08:40:19 RRSAgent has joined #webid 08:40:19 logging to http://www.w3.org/2012/10/29-webid-irc 08:40:55 jin has joined #webid 08:41:35 I has joined ^^ 08:42:03 edreux has joined #webid 08:42:22 Cloudiway) 08:42:32 Emmanuel Dreux 08:42:39 topic: Introductions 08:42:40 http://cloudiway.com/en/ 08:43:03 scribenick: AnnBassetti 08:43:35 RRSAgent, set log public 08:43:42 Jean-Marc Vanel Hi , my FOAF profile : http://jmvanel.free.fr/jmv.rdf 08:43:43 RRSAgent, thanks 08:43:43 I'm logging. I don't understand 'thanks', timbl_. Try /msg RRSAgent help 08:43:46 starting gathering of WebID, ReadWriteWeb & Social Web CGs 08:43:49 starting gathering of WebID, ReadWriteWeb & Social Web CGs 08:44:07 attendees introducing themselves, getting going with IRC 08:44:21 Hi, My name is Toshiaki Tanaka 08:45:17 Sangrae Cho from ETRI 08:45:40 ETRI Korea 08:45:45 Seung-Hun jin From ETRI 08:45:56 deiu has joined #webid 08:46:14 www.etri.re.kr 08:46:16 jin and sagrae is doing identity management at ETRI 08:46:26 http://www.etri.re.kr 08:47:44 Frank Wagner, working for Deutsche Telekom, Group Privacy, responsible for privacy requirements in the product development processes of DT, member of tracking protection WG and privacy interest group, PING. Joined this group as an observer. 08:48:08 https://my-profile.eu/people/fwagner/card#me 08:48:25 Ann Bassetti, Boeing 08:49:15 Official english web site for ETRI is http://www.etri.re.kr/eng/main/index.etri 08:49:18 Hi my name is Jonathan Dray 08:50:30 Hey, i am Norman Richter from the univerity of Halle / Leipzig, Germany. I'm doing resarch on webid, web access control, pubsubhubbub. I'm still a student and planning to start with my final thesis on this subject within the next weeks/months. It's about delivering Linked Data over a PubHub with WebAccessControl / ACL to subscribers who should authentify with webid. 08:51:00 Sebastian Trueg (OpenLink Software) - http://www.openlinksw.com 08:51:27 http://web.ods.openlinksw.com 08:52:20 http://www.trueg.de/people/sebastian#me 08:52:30 HEnry Story, WebID Incubator chair http://bblfish.net/ 08:52:37 http://id.myopenlink.net/dataspace/person/trueg#this 08:54:16 Philipp Frischmuth, University of Leipzig - https://philipp.frischmuth24.de (currently offline), https://my-profile.eu/people/pfrischmuth/card#me (today ;-)) 08:54:22 http://bblish.net/people/henry/card#me 08:54:40 http://www.normanrichter.de/webid/norman#me 08:55:15 My name is Tim Berners-Lee, my webid is http://www.w3.org/People/Berners-Lee/card#i The tabulator is my project which uses a lot of read-write linked data, and webids. 08:56:29 ACL Access Control Web 08:56:38 esw.w3.org/WebAccessControl 08:56:46 http://esw.w3.org/WebAccessControl 08:57:11 oberger has joined #webid 08:58:25 http://bblfish.net/people/henry/card#me 08:58:45 morning 08:58:45 I have made a german translation to this http://esw.w3.org/WebAccessControl, i will put it later online 08:59:04 htttp://bblfish.net 08:59:10 htttp://bblfish.net/#hjs 09:03:48 topic: Tutorial 09:03:53 Henry Story gives introduction of WebID 09:08:18 JonathanJ1 has joined #webid 09:11:16 http://www.w3.org/2005/Incubator/webid/spec/#terminology 09:11:32 A WebID Verifier takes a WebID Certificate and verifies that the Subject of the Certificate is indeed identified by the Subject Alternative Name WebID published there. This is usually done, because the TLS Service Light did not verify the SAN using a Certificate Authority signature. But it can also be done to verify that the Certificate is still valid. 09:11:51 A webid is a URI which denotes an agent (e.g. a perdson) 09:12:58 jmvanel has joined #webid 09:13:13 When lookup up on the web, you get back infer about the person, including crypto info which allows us to have a login protocol based on this. 09:13:19 develD has joined #webid 09:13:20 http://xmlns.com/foaf/0.1/knows 09:15:23 todo: better explanation of dereference 09:15:41 this introduction includes history of philosophy, physics, ... and basic geek terminology 09:28:01 http://www.w3.org/community/webid 09:32:08 gaiaphj has joined #webid 09:32:30 Hello 09:45:12 rblin has joined #webid 10:00:25 deiu has joined #webid 10:00:57 We learn that "deiu" can be pronounced dayoo 10:02:41 christine_ has joined #webid 10:03:46 https://my-profile.eu/view.php?webid=http%3A%2F%2Fjmvanel.free.fr%2Fjmv.rdf%23me 10:04:10 http://jmvanel.free.fr/jmv.rdf#me 10:04:29 that's my webid :) 10:07:55 fwagner has joined #webid 10:08:31 JonathanJ has joined #webid 10:11:05 Hi everybody my name is Romain Blin i'm student at University of Saint-Etienne and I work on distrubuted and secured social network with rww and webid 10:14:05 Hey! My name is Andrei Sambra and I am responsible for the project MyProfile. 10:14:10 philipp has joined #webid 10:14:44 Hi all. Christine Runnegar (Internet Society). PING co-chair and member of Prov WG. Thanks for opening up your meeting today. 10:16:49 topic: Presentation of myProfile.eu 10:16:53 rrsagent, draft minutes 10:16:53 I have made the request to generate http://www.w3.org/2012/10/29-webid-minutes.html JonathanJ 10:16:58 abasset has joined #webid 10:17:05 betehess has joined #webid 10:17:07 andrei: people should be able to control what they publish online and control this data 10:17:25 RRSAgent, please draft minutes 10:17:25 I have made the request to generate http://www.w3.org/2012/10/29-webid-minutes.html betehess 10:17:46 andrei: myprofile allows people to host their profile on their machine: eg. their freedombox. 10:17:49 chair: bblfish 10:17:58 adrei: all beased on linked data 10:18:11 https://my-profile.eu/profile.php 10:19:06 gaiaphj has joined #webid 10:19:44 https://my-profile.eu/people/ /card#me 10:20:33 abasset: what's the difference between username and nickname? 10:20:38 andrei: you can change your nickname, but not your usernames, because its part of your identity 10:20:44 Topic: Andrei is demonstrating MyProfile 10:20:45 deiu: the username is part of the final URL 10:21:24 scribenick: betehess 10:23:07 deiu: sometimes your browser requires some certificate to be installed 10:24:04 This is my WebID - https://my-profile.eu/people/cora1618/card#me 10:24:28 This is my WebID - https://my-profile.eu/people/tonghara-1/card#me 10:24:33 ttanaka2 has joined #webid 10:28:07 pmaret has joined #webid 10:28:52 deiu: there are issues to create certificates in IE 10:29:05 bblfish: I've found a workaround for that 10:29:06 repasting for Pierre - https://my-profile.eu/profile.php 10:29:19 ... you need the server to do some stuff in the background 10:29:51 deiu, I hope you don't pay for the CPU ;) 10:30:36 timbl_: abasset, it's ok, your mother won't see it 10:31:34 [deiu showing certificate informations from the web interface] 10:32:02 jmvanel: can we add property values? 10:32:11 deiu: I want to support any kind of data 10:32:17 jmvanel: any roadmap? 10:32:24 deiu: don't know yet 10:32:41 s/property values/arbitrary property values/ 10:33:33 deiu: let me add a logo to my profile 10:34:07 ... now showing in my-profile.eu! 10:34:44 ... here we're using the pingback protocol 10:34:46 ... lots to be said 10:35:00 ... it's about sending little messages between endpoints 10:35:02 q+ 10:35:07 s/q+// 10:35:31 ... there is a pingback:to in my profile 10:35:46 http://de.slideshare.net/PhilippFrischmuth/ekaw-semantic-pingback 10:36:05 Zakim has joined #webid 10:36:17 q? 10:36:30 q+ to make relation with LDP and webbox 10:36:55 ack 10:37:03 ack next 10:37:04 betehess, you wanted to make relation with LDP and webbox 10:38:06 betehess: webbox relies on LDP to send data 10:38:13 q+ to authentication issue with a newly created webid 10:38:21 deiu: want to do something similar 10:38:24 ack next 10:38:25 jonathandray, you wanted to authentication issue with a newly created webid 10:38:46 we are solving bugs 10:39:18 could you show the pingback protocol in a sequence diagram à la UML ? 10:39:20 deiu: with jonathandray, we're seeing an SSL issue, related to ciphers 10:39:41 ... not sure why, you can try to force the SSL version 10:40:17 ... I had to restrict the number of ciphers to be supported in my platform for security issues 10:40:47 ... as I was vulnerable to the beast attack 10:40:55 ... I'm a security freak 10:41:06 q+ 10:41:07 ttanaka2 has joined #webid 10:41:18 ack next 10:41:56 bblfish: there are some free Certificate Authoritities (CA) 10:42:10 You can find a sequence diagram of Semantic Pingback in the paper: http://svn.aksw.org/papers/2010/EKAW_SemanticPingback/public.pdf 10:42:12 ... CAs are more or less reliable 10:42:16 DANE 10:42:22 ... it's a big issue for TLS 10:42:37 ... one workaround is DANE 10:42:47 ... you certificate could be in DNSSEC 10:42:59 ... it relies on DNS 10:44:01 ... this can prevent some of the issues with SSL, where DNS is spoofed and people are given wrong IP addresses when accessing a service 10:44:11 ... this is done at IETF 10:44:59 ... it's now possible to do secure DNS (with cryptography) 10:45:10 ... this is basically webid on server side 10:45:11 q+ 10:45:41 ... could be used by the server when retrieving the webids 10:45:56 I got it working : I had to uncheck the SSL 3.0 protocol in the browser protocols preferences 10:46:04 q+ to ask why webid could not rely on DANE directly (client side) 10:46:09 http://tools.ietf.org/html/rfc6698 10:46:18 http://tools.ietf.org/wg/dane/ 10:46:35 http://tools.ietf.org/html/rfc6394 10:46:44 ... their Working Group has almost completed their work by now 10:46:55 ack me 10:46:55 betehess, you wanted to ask why webid could not rely on DANE directly (client side) 10:46:56 q? 10:47:06 ack next 10:47:23 betehess: could webid rely on DANE directly? 10:47:31 bblfish: would not be a good idea 10:47:55 ... it does not look as usable 10:48:11 ... DANE is for domain names 10:49:13 [tlr introduces himself, he is a security geek] 10:49:48 tlr: people stores public key record in their DNS information 10:50:13 bblfish: do you know support for browser vendors? 10:50:17 tlr: no 10:50:17 q+ 10:50:22 q? 10:50:36 ack next 10:51:38 tlr has joined #webid 10:51:57 Alexandre Bertails' WebID https://my-profile.eu/people/betehess/card#me 10:52:22 bblfish: the point now that you have your webid is to go to a service that does not know anything about you yet 10:52:28 https://my-profile.eu/people/annbass/card#me 10:52:35 my webid : https://my-profile.eu/people/jonathandray/card#me 10:52:44 https://my-profile.eu/people/gaiaphj1/card#me 10:52:58 http://www.normanrichter.de/webid/norman#me 10:53:03 https://my-profile.eu/people/cora1618/card#me 10:53:14 q+ 10:53:23 https://my-profile.eu/people/gregoryB/card#me 10:53:34 agenda: http://www.w3.org/community/rww/wiki/TPAC-Lyon-2012 10:53:52 q- 10:54:03 If I click on https://my-profile.eu/people/jonathandray/foaf.rdf#me with FFox i get redirected to https://my-profile.eu/people/jonathandray/foaf.rdf#me 10:54:28 bblfish: I'm gonna create a foaf group of the members 10:54:36 ... and make use of that with ACLs 10:54:44 shh has joined #webid 10:54:48 ... for example to restrict access to a wiki based on this group 10:55:01 ... (probably for this afternoon) 10:55:33 ScribeNick: scribe 10:56:26 q+ 10:56:33 bblfish: it's nice to do light security 10:56:38 ... it's enough in many cases 10:56:54 edreux has joined #webid 10:57:09 ... it's a trade off between being flexible and "army-freak" 10:57:15 https://my-profile.eu/people/edreux/card#me 10:57:23 https://my-profile.eu/people/canary/card#me 10:57:51 timbl_: I'm pasting a webid in tabulator 10:58:03 ... I'm seeing informations about card#me 10:58:13 ... tabulator is a firefox add-on 10:58:30 http://www.w3.org/2005/ajar/tab 10:58:45 [timbl demoing tabulator on screen] 10:59:03 ... you should check out the latest version from github 10:59:18 http://www.w3.org/2005/ajar/tab 10:59:34 there's also a firefox extension 10:59:41 http://www.w3.org/wiki/TabulatorExtension 10:59:47 https://github.com/linkeddata/ 11:00:09 this is the link for the tabulator on github https://github.com/linkeddata/tabulator 11:00:14 timbl_: it looks at data 11:00:20 Topic: Timbl showing tabulator 11:00:23 ... eg. here is my rdf id 11:00:32 ... you see my webid info in there 11:00:36 Get a bleeding edge build of Tabulator here: http://dig.csail.mit.edu/2007/tab/snapshot 11:01:13 ... you see that the URL is still the same 11:01:40 ... you can find plenty of URIs, many with # 11:02:25 ... the little green/red dots say how many time the documents were fetched successfully 11:02:51 ... some of the URIs link me to my other identities 11:03:03 ... I could point to twitter, but they don't have RDF 11:03:21 ... you also find my friends 11:03:31 ... it's a very generic view 11:03:45 ... but you can tweak that with the little icons on the top 11:03:48 ... check/uncheck 11:04:09 ... you can even know what triples were picked up 11:04:25 ... here is an attempt for the facebook-like view 11:04:26 timbl_: with tabulator you can derefernce rdf resources 11:05:00 ... the "this is you" checkbox means that it knows about your webid 11:05:11 ... if you unckeck, you're unlogged 11:05:27 ... by reloading the page, you then have less informations 11:05:59 ... now, I can inspect my network of friends 11:06:17 ... as you can see, it's really a decentralized database 11:06:40 ... (could improve the user experience) 11:07:18 ... here we got a message saying that some data was deleted 11:07:24 ... we can re-fetch the data 11:08:59 ... "look back to me" 11:09:49 timbl is showing the tabulator profile that was descrubed by a doap vocabulary 11:09:51 ... let me show you the bug database 11:10:00 ... it's like a tracker 11:10:05 doap: http://en.wikipedia.org/wiki/Description_of_a_Project 11:10:09 ... all in RDF 11:10:38 doap ontology http://example.com/ns/doap# 11:10:46 ... here, the specific view is way more interesting than the default one 11:10:46 ... as you can see a real app 11:11:05 [showing how to navigate through issues] 11:11:28 ... we have an ontology for the tracker 11:12:19 ... the UI knows about the kind of literals you enter 11:12:40 ... the data is sent back to the server as you edit in place 11:12:43 note: timbl is using HTTP POST, PUT and GET to update the database 11:12:51 using SPARQL updates 11:13:13 ... the UI changes color to distinguish if the data was already written back or not 11:13:37 in order to make this globally available the LDP group has been developed http://www.w3.org/2012/ldp/hg/ldb.html 11:14:25 timbl, can you make the relation with LDP? 11:14:38 hmm .. clicking that LDB link, I get: "error: ldb.html@a3be44430b37: not found in manifest" 11:15:08 http://www.w3.org/2012/ldp/wiki/Main_Page 11:15:47 timbl_: we're now following what the LDP WG is doing 11:15:53 ... need ot adapt at some point 11:16:24 [Steeve Holbrook from IBM just arrived and mentioned their work with LDP] 11:16:46 bblfish: you need some restful interaction with the data 11:17:06 ... webid is important to LDP 11:17:18 ... to interact with this data 11:17:28 ... but we also need web access control 11:17:56 timbl_: eg, only some people should be allowed to add messages to the tracker 11:18:07 s/eg,/eg./ 11:18:45 shh has joined #webid 11:19:08 tlr has changed the topic to: http://www.w3.org/community/rww/wiki/TPAC-Lyon-2012 11:19:11 q? 11:20:01 jonathandray: what happens if you lost your certificate? how to get it back, proving that it's you? 11:20:20 deiu: not that moment, but you should be given the username/password option 11:20:33 ... then you could regenerate the certificate 11:20:56 q+ 11:21:01 q- jonathandray 11:21:20 timbl_: I have some issues between my-profile and tabulator 11:21:29 deiu: probably because of conneg 11:21:51 ... don't know what tabulator sends 11:22:01 ack me 11:22:02 problem is my myprofile is that it redircects request 11:22:11 that have an HTTP host 11:22:41 sorry that have an accept: text/html request 11:22:55 ldp working group 11:23:02 q? 11:23:08 bblfish: what's the foaf:GRoup URI? 11:23:26 betehess: look at LDP, as this is a fundamental work to make webid work with interoperability in mind 11:24:04 Topic: Post WebIDs 11:24:05 bblfish: please you webids right now please, to help me find them 11:24:12 https://my-profile.eu/people/annbass/card#me 11:24:12 https://my-profile.eu/people/pmaret/card#me 11:24:15 https://my-profile.eu/people/jonathandray/card#me 11:24:16 https://my-profile.eu/people/canary/card#me 11:24:19 https://my-profile.eu/people/cora1618/card#me 11:24:22 s/please you/please post again your/ 11:24:24 https://my-profile.eu/people/fwagner/card#me 11:24:27 https://my-profile.eu/people/pfrischmuth/card#me 11:24:28 http://www.normanrichter.de/webid/norman#me 11:24:33 https://my-profile.eu/people/betehess/card#me 11:24:34 Please repost the link to create a webid 11:24:59 https://my-profile.eu/people/gregoryB/card#me 11:25:03 RRSAgent, please generate minutes 11:25:03 I have made the request to generate http://www.w3.org/2012/10/29-webid-minutes.html betehess 11:25:14 deiu: I'm slowly moving to a triple store 11:25:57 ... should simplify my work on conneg 11:26:06 ... many things will become obsolete soon 11:26:35 gaiaphj has joined #webid 11:26:38 q? 11:26:49 q+ 11:26:56 ack tr 11:27:11 trueg: why is the redirect bad in this case? 11:27:17 ... don't understand the background 11:27:21 ... we also do that 11:27:38 timbl_: you have to decide what the URIs have to be 11:28:20 ... let me show using curl in a console 11:28:51 jmvanel has joined #webid 11:29:54 timbl_: I'm telling curl to get RDF data specifically 11:30:02 ... preferably not html 11:30:28 ... but I get back a message telling me to go somewhere else: 303 See Other 11:31:00 ... I'd like to get back the data for the document itself 11:31:13 q+ 11:31:29 q+ to comment on why 303 is bad in this case 11:31:43 trueg: why is this bad? 11:31:52 timbl_: because I want to see the URL of the document 11:33:01 ... 303 is really when the data has moved, it's obsolete 11:34:11 trueg: so you want the URL to map the virtual filesystem 11:34:31 betehess: if you move to another document, you can't interact with it anymore as you've lost the context 11:34:46 ... although it's ok if you're interested in read-only 11:35:23 timbl_: if you've got a bug with tabulator, please call me :-) 11:35:57 s/303 is really when the data has moved, it's obsolete// 11:36:15 303 is for when the original rename was of a arbitrary thing 11:36:27 and 303 redirects you to a document above it... 11:36:47 You do not need and should not use 303 when using hashes 11:37:06 RRSAgent, please generate minutes 11:37:06 I have made the request to generate http://www.w3.org/2012/10/29-webid-minutes.html betehess 12:47:45 philipp has joined #webid 12:48:08 philipp_ has joined #webid 12:51:25 jin has joined #webid 12:53:40 rblin has joined #webid 12:53:45 sangrae has joined #webid 12:54:19 bblfish has joined #webid 12:55:28 develD has joined #webid 12:55:34 philipp has joined #webid 12:56:49 jin has joined #webid 12:57:47 trueg has joined #webid 12:59:00 hi 13:00:40 ttanaka2 has joined #webid 13:04:16 christine_ has joined #webid 13:04:17 Ruinan has joined #webid 13:05:00 Topic: Open Questions 13:05:04 hi 13:05:46 gaiaphj has joined #webid 13:05:53 AnnBassetti has joined #webid 13:06:06 Topic: Relation to other Identity systems 13:06:51 public-identity@w3.org 13:07:25 http://lists.w3.org/Archives/Public/public-identity/ 13:07:40 wei has joined #webid 13:08:11 SteveH has joined #webid 13:09:37 deiu has joined #webid 13:09:59 gregory has joined #webid 13:10:09 betehess has joined #webid 13:10:31 http://www.w3.org/wiki/WebID 13:10:41 topic? 13:10:43 s/topic?// 13:11:02 wiki http://www.w3.org/wiki/Foaf%2Bssl 13:11:53 jonathandray has joined #webid 13:12:28 topic: relationship with other identity initiatives 13:13:19 bblfish: with openid, you have to type in your url 13:13:30 ... considered as a problem 13:13:42 scribenick: betehess 13:13:52 ... webid was inspired by openid 13:14:08 ... I wrote an article about that (including a sequence diagram for the protocol) 13:14:45 ... you get more information with webid with less connections 13:15:00 ... also, cryptography gives you a bit more 13:15:19 ... also, the other protocols don't use Linked Data 13:15:34 http://security.stackexchange.com/questions/5406/what-are-the-main-advantages-and-disadvantages-of-webid-compared-to-browserid 13:15:39 ... but they could, eg. Persona (used to be BrowserId, by Mozilla) 13:15:53 chsiao has joined #webid 13:15:58 ... this uses javascript in the browser for crypto 13:16:01 MacTed has joined #webid 13:16:09 ... they say it's decentralized 13:17:07 ... I don't think it is, because the private key is in the browser, so there is a problem about the origin (for what I understand) 13:17:20 ... this involves a redirect system 13:17:31 pmaret has joined #webid 13:18:35 ... nobody has denied that in the stackexchange article that I posted 13:18:54 ... TLS follows the principle of least power 13:19:00 ... it does one thing, very well 13:19:00 jmvanel has joined #webid 13:19:22 ... javascript gives you way too much in my view 13:19:31 ... but it's still important 13:19:41 ... but they could still use webid in their system I believe 13:19:55 ... eg. they use signed JSON certificates 13:20:12 ... and use javascript to prove that you're the one with the right private key 13:20:34 ... there is no reason for them not to have a real URL here 13:20:37 ... oauth does not use Linked Data 13:20:55 ... but you'd like your identity to be bound to a URI 13:21:05 ... it's the Web architecture 13:21:30 ... if you don't use it, you can't do as much and I consider it as broken 13:21:47 ... I heard about the Identity Alliance while at Sun 13:21:53 ... I believe it's SOAP-based 13:23:01 Kantara 13:23:06 Liberty Alliance 13:23:17 Kantara Initiative 13:23:31 s/Identity Alliance/Liberty Alliance/ 13:23:47 http://kantarainitiative.org/ 13:24:25 AnnBassetti: I can guaranty that Boeing will not be able to join the WebID work if this is not related to the Liberty Alliance somehow 13:24:28 s/Identity Alliance/Liberty Alliance/g 13:24:45 [Melvin Carvalho just arrived] 13:25:09 bblfish: maybe we need a real Working Group 13:25:21 ... we have Standards expert here who understand that 13:25:31 q+ 13:25:35 q- 13:26:03 AnnBassetti: it's hard to get people to move 13:26:15 christine_: it's easy to participate in Kantara work 13:26:29 ... you could see if this is relevant to what you guys are doing 13:27:07 ... for example, they have worked on an insurance framework for identity 13:27:13 timbl_ has joined #webid 13:27:15 ... relies on level of insurance 13:27:28 http://kantarainitiative.org/confluence/display/GI/Current+Members 13:27:45 deiu: based on the Web of Trust 13:27:56 ... with no central authority 13:28:13 q- 13:28:16 q- christine_ 13:28:17 q- 13:28:30 AnnBassetti: may not be enough for Boeing 13:28:33 timbl_: depends on what you do 13:29:36 http://kantarainitiative.org/idassurance/ 13:29:45 deiu: nothing prevents you from using your own central authority 13:29:59 bblfish: you could have an institutuional trust network 13:30:15 ... eg. the French government, and the German one... 13:30:28 ... you could have a similar trust network 13:30:38 ... this could be a strong trust 13:30:57 ... but at the end, it's just a social network 13:31:17 JonathanJ has joined #webid 13:31:31 AnnBassetti: how is this related to other work at W3C? 13:31:42 bblfish: Crypto WG, but that's it 13:31:56 SteveH: there was a workshop Identity in the Browser 13:32:02 bblfish: I presented webid there 13:32:17 ... browser vendors presented their work too 13:32:40 ... we didn't want to do identity, but decentralized networks 13:33:08 emmanuel: we're specialized in identity and access management 13:33:12 ... esp. for the cloud 13:33:32 ... for example, we synchronize LDAP and ActiveDirectory for our clients 13:33:45 ... with all thei SAS applications 13:33:53 ... we're linked to webid as we integrate it 13:34:10 fwagner has joined #webid 13:34:22 ... we're already deploying that in a school for 15000 students 13:34:34 ... using my-profile 13:34:52 scim ? 13:34:52 ... we work with IETF on SIM 13:35:06 deiu: using JSON-LD? 13:35:17 emmanuel: no, standard JSON 13:35:30 ... but now, we manage webid profiles in our platform 13:35:48 rrsagent, draft minutes 13:35:48 I have made the request to generate http://www.w3.org/2012/10/29-webid-minutes.html JonathanJ 13:36:20 ... also, we offer a virtual desktop and we suport multidevice (you can access your webid from different devices) 13:36:35 s/multidevice/multi-devices/ 13:37:11 Topic: Cloudiway demo 13:37:44 emmanuel: we started with my-profile 13:37:51 ... living on a separate branch 13:38:13 s/living/it's not living/ 13:40:44 gregory: I'm showing a local version of the service 13:41:05 ... if you want to get your certificate in another browser, you need a way to retrieve it 13:41:16 ... or you need to send it to another one 13:42:44 ... current UI is mainly for devs (still a bit hard) 13:43:01 ... you can add another device 13:43:18 ... you just register new devices 13:43:49 ... certificate is generated server-side, and then we can send it 13:43:59 timbl_: so the server knows the private key? 13:44:03 emmanuel: yes 13:44:09 ... it's easier like that 13:44:33 ... but we also have username/password 13:44:54 ... it's another way to recover your certificate 13:45:12 ... you can also register your new device from there 13:45:21 melvin: there is another way to do it 13:45:44 ... using @@@, will work for many desktop browsers 13:46:20 s/@@@/PKCS-11/ 13:47:06 emmanuel: but henry told us: why not generate different certificates? 13:47:21 q? 13:47:23 q+ 13:47:29 ... it's actually interesting, especially if your certificate got compromised 13:47:51 ... and your profile could have several public key 13:47:59 bblfish: yes, this should be reflected in the spec 13:48:02 q+ 13:48:06 todo: http://www.w3.org/2005/Incubator/webid/spec/#creating-a-certificate 13:48:08 ... where there is only one public key 13:48:19 ... and this question always comes up 13:48:36 ... "how to move a certificate from one place to another?" 13:48:50 ... your certificate is very valuable, usually your pay for that, but we make 0-cost 13:49:06 ... this TLS issue goes away 13:49:20 AnnBassetti: would be good to have all pros-cons listed somewhere 13:49:38 timbl_: not very good when the server gets to know the private key 13:50:01 emmanuel: we do it in a way such that the server is hosted publicly 13:50:14 q+ 13:50:14 ... but the customer profile can be hosted on their site 13:50:46 timbl_: can you delete the private key? 13:50:50 ... from server? 13:51:04 ... after it's sent to the user for example 13:52:34 bblfish: there used to be an issue on cellphones, where the private keys had to be sent with emails 13:53:16 Q? 13:53:16 q? 13:53:26 ack next 13:53:38 ack tru 13:54:12 trueg: just wanted to say that you can do the same today woth ODS 13:54:25 q? 13:54:26 s/woth/with/ 13:54:31 ack next 13:55:25 ODS, the OpenLInk DataSpaces (http://web.ods.openlinksw.com) is a WebID-enabled personal data management system which exposes all managed data as linked data. 13:55:36 emmanuel: another story, we want to link personal and professional profiles together, automatically 13:55:42 It is built upon the OpenLink Virtuoso Universal server 13:55:47 q? 13:56:10 deiu: just wanted to comment on storing the complete certificate 13:56:21 ... wouldn't be a problem if you trust the server 13:56:22 q+ 13:56:57 ... should work as long as you don't send things through emails 13:57:11 ... suggestion: don't send certificates by email 13:57:40 encrypted mail is a good scenario 13:57:47 + 13:57:56 q+ 13:58:06 emmanuel: people say us: I've lost my profile and machine, please recover my stuff 13:58:06 @AnnBassetti: re earlier q - WebRTC will be discussing Identity Handling tomorrow am - http://www.w3.org/2011/04/webrtc/wiki/October_29_-_October_30_2012#Tuesday_morning_0830-1200 13:58:14 q? 13:58:27 ack me 13:58:34 betehess: 13:58:58 +1 for the use case of saving public/private key for issues of encryption of mail 13:59:22 q+ 13:59:42 USer case: 10 thousand users that need to be certified "quickly"? 13:59:43 q- 14:00:10 timbl_: if you have a device which cannot create the device, you don't have a choice 14:00:15 q? 14:00:17 ... it's like a pairing operation 14:00:52 betehess: if we start saying that we have people storing private keys server-side, we'll have trouble selling webid 14:01:15 ... we should gather use-cases and see how to solve them 14:01:17 ack next 14:01:34 jmvanel: re: stolen computer: it's not good to use the same certificate 14:01:38 q+ 14:01:45 emmanuel: yes, we actually generate a new onw 14:01:47 ack next 14:02:34 bblfish: why not having people to go to your service, asking for credentials and re-generating the certificates? 14:02:39 emmanuel: it's jsut a different system 14:02:46 .. we target SAS applications 14:03:04 shh has joined #webid 14:03:08 q? 14:03:40 ... the admin must find a way to invalidate an account immediately 14:03:47 ... you need something to lbock the user 14:03:52 bblfish: you just change the ACLs 14:04:22 ... you can also remove the account page 14:04:38 emmanuel: if the company has only one account, that's fine 14:04:40 webr3 has joined #webid 14:04:48 q+ 14:05:09 ... in practice, people have plenty of accounts 14:05:34 q? 14:06:32 betehess: maybe this could be handled by WebACLs? 14:07:04 topic: WebACLs 14:07:05 Topic: WebACL 14:07:21 http://www.w3.org/wiki/WebAccessControl 14:08:24 [trueg demoing ODS] 14:08:41 trueg: ODS does everything -- including coffee 14:08:42 i put the german translation of WebAccessControl on the HTML part of my webid: http://www.normanrichter.de/webid/norman/index.html#me 14:08:59 ... it's done at OpenLink 14:09:02 AnnBassetti has joined #webid 14:09:36 ... in this page shown here, the integration is done with JS 14:09:46 ... the hard work happens in the back-end 14:10:19 ... the UI supports a lot of things, it's mostly a showcase 14:10:30 RRSAgent, please generate minutes 14:10:30 I have made the request to generate http://www.w3.org/2012/10/29-webid-minutes.html betehess 14:10:45 .. you can register new accounts 14:11:07 ... or just authenticate with webid 14:12:26 RRSAgent, make minutes public 14:12:26 I'm logging. I don't understand 'make minutes public', timbl_. Try /msg RRSAgent help 14:13:14 melvster has joined #webid 14:13:36 q+ 14:13:43 .../me AnnBassetti, yes, it's very slow: I was looking at the cached version 14:13:56 s|.../me AnnBassetti, yes, it's very slow: I was looking at the cached version|| 14:14:14 ... showing how to add new devices 14:14:45 ... but in the end, you still need to use old authentication technologies 14:15:05 ... but in my POV, you can't force people to use webid 14:15:20 ... we need to offer fallbacks, until this is really solved 14:17:10 http://web.ods.openlinksw.com 14:17:44 ... what I really is the decoupling btw the UI and the back-end 14:17:54 s/really/really like/ 14:19:44 +1 14:19:45 rrsagent, make logs public 14:19:47 q+ 14:19:52 rrsagent, make minutes 14:19:52 I have made the request to generate http://www.w3.org/2012/10/29-webid-minutes.html webr3 14:19:56 q- betehess 14:19:59 q- jmvanel 14:21:39 ack bblfish 14:22:07 bblfish: when I used to defend webid, I have to look at how it compares with other solutions 14:22:19 ... you can actually bind it to other systems 14:22:30 ... maybe you have an ontology to speak about it? 14:22:45 trueg: yes, everything is in your foaf profile 14:25:38 BREAK 14:26:41 since it's break, I'll mention that it would be nice to have a seperation between "webid" (personal uri) and "webid protocol" again, as ultimately everyone having a "webid", regardless of whether they use "webid protocol" or not is the goal, "webid protocol" is just one vector to get there 14:29:36 kidehen has joined #webid 14:50:43 chsiao has joined #webid 14:51:31 kidehen_ has joined #webid 14:52:11 kidehen_ has joined #webid 14:52:23 kidehen_ has left #webid 14:52:30 kidehen_ has joined #webid 14:54:59 philipp has joined #webid 14:55:39 fwagner has joined #webid 14:55:58 bblfish has joined #webid 14:59:16 Bernadette is introducing herself. 14:59:28 comed Linked Data in Government 14:59:40 she is working for the US gov, doing Linked Data 15:00:00 ... they produce a web platform for publishing data on the web 15:00:05 calamacus: open source platform for linked data 15:00:14 integrating openid 15:01:39 ODS: integrating other authentication protocols means that users can reuse data from other platforms/applications 15:02:16 ... it will be integrated in the "sponger" of ODS, which allows it to fetch data from multiple sources and create a unified local repository 15:03:20 pmaret has joined #webid 15:03:23 ... it will also allow users to authenticate using those applications (e.g. facebook, openID, twitter, etc.) 15:04:12 bblfish, openID only extracts the link to the identity provider, but an openID profile can just be the place where you publish a link to your personal profile 15:05:13 ... they can link back and forward [openID to WebID relations] to allow service providers to link the two authentication protocols 15:05:48 ... users can have an openID provider which links to the WebID profile 15:07:31 ... not sure about OAuth and how it ties in with the rest 15:08:01 ... there is a possibility to create an openID-to-WebID proxy 15:08:26 trueg: not sure how well OAuth can be used in such a poxy 15:08:59 q? 15:09:10 topic: access control 15:09:34 http://www.w3.org/wiki/WebAccessControl 15:10:09 bblfish: we could demo data.fm 15:11:58 melvster: bblfish will demo data.fm in the context of a user with an acl policy 15:12:31 melvster has joined #webid 15:13:52 www.w3.org/2005/Incubator/webid/team.n3 15:13:58 bblfish: users can be given access to a resource, by giving the user different access types (e.g. read, write, etc.) 15:14:27 ... created a foaf:group document with people attending the meeting at TPAC 15:14:37 http://www.w3.org/2005/Incubator/webid/tpac/group 15:14:43 ... respectively their WebIDs 15:15:35 https://test-rww.data.fm/ 15:15:39 trueg: will create a resource without granting access to it to anybody 15:16:04 Ruinan has joined #webid 15:16:05 wei has joined #webid 15:16:08 ... everyone will try to access that link and should normally fail to see it 15:16:32 http://bblfish.net/people/henry/card#me 15:16:42 melvster: testing ACL on data.fm with bblfish's WebID 15:17:14 JonathanJ has joined #webid 15:17:44 .... just added bblfish's WebID to the ACL file 15:18:14 ttanaka2 has joined #webid 15:19:40 Try to access: https://web.ods.openlinksw.com/DAV/home/sebastian.trueg/TPACTest/chinese-captcha.png 15:21:02 rrsagent, draft minutes 15:21:02 I have made the request to generate http://www.w3.org/2012/10/29-webid-minutes.html JonathanJ 15:22:32 ... there's a small problem with data.fm (melvster is trying to fix it) 15:22:41 ... testing the ODS version now 15:24:12 ... users are not allowed to view the resource 15:24:27 AnnBassetti has joined #webid 15:24:37 ... back to data.fm, once melvster added bblfish's WebID, bblfish can now view the resource that has been shared 15:25:43 ... the "Powder" ontology can be used to express regex requests, so that users can access subdirectories 15:28:17 bblfish: the ACL file can be found on a different server, and it can be used through a rel=meta link 15:32:49 what about roles in the wac ontology? 15:33:04 http://www.w3.org/2005/Incubator/webid/tpac/group#socWeb 15:33:43 my WebId : http://jmvanel.free.fr/jmv.rdf 15:34:01 http://www.w3.org/2005/Incubator/webid/team#we 15:34:18 first link contains all people with an interest in WebID 15:34:29 the second link contains people actively working on WebID 15:34:44 tpacbot has joined #webid 15:37:02 please try to access: https://web.ods.openlinksw.com/DAV/home/sebastian.trueg/TPACTest/chinese-captcha.png 15:41:34 Note about WebID and OpenID proxy: http://bit.ly/OcbR8w 15:42:48 http://melvincarvalho.com/ 15:44:14 I try to click on the "like" button and end up waiting for foafssl.org after choosing a cert 15:44:47 kidehen, "The post could not be found" 15:44:57 re. openID proxy 15:45:10 posts about using WebID based ACLs that leverage social entity relationship semantics: http://bit.ly/OcbR8w 15:45:55 deiu: the OpenID and WebID proxy service post? If so, goto: https://plus.google.com/112399767740508618350/posts/JC5eYe3XMXB 15:46:33 https://my-profile.eu/people/annbass/card#me 15:46:43 kidehen, still cannot open the URI 15:47:28 kidehen, "Your URL may be incorrect, the post may have been deleted, or this account may not have access to the post." 15:47:37 deiu: check with others re. https://plus.google.com/112399767740508618350/posts/JC5eYe3XMXB . I am looking at it. 15:47:38 I'm more concerned about that last part 15:48:13 @deiu : give me the URI 15:48:49 @deiu: do you mean the proxy pattern example as in: http://id.myopenlink.net/openid-proxy/id.vsp?w=http://id.myopenlink.net/dataspace/person/KingsleyUyiIdehen ? 15:48:53 SteveH has joined #webid 15:49:04 kidehen, https://plus.google.com/112399767740508618350/posts/JC5eYe3XMXB 15:49:29 I think I'm not in the circles you've shared the post with 15:49:40 @deiu: that's a local problem, I can de-reference it over here. Ask @trueg if he is having problems etc.. 15:50:39 kidehen, trueg is busy working on an ACL demo 15:51:56 @deiu : can you open: http://openid-demo.appspot.com/ ? 15:52:04 SteveH has left #webid 15:52:08 yes, it works 15:52:59 @deiu: if so, then use pattern: http://id.myopenlink.net/openid-proxy/id.vsp?w=http://id.myopenlink.net/dataspace/person/KingsleyUyiIdehen{URI-Serving-As-Your-WebID} 15:53:11 @deiu : in my case, I use: http://id.myopenlink.net/openid-proxy/id.vsp?w=http://id.myopenlink.net/dataspace/person/KingsleyUyiIdehen 15:54:08 @deiu : you will be find yourself in a WebID authentication flow (i.e., X.509 certs selection UI) even though the service is OpenID based. Simple benefit: Password authentication eliminated. 15:54:42 s/deiu: /deiu,/g 15:56:08 betehess has joined #webid 15:56:25 kidehen, "Error 22023 / R066: Unsupported case in CONVERT (incomplete RDF box -> IRI_ID)" 15:56:46 kidehen, switch to email for this convo please 15:57:16 @deiu : email or G+ is fine. What is your goal? Testing WebID+OpenID proxy? 15:58:48 Anne Bassetis use case: factory team have problem with computer security. They have to know who is logging on or off. 15:59:44 ... the problem is that it takes time to logout/login 16:03:25 meeting is adjourned until tomorrow (see the agenda for topics to be discussed) 16:05:08 ok, so that's all folks 16:05:37 RRSAgent, draft minutes 16:05:37 I have made the request to generate http://www.w3.org/2012/10/29-webid-minutes.html deiu 16:05:58 that's all for today folks 16:06:00 see you tomorrow 16:06:05 bye 16:12:15 trueg has joined #webid 16:15:40 timbl has joined #webid 16:23:45 fwagner has joined #webid 16:29:00 jonathandray has joined #webid 17:13:07 Zakim has left #webid 17:52:42 tlr has joined #webid 18:00:57 trackbot has joined #webid 19:00:12 kidehen has joined #webid 19:04:35 jonathandray has joined #webid 19:20:44 deiu: are you sorted now? If not, stick to trueg who will get stuff to me. Back online temporarily (due to hurricane) 19:42:55 Shared the following resource using an ACL that only allows TPAC foaf group members to de-ref: https://web.ods.openlinksw.com/DAV/home/kidehen/Public/StuffILike 19:44:40 Image showing the ODS-Briefcase UI (trueg: it works with Firefox, and I am having a patch applied to that other browsers work properly): https://dl.dropbox.com/u/11096946/webid-acl-and-rww-demo-based-on-tpac-group-screen-1.png 19:46:50 Note, your personal-verifiable URI (aka. WebID) needs to be in this document: http://www.w3.org/2005/Incubator/webid/tpac/group 19:47:22 I am testing for membership of the foaf:Goup denoted by URI: http://www.w3.org/2005/Incubator/webid/tpac/group#socWeb 20:14:40 bblfish has joined #webid 20:16:07 Here is a G+ note summarizing the above: http://bit.ly/S9eMPa . Let me know if it's inaccessible 20:29:32 develD has joined #webid 20:32:28 develD has joined #webid 21:50:13 deiu has joined #webid 22:06:13 trueg has joined #webid 22:12:25 trueg_ has joined #webid 22:14:17 All: this resource is only accessible to those in the TPAC group re. ACL test: https://kingsley.idehen.net/DAV/home/kidehen/Public/Linked%20Data%20Documents/dbpedia_to_fao_mapping.nt 22:14:38 next step is to get web.ods.openlinksw.com instance in sync with this instance 22:17:02 domel has joined #webid 22:47:08 tpacbot has joined #webid 23:43:05 The WebID ACLs for this resource should now perform as expected based on the requirement for TPAC foaf:Group membership: http://web.ods.openlinksw.com/DAV/home/kidehen/Public/StuffILike 23:43:08 sorry 23:43:12 https://web.ods.openlinksw.com/DAV/home/kidehen/Public/StuffILike 23:49:21 timbl_ has joined #webid