[foaf-protocols] Consensus on Web Identity presentation to W3C
melvincarvalho at gmail.com
Wed Aug 25 23:43:55 CEST 2010
On 25 August 2010 23:14, Kingsley Idehen <kidehen at openlinksw.com> wrote:
> On 8/25/10 4:53 PM, Joe Presbrey wrote:
>> So glad to see this straightened out. Thanks to everyone for their
>> hard work on clearing up the intent and substance of the presentation
>> this week. I have a few more comments on this discussion and propose a
>> revision to slide 6 below.
>> It seems that the essence of this debate was confusion about whether
>> this presentation is of the WebID *protocol* (FOAF+SSL) or a
>> particular/envisioned WebID *application* (eg. user-experience) and
>> the distinction (if any) there is between them?
>> IMO, there is definitely a distinction and one that is quite dangerous
>> to misrepresent. WebID extends far beyond IE, Firefox, Safari, other
>> browsers, or any other user-agents. I think this _advantage_ might
>> still be missing/downplayed in the presentation and it would be a
>> shame for us or the W3C to miss this boat.
> Web Browsers are but one type of User Agent that benefits from WebID. In
> reality, WebID is vital to the emergence of those Smart User Agents we all
> long envisioned re. Web of Linked Data :-) They can now roam and explore
> Trusted Linked Data Webs.
We've also shown on this list you can do authn as one command on the command
line. This means the vast majority of rich clients can build it in with
only a few minutes work.
> For example, the email I just sent about SVN+WebID -- WebID
>> authentication with your JS/Flash WebID is incompatible with a full
>> roll-out of the WebID *protocol* across all HTTP/TLS/REST-based
>> applications and therefore serves as an insufficient example of the
>> full gravity of the advantages of WebID as a standardized *protocol*.
>> In another example, Melvin and I conjecture using WebID to
>> authenticate our foaf:friends and authorize them to listen to our
>> Shoutcast/MP3 streams in VLC/mplayer/etc.
>> Is there anything close to this kind of powerful, decentralized,
>> extensibile, interoperable, and yet secure authentication provided by
>> OpenID, WebFinger, etc? I think no.
> Awesome example!
> =Slide 6=
>> If we're presenting the *protocol*, strike at least 'Inability to
>> logout'. This is an application-specific limitation (as is
>> user-interface and browser-anything). See:
>> for an example of WebID Login+Logout in my *application*.
> Yep! I didn't grok the logout issue either.
> PS: I'm presenting the latest developments of the above
>> WebID-authenticated, Linked Data (space, Kingsley :) URI to
>> DIG at W3C/MIT on August 31st.
>> PPS: I see frequent confusion on this list of the authn/authz
>> terminology. As I understand it:
>> Authentication (authn) allows a user-agent to act on behalf of a given
>> security principal according to some mapping (eg.
>> Authorization (authz) determines which actions an authenticated
>> security principal may perform (WebID => GET/POST/PUT/DELETE).
> Yes, may a little note for ESW Wiki or even a long overdue glossary section
> re. WebID.
> Best wishes,
>> Joe Presbrey
> Kingsley Idehen
> President& CEO
> OpenLink Software
> Web: http://www.openlinksw.com
> Weblog: http://www.openlinksw.com/blog/~kidehen<http://www.openlinksw.com/blog/%7Ekidehen>
> Twitter/Identi.ca: kidehen
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the foaf-protocols