[foaf-protocols] dtls + DNSsec + FOAF+SSL + google + Dane

peter williams home_pw at msn.com
Mon Dec 13 18:14:23 CET 2010

I see it as the job of the incubator process to use process to formulate a
"W3C-compatible" objective. Not only does it have to lead on something of
current importance of the wider constituency funding W3C, it has to lead in
a manner that reaches out to the complementary communities who should regard
the W3C's contribution as technically relevant - to the envisioned change.

So what technology is it that is currently at an inflection point - that
upon going asymptotic then facilitates a new class of socialization? I think
it has to be more than putting a webid in the client  cert URL naming field,
and sending it around using SSL over TCP.

Let consider 3 other, recent socialization events (that "repurposed" well
known technologies):

1. tiny URLs dealt [as an implicit social feedback tool] with the abuse of
blog/comment spam - dealing with the tendency to promote one's own blogsite
address when commenting

2. "windows-centric UI" (going beyond SGML-era page layout) facilitated
non-invasive "share-this" nazcar metaphor to become a norm of page design -
enabling the supporting identity-centric sites to go mainstream

3. And, in my own domain, mini-driver support in OSs coupled with
connectionless SSL support in mainstream (cisco) routers anyone to run a
virtual ISP, since virtual NICs on the user's desktop to point the
IE-browser at said virtual communities HTTP(s) proxy

One might argue that the pending  generation of multi-threading/core
consumer Atom CPUs and increases in memory to 4G should do for
locally-hosted semweb reasoning engines what more RAM did for realtime voice
recognition (about 2 years ago). But, that’s a semweb enabler, not a FOAF
assumption per se. FOAF  doesn’t need reasoning engines, merely to become
relevant to consumers...

If I put the above together, can one imagine an "adoption programe" -
playing the role of the W3C members who will form the incubator's inner

- Create an eco-system of virtual ISPs to which consumer "super-connect,"
using sslvpns. This takes the SSL in FOAF+SSL but twists it "just a tad" to
take advantage of newer SSL techniques focused on GROUPS

- Let the virtual ISP run a classical http proxy, that WILL release each
user's client cert (bearing webid) to requesting sites

- And, said cert has the usual webid naming fields, that spur the use of
FOAF cards and the url de-ferencing protocols - but only WITHIN the CURRENT
community who have flocked to a given SSLVPN

-the FOAF card is hosted/served from the client side of the SSLVPN
connection, much like opera browser co-joins one's PC with its Opera cloud
service (in contrast to the US-style Amazon, Google... cloud providers who
want to "control"  the hosted content)

Now, this thinking is specifically AIMING to NOT be pure. And, there goes my
semweb award, for service rendered to the cause! But, rather than wait for
the general solution (the web becomes the semweb), one focuses first on some
socialization breakthrough. The incubator has to find an Andresson moment,
similar to that when he told the former W3C politburo to go hang while he
added music file support ANYWAY to the mosaic browser (and thus fomented a
wave of adoption for the web in general, based on stuff consumers actually
want to socialize about).

If W3C can put together such a programme, it has something to add. Its
pushing the envelope, rather than merely acting as a standard group. There
is a renewed "political edge!"

-----Original Message-----
From: Melvin Carvalho [mailto:melvincarvalho at gmail.com] 
Sent: Sunday, December 12, 2010 5:49 PM
To: peter williams
Cc: Kingsley Idehen; foaf-protocols at lists.foaf-project.org
Subject: Re: [foaf-protocols] dtls + DNSsec + FOAF+SSL + google + Dane

On 12 December 2010 17:44, peter williams <home_pw at msn.com> wrote:
> If the incubator project is to attract the interest of the TLS types, 
> as sought, it has to be on grounds other than: isn’t the semweb/foaf 
> so special that you all come flock to our shores begging us for the 
> implications of its special relativity that facilitate scalable 
> identity management for all. If foaf theory was that special, that would
have happened by now.

Incubator is normally to get thoughts together and liaise with parties that
may have an interest, in preparation or a working group and finally a rec.

In our case, we're fairly well advanced, so it's a good starting point, and
gives us a chance to talk to intereted parties, and improve presentation
etc. based on feedback.

> As it stands, the next big think in the commercial web is probably 
> going to be microsoft cloud-hosting activeDirectory instances for all 
> comers, much as they added sql instance hosting. Google/Yahoo + 
> internet2/USG websso/trust-policy crowd are trying to compete against 
> ldaps with signed-XRDs, profiling the old XRDS/XRI protocol to meet 
> web2.0 culture  - much as netscape updated IETF’s ldapv1  into ldapv3 
> - enabling
> (paradoxically) microsoft’s AD to go mainstream. All these cloud 
> hosted images of “zones” and partitions of classes/attributes work of 
> course with multi-mastering, replication and caching. The local LAN 
> can also host a blade in the edge router at home, which supports 
> either a multi-mastered image of the zone/partition, or 
> locally-resigned secondary resources (more likely, using 
> suitably-designed counter-signature technology). The technology to do 
> all this is here, and economic in about 1 more year (once the wifi
router’s USB ports convert the router into a home “blade servers”).

MS are huge on the 'cloud'.  Lots to come in this area, I think we're only
at the very beginning.

> Im not sure why you think a webid with IP address is a world “without
> Each IP address is just a reverse-DNS name. Its bound to the name at 
> the ISP, when authorizing the flow of IP packets onto the public net. 
> Consumer PCs using broadband don’t get any choice whether this name 
> exists or not, or whether its published (or what records exist binding 
> that name at time t to the very real ATM path over the local loop from 
> ISP to the uniquely-identified DSL modem ASIC in the particular router).
> I think of FOAF (the project) as distinct from semweb generally, as it 
> assume everyone hosts their own [named\addressed] website, on their 
> own access point. That is, it’s the opposite of centralizing huge 
> triple stores in a google or Microsoft cloud -  which divorces folks 
> from control over their own data. In the true FOAF space, one has to 
> harmonize that political theory with trends that make it PRACTICAL for 
> grandma now to run her own website hosting her foaf card (and its got 
> to be no harder than the tech installing the home DSL modem talking 
> ATM to the ISP, while also setting up the other ATM path to the 
> digital TV content provider

FOAF is a semweb vocabulary.

The first web was a web of documents, and has been quite successful.
The next layer involves data, and that was planned from the begging.
FOAF/WebID is just a universal way of marking up something that represents a
Person, their profile details, and some of their relationships.

The idea of this is that it enables a social layer to be added to the web in
a universal way.  Remember universal does not mean unique.  The power of
universal is that it allows interoperability.  Either with other universa
social systems, or with other components, such as web of trust, geolocation,
entertainment, data.gov etc.

It's designed to be used in a central or decentral way, depending on the
implementation.  The universal nature gives not restriction.
However, it does find itself in a sweet spot that it's probably one of the
better decentral ID system out there.  Facebook or Google could adopt FOAF
tomorrow.  I would ecnourage them to do that, as it would give them a
competative advantage.

Grandma need not know what she's using, but hopefully she has a nice
grandson that will let her use safe, secure technologies that give her the
freedom to do what she wants and needs to do! :)

> From: foaf-protocols-bounces at lists.foaf-project.org
> [mailto:foaf-protocols-bounces at lists.foaf-project.org] On Behalf Of 
> Kingsley Idehen
> Sent: Sunday, December 12, 2010 7:55 AM
> To: foaf-protocols at lists.foaf-project.org
> Subject: Re: [foaf-protocols] dtls + DNSsec + FOAF+SSL + google + Dane
> On 12/12/10 1:22 AM, Peter Williams wrote:
> Assuming FOAF+SSL does have the strategic goal of migrating to DNSsec, 
> I think I’m starting to see where that IETF WG (dane) would fit into 
> an W3C incubation project – which focuses more on the FOAF side of 
> FOAF+SSL (assuming dane would work on a supporting class of 
> DTLS+DNS+zone concepts that specifically support huge numbers of 
> semweb clients dereffing countless webids).
> Peter,
> WebID protocol (nee. FOAF+SSL), isn't migrating to DNSsec.
> DNSsec is a complimentary effort at best.
> WebID works without DNS i.e. you can use a raw IP address in the 
> absolute worst case. That said, "man in the middle" attacks don't 
> really affect WebID since public key lookup (when de-referencing 
> structured profile graph) will ultimately fail.
> --
> Regards,
> Kingsley Idehen
> President & CEO
> OpenLink Software
> Web: http://www.openlinksw.com
> Weblog: http://www.openlinksw.com/blog/~kidehen
> Twitter/Identi.ca: kidehen
> _______________________________________________
> foaf-protocols mailing list
> foaf-protocols at lists.foaf-project.org
> http://lists.foaf-project.org/mailman/listinfo/foaf-protocols

More information about the foaf-protocols mailing list