W3C home > Mailing lists > Public > public-xg-webid@w3.org > June 2011

Re: distinction between authentication and identity/profile ?

From: Dan Brickley <danbri@danbri.org>
Date: Mon, 6 Jun 2011 13:07:05 +0200
Message-ID: <BANLkTingH0CS_7WvfCx1DCVeayN_TLDWjg@mail.gmail.com>
To: elf Pavlik <perpetual-tripper@wwelves.org>
Cc: public-xg-webid <public-xg-webid@w3.org>
On 6 June 2011 12:49, elf Pavlik <perpetual-tripper@wwelves.org> wrote:
> Hello,
> Great meeting some of you in Berlin!


> Sometimes I find a bit confusing in WebID, mixing identity/profile and using client certificate for authentication. How do you see making stronger distinction between those two? What if someone wants to have an URI and foaf profile but for authentication would like to use other mechanizm than client certificate, OpenID for example...
> Dees plain FOAF has exactly the same potential in terms of identity and social graph?
> Does WebID adds anything else to FOAF than authentication with client certificate?
> I appreciate any comments and links which can help me with clarifying it!

I think sometimes in our enthusiasm for various technologies, we
bundle various things together. Some of the enthusiasm people in the
webid/foaf+ssl have for "what WebID enables" reminds me of some of the
early over-enthusiasm people had for what "FOAF" might make possible.
And we see similar enthusiasm from others around OpenID/OAuth, or
XFN/hCard and other Microformats, etc. In practice, each specific
technology contributes a tool to a larger toolkit that enriches the

As far as FOAF is concerned, the basic idea is just that we treat Web
pages as making claims about the world (including about people), and
that we exploit whatever tools are available to encode/interpret those
claims, and to keep track of who made them. So in the FOAF project we
have the FOAF *vocabulary* as a kind of "starter dictionary" for
expressing some of these claims. And there are various syntactic
options for writing those claims (RDF/XML, RDFa, Microdata etc.) as
well as many other vocabularies you might use alongside FOAF, or
instead of FOAF.

So FOAF includes as a utility the foaf:openid property, and certainly
some data we'll end up associating with its source because they logged
in with OpenID. Other times we might know who-said-what from using PGP
or WebID or OAuth or XMPP or RelMeAuth or something else. The key
thing is that we can stand back from the technical detail and ask
quite human questions "Who said this? Who made this claim, and what
evidence do we have that they said it?". If we stand back from the
protocols for a little while, I think there is a pretty pluralistic
story that can be told about how everything fits together...


Received on Monday, 6 June 2011 11:07:32 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:39:45 UTC