RE: [foaf-protocols] issue of initiating client auth for parallel SSL sessionids

My own induction in semweb is a case in question here. And, its relevant,
here, I feel. I know what I can do, and know a million realtors and their IT
support staff. I've seen how well the websso adoption issue played out, in
realty over the last 4 years; and can guess how this revolution will now
play out.


My model of semweb and success is one in which an HTML file (a graph) can be
improved on for machine reading making an RDF file (a graph). Once, once
could have the XML/RDF in HTML comment fields. In the XHTML case with RDFa,
the two combine together better than that, making nirvana. (I'm sure it's
only partial paradise, in reality, knowing web specs.)


Thus, with nothing more than browser plugins, the static world of the web of
HTML becomes the static machine-readable world of RDF - an optional addon
that facilitates machine reading due to the increased rigor. The
microformats world of course does this too, in practice -- not that I see
huge social adoption, even there.


And, we know in this webid protocol, that this "static document" model is
sufficient to implement the security enforcers of the protocol. Nothing more
is required of the user - the security engineer in me now speaking.


Then, there is a different world. It seems to assume that everyone has,
Google cloud like, a personal webserver -- a tenant of a major cloud
provider, in all likelihood. On that server, one runs a social web app, with
quite some intelligence. These endpoints have way more intelligence than
merely serving a static XHTML document over https.


Now, we should recall the whole Google rationale for signed XRD and
host-meta. This allowed the illusion of a personal endpoint - provided in
practice by a cloud provider by some nice re-naming games of service
endpoints. This seems to nicely facilitate the world of hosting personal
'social web servers' delivered using meta'd endpoints from a cloud provider
- albeit endpoints whose behaviours conform to the web architecture of REST,
using browsers (vs proxies) in general, and using webid protocol end-end,
for the webby security layer.


We should perhaps capture in the spec that there are two models. My motive
for the suggestion is what follows.


I don't see the social web server stuff happening en masse in 3 years (my
investment window). I can see the static document thing happening in 3 years
- mostly because I was able to do it myself using Opera Connect's "web
server in a browser" concept (and the semweb IP is now simple enough in
presentation, for the likes of me).  The latter seems doable, works, and one
can see things converging: theory, architecture, the like of opera's
innovation in reversing the channel, self-signed certs, SNI in https for
virtual hosting, server-side cert pingback to a simple foaf card, semweb
providing a rich descriptive framework with ontologies for normal flie (not
libraries), and importantly: makes a real new market (ranging from Google
full power cloud to older, simpler solutions) to employ folks etc.



From: []
On Behalf Of Henry Story
Sent: Tuesday, March 01, 2011 8:01 AM
To: peter williams
Cc:; WebID Incubator Group WG
Subject: Re: [foaf-protocols] issue of initiating client auth for parallel
SSL sessionids



On 1 Mar 2011, at 16:41, peter williams wrote:

In what was asserted (snip below), I said nothing about webid loosing its
user-centric'ness (perhaps Henry mis-stated). I said openid lost is
user-centric orientation, becoming a fiefdom of Yahoo and Google and
Microsoft, (where the Microsoft service for openid federation in the Azure
cloud specifically excludes all the n,000 wordrpess UCI IDPs)


Henry wrote:

On 28 Feb 2011, at 12:43, peter williams wrote:

[snip, stuff about webid loosing its user centric, and how WebID is
interested in RESTful web architecture solutions]


yes, Web Architecture is not an accidental aspect of the success of the web.


Yes, sorry. I mean [snip stuff about OpenId loosing its user centric...]

Received on Tuesday, 1 March 2011 17:09:58 UTC