- From: Jonathan Rees <jar@creativecommons.org>
- Date: Sat, 23 Jan 2010 10:55:09 -0500
- To: Tyler Close <tyler.close@gmail.com>
- Cc: noah_mendelsohn@us.ibm.com, www-tag@w3.org
On Sat, Jan 23, 2010 at 5:24 AM, Tyler Close <tyler.close@gmail.com> wrote: > I understand that sometimes meaning is lost in email and especially in > meeting transcripts, so I just want to check that I understand the > current status of the discussion on ACTION-278. > > 1. The TAG does not dispute any of the arguments made in my web-key > paper <http://waterken.sf.net/web-key>. "The TAG" is a bunch of people and as a group they have formed no consensus. But from Thursday's discussion it seems quite clear that Noah disagrees with your paper. Whatever the benefits of web-keys, he doesn't think URIs should *ever* require protection or carry authority, and given where he starts I'm not sure how your paper could have much effect. I think part of the problem is that "sharing" in web architecture means "sharing with everyone" rather than the more general web-key notion of "sharing with those who you want to share with". The TAG findings seem to take an all-or-nothing view to sharing, putting access control basically outside of the purview of web architecture, even though it has a very simple solution within it. The roots of this position are historical (the web was created as a global information space), political (let's not make it too easy to create secret things that "divide the web"), and technical (access control is complicated and if we worried about it the architecture would topple under its own weight). This is an awful lot of baggage to try to put aside all at once... > 2. The TAG understands that unguessable URLs are used for > access-control by many of the most popular sites on the Web. For > example, this email contains a Google Docs URL [1] for a document I > have chosen to make readable by all readers of this mailing list, even > those who have never used Google Docs. Had I not so chosen, these > readers would not have access and I could have shared access with a > smaller group of people, or no one at all. Noah said that he didn't find popularity to be convincing, so this is irrelevant to him. > 3. Some members of the TAG believe that an unguessable https URL is a > "password in the clear", but that sending someone a URL and a separate > password to type into the web page is not a "password in the clear". > > 4. The TAG is currently sticking to its finding that prohibits use of > the web-key technique because Noah Mendelsohn says: "I don't like > that". There are no other substantive arguments that I could attempt > to refute. "The TAG" is just a bunch of people. "Sticking" sounds like an active thing, but all we have is "has not yet resolved to fix a previous TAG's consensus statement on the matter" which doesn't imply consensus in the current group that UMU is OK as it stands. It's very difficult to get any group to make any kind of consensus statement, especially when the group contains views as different as the ones Noah and I hold on this subject. > 5. The TAG does not dispute my argument that the current finding is > self-contradictory. Again, better not to say "The TAG"... If I can paraphrase Noah's argument, he asserts that URIs, simply by virtue of being URIs, are so likely to be made public that they shouldn't ever hold bits that need to be protected. If something needs to be kept private it shouldn't be in a URI. Somehow the password by virtue of being called a password is going to be protected, while the URI by virtue of being called a URI is going to be exposed. I don't agree with this; like you I think using URIs to designate is a good idea. While creating public good and "network effects" is a good thing, and the architecture should strive to make it easy to create public benefit, the public aspects of web architecture are not the only important ones - otherwise we wouldn't have https: and access control at all. I'm at a bit of a loss how to put the argument on a rational footing. One attempt to follow in subsequent email. Jonathan > I'm hoping there is some significant nuance I have missed. If so, > please point out which of the above statements is false and exactly > why, so that I can engage with that part of the discussion. > > --Tyler > > [1] https://docs.google.com/Doc?docid=0AYOd4-51pI6HZGc0d2Q3N2RfMGYyZmZ0cGdt&hl=en
Received on Saturday, 23 January 2010 15:55:42 UTC