011 11:12:44 -0500
To: Benjamin Heitmann <benjamin.heitmann@deri.org>
Cc: public-xg-webid@w3.org
Message-ID: <AANLkTimTR-Q0k6v6E4CsF8RWtqJPjAAUdqd+orgkd6-g@mail.gmail.com>

Hi Benjamin,

These are fair questions, thanks for raising them. Some assumptions might be
so obvious for some of us, we should state them somewhere so newcomers are
not confused.

On Mon, Jan 31, 2011 at 10:09 AM, Benjamin Heitmann <
benjamin.heitmann@deri.org> wrote:

> Hello,
>
> the people in this incubator group come from different organisations and
> have different motivations and goals
> for participating. So I was wondering if it might make sense to start
> documenting some (currently) implicit
> assumptions (or requirements) about a future WebID standard, or at least
> flagging those assumptions for discussion.
>
>
> As a start, I want to repeat something which has been stated in
> WebID-ISSUE-6:
>
> * a single user can have more then one certificate attached to a single
> WebID URI ("multiple SSL certs for one identity")
>

That would actually by the typical scenario for the regular Joe user
browsing the web from different browsers, on different machines. That's
multiple certs at a given time, but also multiple certs over time when some
certs expire (it's nice to garbage collect them on the WebID profile too, to
keep it clean, but that's up to your WebID profile manager).

>
> It might be an interesting exercise to figure out more implicit assumptions
> / requirements, document and discuss them,
> to figure out if there is a decision attached or if something is actually
> out of scope.
>
>
> Here are two implicit assumptions I have noticed:
>
> * the list of friends which is published together with a WebID is assumed
> to be public
>

hum, not an assumption I've made, and my WebIDs don't have any of my friends
on it. We should not prevent anyone from using the WebID just because they
have no (public) friends, dorks can have WebIDs too. With no public friend
claims, you might have a harder time once you log in to make yourself known
and trusted, but I can imagine some cases where you could be granted some
access just based your WebID URI, and that's it.

> (alternative: in order to participate in a web of trust, a WebID user has
> to make a part of his list of friends public)
>
> * the RDF which is returned when accessing a WebID is assumed to be public
>

some of it yes, at least the assertions needed for the authentication
process. Anything beyond is nice to have, best practice, part of the "WebID
etiquette".

Steph.

>
>
>
> Are these two assumptions widely agreed on? Because if not, provisions are
> required in order to allow the deviation from these assumptions.
>
>
> Equally importantly: Are there other assumptions which need to be
> documented?
>
>
>
>
>
> cheers, Benjamin.
>
>

Received on Monday, 31 January 2011 16:18:07 UTC