IRC log of webid on 2012-10-29

Timestamps are in UTC.

08:40:19 [RRSAgent]
RRSAgent has joined #webid
08:40:19 [RRSAgent]
logging to
08:40:55 [jin]
jin has joined #webid
08:41:35 [jin]
I has joined ^^
08:42:03 [edreux]
edreux has joined #webid
08:42:22 [edreux]
08:42:32 [edreux]
Emmanuel Dreux
08:42:39 [timbl_]
topic: Introductions
08:42:40 [bblfish]
08:43:03 [bblfish]
scribenick: AnnBassetti
08:43:35 [timbl_]
RRSAgent, set log public
08:43:42 [jmvanel]
Jean-Marc Vanel Hi , my FOAF profile :
08:43:43 [timbl_]
RRSAgent, thanks
08:43:43 [RRSAgent]
I'm logging. I don't understand 'thanks', timbl_. Try /msg RRSAgent help
08:43:46 [AnnBassetti]
starting gathering of WebID, ReadWriteWeb & Social Web CGs
08:43:49 [AnnBassetti]
starting gathering of WebID, ReadWriteWeb & Social Web CGs
08:44:07 [AnnBassetti]
attendees introducing themselves, getting going with IRC
08:44:21 [toshi]
Hi, My name is Toshiaki Tanaka
08:45:17 [sangrae]
Sangrae Cho from ETRI
08:45:40 [bblfish]
ETRI Korea
08:45:45 [jin]
Seung-Hun jin From ETRI
08:45:56 [deiu]
deiu has joined #webid
08:46:14 [sangrae]
08:46:16 [bblfish]
jin and sagrae is doing identity management at ETRI
08:46:26 [bblfish]
08:47:44 [fwagner]
Frank Wagner, working for Deutsche Telekom, Group Privacy, responsible for privacy requirements in the product development processes of DT, member of tracking protection WG and privacy interest group, PING. Joined this group as an observer.
08:48:08 [fwagner]
08:48:25 [AnnBassetti]
Ann Bassetti, Boeing
08:49:15 [sangrae]
Official english web site for ETRI is
08:49:18 [spiroid]
Hi my name is Jonathan Dray
08:50:30 [develD]
Hey, i am Norman Richter from the univerity of Halle / Leipzig, Germany. I'm doing resarch on webid, web access control, pubsubhubbub. I'm still a student and planning to start with my final thesis on this subject within the next weeks/months. It's about delivering Linked Data over a PubHub with WebAccessControl / ACL to subscribers who should authentify with webid.
08:51:00 [trueg]
Sebastian Trueg (OpenLink Software) -
08:51:27 [trueg]
08:52:20 [trueg]
08:52:30 [bblfish]
HEnry Story, WebID Incubator chair
08:52:37 [trueg]
08:54:16 [philipp]
Philipp Frischmuth, University of Leipzig - (currently offline), (today ;-))
08:54:22 [bblfish]
08:54:40 [develD]
08:55:15 [timbl_]
My name is Tim Berners-Lee, my webid is The tabulator <> is my project which uses a lot of read-write linked data, and webids.
08:56:29 [bblfish]
ACL Access Control Web
08:56:38 [bblfish]
08:56:46 [bblfish]
08:57:11 [oberger]
oberger has joined #webid
08:58:25 [bblfish]
08:58:45 [oberger]
08:58:45 [develD]
I have made a german translation to this, i will put it later online
08:59:04 [bblfish]
08:59:10 [bblfish]
09:03:48 [timbl_]
topic: Tutorial
09:03:53 [AnnBassetti]
Henry Story gives introduction of WebID
09:08:18 [JonathanJ1]
JonathanJ1 has joined #webid
09:11:16 [bblfish]
09:11:32 [bblfish]
A WebID Verifier takes a WebID Certificate and verifies that the Subject of the Certificate is indeed identified by the Subject Alternative Name WebID published there. This is usually done, because the TLS Service Light did not verify the SAN using a Certificate Authority signature. But it can also be done to verify that the Certificate is still valid.
09:11:51 [timbl_]
A webid is a URI which denotes an agent (e.g. a perdson)
09:12:58 [jmvanel]
jmvanel has joined #webid
09:13:13 [timbl_]
When lookup up on the web, you get back infer about the person, including crypto info which allows us to have a login protocol based on this.
09:13:19 [develD]
develD has joined #webid
09:13:20 [bblfish]
09:15:23 [bblfish]
todo: better explanation of dereference
09:15:41 [AnnBassetti]
this introduction includes history of philosophy, physics, ... and basic geek terminology
09:28:01 [AnnBassetti]
09:32:08 [gaiaphj]
gaiaphj has joined #webid
09:32:30 [gaiaphj]
09:45:12 [rblin]
rblin has joined #webid
10:00:25 [deiu]
deiu has joined #webid
10:00:57 [timbl_]
We learn that "deiu" can be pronounced dayoo
10:02:41 [christine_]
christine_ has joined #webid
10:03:46 [jmvanel]
10:04:10 [jmvanel]
10:04:29 [jmvanel]
that's my webid :)
10:07:55 [fwagner]
fwagner has joined #webid
10:08:31 [JonathanJ]
JonathanJ has joined #webid
10:11:05 [rblin]
Hi everybody my name is Romain Blin i'm student at University of Saint-Etienne and I work on distrubuted and secured social network with rww and webid
10:14:05 [deiu]
Hey! My name is Andrei Sambra and I am responsible for the project MyProfile.
10:14:10 [philipp]
philipp has joined #webid
10:14:44 [christine_]
Hi all. Christine Runnegar (Internet Society). PING co-chair and member of Prov WG. Thanks for opening up your meeting today.
10:16:49 [timbl_]
topic: Presentation of
10:16:53 [JonathanJ]
rrsagent, draft minutes
10:16:53 [RRSAgent]
I have made the request to generate JonathanJ
10:16:58 [abasset]
abasset has joined #webid
10:17:05 [betehess]
betehess has joined #webid
10:17:07 [bblfish]
andrei: people should be able to control what they publish online and control this data
10:17:25 [betehess]
RRSAgent, please draft minutes
10:17:25 [RRSAgent]
I have made the request to generate betehess
10:17:46 [bblfish]
andrei: myprofile allows people to host their profile on their machine: eg. their freedombox.
10:17:49 [betehess]
chair: bblfish
10:17:58 [bblfish]
adrei: all beased on linked data
10:18:11 [deiu]
10:19:06 [gaiaphj]
gaiaphj has joined #webid
10:19:44 [deiu]<username> /card#me
10:20:33 [betehess]
abasset: what's the difference between username and nickname?
10:20:38 [develD]
andrei: you can change your nickname, but not your usernames, because its part of your identity
10:20:44 [bblfish]
Topic: Andrei is demonstrating MyProfile
10:20:45 [betehess]
deiu: the username is part of the final URL
10:21:24 [betehess]
scribenick: betehess
10:23:07 [betehess]
deiu: sometimes your browser requires some certificate to be installed
10:24:04 [sangrae]
This is my WebID -
10:24:28 [jin]
This is my WebID -
10:24:33 [ttanaka2]
ttanaka2 has joined #webid
10:28:07 [pmaret]
pmaret has joined #webid
10:28:52 [betehess]
deiu: there are issues to create certificates in IE
10:29:05 [betehess]
bblfish: I've found a workaround for that
10:29:06 [christine_]
repasting for Pierre -
10:29:19 [betehess]
... you need the server to do some stuff in the background
10:29:51 [oberger]
deiu, I hope you don't pay for the CPU ;)
10:30:36 [betehess]
timbl_: abasset, it's ok, your mother won't see it
10:31:34 [betehess]
[deiu showing certificate informations from the web interface]
10:32:02 [betehess]
jmvanel: can we add property values?
10:32:11 [betehess]
deiu: I want to support any kind of data
10:32:17 [betehess]
jmvanel: any roadmap?
10:32:24 [betehess]
deiu: don't know yet
10:32:41 [timbl_]
s/property values/arbitrary property values/
10:33:33 [betehess]
deiu: let me add a logo to my profile
10:34:07 [betehess]
... now showing in!
10:34:44 [betehess]
... here we're using the pingback protocol
10:34:46 [betehess]
... lots to be said
10:35:00 [betehess]
... it's about sending little messages between endpoints
10:35:02 [betehess]
10:35:07 [betehess]
10:35:31 [betehess]
... there is a pingback:to in my profile
10:35:46 [philipp]
10:36:05 [Zakim]
Zakim has joined #webid
10:36:17 [bblfish]
10:36:30 [betehess]
q+ to make relation with LDP and webbox
10:36:55 [bblfish]
10:37:03 [betehess]
ack next
10:37:04 [Zakim]
betehess, you wanted to make relation with LDP and webbox
10:38:06 [betehess]
betehess: webbox relies on LDP to send data
10:38:13 [jonathandray]
q+ to authentication issue with a newly created webid
10:38:21 [betehess]
deiu: want to do something similar
10:38:24 [bblfish]
ack next
10:38:25 [Zakim]
jonathandray, you wanted to authentication issue with a newly created webid
10:38:46 [bblfish]
we are solving bugs
10:39:18 [jmvanel]
could you show the pingback protocol in a sequence diagram la UML ?
10:39:20 [betehess]
deiu: with jonathandray, we're seeing an SSL issue, related to ciphers
10:39:41 [betehess]
... not sure why, you can try to force the SSL version
10:40:17 [betehess]
... I had to restrict the number of ciphers to be supported in my platform for security issues
10:40:47 [betehess]
... as I was vulnerable to the beast attack
10:40:55 [betehess]
... I'm a security freak
10:41:06 [bblfish]
10:41:07 [ttanaka2]
ttanaka2 has joined #webid
10:41:18 [betehess]
ack next
10:41:56 [betehess]
bblfish: there are some free Certificate Authoritities (CA)
10:42:10 [philipp]
You can find a sequence diagram of Semantic Pingback in the paper:
10:42:12 [betehess]
... CAs are more or less reliable
10:42:16 [bblfish]
10:42:22 [betehess]
... it's a big issue for TLS
10:42:37 [betehess]
... one workaround is DANE
10:42:47 [betehess]
... you certificate could be in DNSSEC
10:42:59 [betehess]
... it relies on DNS
10:44:01 [betehess]
... this can prevent some of the issues with SSL, where DNS is spoofed and people are given wrong IP addresses when accessing a service
10:44:11 [betehess]
... this is done at IETF
10:44:59 [betehess]
... it's now possible to do secure DNS (with cryptography)
10:45:10 [betehess]
... this is basically webid on server side
10:45:11 [betehess]
10:45:41 [betehess]
... could be used by the server when retrieving the webids
10:45:56 [jonathandray]
I got it working : I had to uncheck the SSL 3.0 protocol in the browser protocols preferences
10:46:04 [betehess]
q+ to ask why webid could not rely on DANE directly (client side)
10:46:09 [bblfish]
10:46:18 [bblfish]
10:46:35 [bblfish]
10:46:44 [betehess]
... their Working Group has almost completed their work by now
10:46:55 [betehess]
ack me
10:46:55 [Zakim]
betehess, you wanted to ask why webid could not rely on DANE directly (client side)
10:46:56 [bblfish]
10:47:06 [bblfish]
ack next
10:47:23 [betehess]
betehess: could webid rely on DANE directly?
10:47:31 [betehess]
bblfish: would not be a good idea
10:47:55 [betehess]
... it does not look as usable
10:48:11 [betehess]
... DANE is for domain names
10:49:13 [betehess]
[tlr introduces himself, he is a security geek]
10:49:48 [betehess]
tlr: people stores public key record in their DNS information
10:50:13 [betehess]
bblfish: do you know support for browser vendors?
10:50:17 [betehess]
tlr: no
10:50:17 [betehess]
10:50:22 [bblfish]
10:50:36 [bblfish]
ack next
10:51:38 [tlr]
tlr has joined #webid
10:51:57 [betehess]
Alexandre Bertails' WebID
10:52:22 [betehess]
bblfish: the point now that you have your webid is to go to a service that does not know anything about you yet
10:52:28 [abasset]
10:52:35 [jonathandray]
my webid :
10:52:44 [gaiaphj]
10:52:58 [develD]
10:53:03 [sangrae]
10:53:14 [christine_]
10:53:23 [gregory]
10:53:34 [bblfish]
10:53:52 [christine_]
10:54:03 [timbl_]
If I click on"> with FFox i get redirected to
10:54:28 [betehess]
bblfish: I'm gonna create a foaf group of the members
10:54:36 [betehess]
... and make use of that with ACLs
10:54:44 [shh]
shh has joined #webid
10:54:48 [betehess]
... for example to restrict access to a wiki based on this group
10:55:01 [betehess]
... (probably for this afternoon)
10:55:33 [tlr]
ScribeNick: scribe
10:56:26 [jonathandray]
10:56:33 [betehess]
bblfish: it's nice to do light security
10:56:38 [betehess]
... it's enough in many cases
10:56:54 [edreux]
edreux has joined #webid
10:57:09 [betehess]
... it's a trade off between being flexible and "army-freak"
10:57:15 [edreux]
10:57:23 [christine_]
10:57:51 [betehess]
timbl_: I'm pasting a webid in tabulator
10:58:03 [betehess]
... I'm seeing informations about card#me
10:58:13 [betehess]
... tabulator is a firefox add-on
10:58:30 [AnnBassetti]
10:58:45 [betehess]
[timbl demoing tabulator on screen]
10:59:03 [betehess]
... you should check out the latest version from github
10:59:18 [develD]
10:59:34 [develD]
there's also a firefox extension
10:59:41 [develD]
10:59:47 [bblfish]
11:00:09 [bblfish]
this is the link for the tabulator on github
11:00:14 [betehess]
timbl_: it looks at data
11:00:20 [bblfish]
Topic: Timbl showing tabulator
11:00:23 [betehess]
... eg. here is my rdf id
11:00:32 [betehess]
... you see my webid info in there
11:00:36 [trueg]
Get a bleeding edge build of Tabulator here:
11:01:13 [betehess]
... you see that the URL is still the same
11:01:40 [betehess]
... you can find plenty of URIs, many with #
11:02:25 [betehess]
... the little green/red dots say how many time the documents were fetched successfully
11:02:51 [betehess]
... some of the URIs link me to my other identities
11:03:03 [betehess]
... I could point to twitter, but they don't have RDF
11:03:21 [betehess]
... you also find my friends
11:03:31 [betehess]
... it's a very generic view
11:03:45 [betehess]
... but you can tweak that with the little icons on the top
11:03:48 [betehess]
... check/uncheck
11:04:09 [betehess]
... you can even know what triples were picked up
11:04:25 [betehess]
... here is an attempt for the facebook-like view
11:04:26 [develD]
timbl_: with tabulator you can derefernce rdf resources
11:05:00 [betehess]
... the "this is you" checkbox means that it knows about your webid
11:05:11 [betehess]
... if you unckeck, you're unlogged
11:05:27 [betehess]
... by reloading the page, you then have less informations
11:05:59 [betehess]
... now, I can inspect my network of friends
11:06:17 [betehess]
... as you can see, it's really a decentralized database
11:06:40 [betehess]
... (could improve the user experience)
11:07:18 [betehess]
... here we got a message saying that some data was deleted
11:07:24 [betehess]
... we can re-fetch the data
11:08:59 [betehess]
... "look back to me"
11:09:49 [bblfish]
timbl is showing the tabulator profile that was descrubed by a doap vocabulary
11:09:51 [betehess]
... let me show you the bug database
11:10:00 [betehess]
... it's like a tracker
11:10:05 [bblfish]
11:10:09 [betehess]
... all in RDF
11:10:38 [bblfish]
doap ontology
11:10:46 [betehess]
... here, the specific view is way more interesting than the default one
11:10:46 [betehess]
... as you can see a real app
11:11:05 [betehess]
[showing how to navigate through issues]
11:11:28 [betehess]
... we have an ontology for the tracker
11:12:19 [betehess]
... the UI knows about the kind of literals you enter
11:12:40 [betehess]
... the data is sent back to the server as you edit in place
11:12:43 [bblfish]
note: timbl is using HTTP POST, PUT and GET to update the database
11:12:51 [bblfish]
using SPARQL updates
11:13:13 [betehess]
... the UI changes color to distinguish if the data was already written back or not
11:13:37 [bblfish]
in order to make this globally available the LDP group has been developed
11:14:25 [betehess]
timbl, can you make the relation with LDP?
11:14:38 [AnnBassetti]
hmm .. clicking that LDB link, I get: "error: ldb.html@a3be44430b37: not found in manifest"
11:15:08 [betehess]
11:15:47 [betehess]
timbl_: we're now following what the LDP WG is doing
11:15:53 [betehess]
... need ot adapt at some point
11:16:24 [betehess]
[Steeve Holbrook from IBM just arrived and mentioned their work with LDP]
11:16:46 [betehess]
bblfish: you need some restful interaction with the data
11:17:06 [betehess]
... webid is important to LDP
11:17:18 [betehess]
... to interact with this data
11:17:28 [betehess]
... but we also need web access control
11:17:56 [betehess]
timbl_: eg, only some people should be allowed to add messages to the tracker
11:18:07 [betehess]
11:18:45 [shh]
shh has joined #webid
11:19:08 [tlr]
tlr has changed the topic to:
11:19:11 [bblfish]
11:20:01 [betehess]
jonathandray: what happens if you lost your certificate? how to get it back, proving that it's you?
11:20:20 [betehess]
deiu: not that moment, but you should be given the username/password option
11:20:33 [betehess]
... then you could regenerate the certificate
11:20:56 [betehess]
11:21:01 [betehess]
q- jonathandray
11:21:20 [betehess]
timbl_: I have some issues between my-profile and tabulator
11:21:29 [betehess]
deiu: probably because of conneg
11:21:51 [betehess]
... don't know what tabulator sends
11:22:01 [betehess]
ack me
11:22:02 [bblfish]
problem is my myprofile is that it redircects request
11:22:11 [bblfish]
that have an HTTP host
11:22:41 [bblfish]
sorry that have an accept: text/html request
11:22:55 [bblfish]
ldp working group
11:23:02 [bblfish]
11:23:08 [trueg]
bblfish: what's the foaf:GRoup URI?
11:23:26 [betehess]
betehess: look at LDP, as this is a fundamental work to make webid work with interoperability in mind
11:24:04 [bblfish]
Topic: Post WebIDs
11:24:05 [betehess]
bblfish: please you webids right now please, to help me find them
11:24:12 [AnnBassetti]
11:24:12 [pmaret]
11:24:15 [jonathandray]
11:24:16 [christine_]
11:24:19 [sangrae]
11:24:22 [betehess]
s/please you/please post again your/
11:24:24 [fwagner]
11:24:27 [philipp]
11:24:28 [develD]
11:24:33 [betehess]
11:24:34 [shh]
Please repost the link to create a webid
11:24:59 [gregory]
11:25:03 [betehess]
RRSAgent, please generate minutes
11:25:03 [RRSAgent]
I have made the request to generate betehess
11:25:14 [betehess]
deiu: I'm slowly moving to a triple store
11:25:57 [betehess]
... should simplify my work on conneg
11:26:06 [betehess]
... many things will become obsolete soon
11:26:35 [gaiaphj]
gaiaphj has joined #webid
11:26:38 [betehess]
11:26:49 [trueg]
11:26:56 [betehess]
ack tr
11:27:11 [betehess]
trueg: why is the redirect bad in this case?
11:27:17 [betehess]
... don't understand the background
11:27:21 [betehess]
... we also do that
11:27:38 [betehess]
timbl_: you have to decide what the URIs have to be
11:28:20 [betehess]
... let me show using curl in a console
11:28:51 [jmvanel]
jmvanel has joined #webid
11:29:54 [betehess]
timbl_: I'm telling curl to get RDF data specifically
11:30:02 [betehess]
... preferably not html
11:30:28 [betehess]
... but I get back a message telling me to go somewhere else: 303 See Other
11:31:00 [betehess]
... I'd like to get back the data for the document itself
11:31:13 [betehess]
11:31:29 [betehess]
q+ to comment on why 303 is bad in this case
11:31:43 [betehess]
trueg: why is this bad?
11:31:52 [betehess]
timbl_: because I want to see the URL of the document
11:33:01 [betehess]
... 303 is really when the data has moved, it's obsolete
11:34:11 [betehess]
trueg: so you want the URL to map the virtual filesystem
11:34:31 [betehess]
betehess: if you move to another document, you can't interact with it anymore as you've lost the context
11:34:46 [betehess]
... although it's ok if you're interested in read-only
11:35:23 [betehess]
timbl_: if you've got a bug with tabulator, please call me :-)
11:35:57 [timbl_]
s/303 is really when the data has moved, it's obsolete//
11:36:15 [timbl_]
303 is for when the original rename was of a arbitrary thing
11:36:27 [timbl_]
and 303 redirects you to a document above it...
11:36:47 [timbl_]
You do not need and should not use 303 when using hashes
11:37:06 [betehess]
RRSAgent, please generate minutes
11:37:06 [RRSAgent]
I have made the request to generate betehess
12:47:45 [philipp]
philipp has joined #webid
12:48:08 [philipp_]
philipp_ has joined #webid
12:51:25 [jin]
jin has joined #webid
12:53:40 [rblin]
rblin has joined #webid
12:53:45 [sangrae]
sangrae has joined #webid
12:54:19 [bblfish]
bblfish has joined #webid
12:55:28 [develD]
develD has joined #webid
12:55:34 [philipp]
philipp has joined #webid
12:56:49 [jin]
jin has joined #webid
12:57:47 [trueg]
trueg has joined #webid
12:59:00 [bblfish]
13:00:40 [ttanaka2]
ttanaka2 has joined #webid
13:04:16 [christine_]
christine_ has joined #webid
13:04:17 [Ruinan]
Ruinan has joined #webid
13:05:00 [bblfish]
Topic: Open Questions
13:05:04 [develD]
13:05:46 [gaiaphj]
gaiaphj has joined #webid
13:05:53 [AnnBassetti]
AnnBassetti has joined #webid
13:06:06 [bblfish]
Topic: Relation to other Identity systems
13:06:51 [bblfish]
13:07:25 [bblfish]
13:07:40 [wei]
wei has joined #webid
13:08:11 [SteveH]
SteveH has joined #webid
13:09:37 [deiu]
deiu has joined #webid
13:09:59 [gregory]
gregory has joined #webid
13:10:09 [betehess]
betehess has joined #webid
13:10:31 [bblfish]
13:10:41 [betehess]
13:10:43 [betehess]
13:11:02 [bblfish]
13:11:53 [jonathandray]
jonathandray has joined #webid
13:12:28 [betehess]
topic: relationship with other identity initiatives
13:13:19 [betehess]
bblfish: with openid, you have to type in your url
13:13:30 [betehess]
... considered as a problem
13:13:42 [betehess]
scribenick: betehess
13:13:52 [betehess]
... webid was inspired by openid
13:14:08 [betehess]
... I wrote an article about that (including a sequence diagram for the protocol)
13:14:45 [betehess]
... you get more information with webid with less connections
13:15:00 [betehess]
... also, cryptography gives you a bit more
13:15:19 [betehess]
... also, the other protocols don't use Linked Data
13:15:34 [bblfish]
13:15:39 [betehess]
... but they could, eg. Persona (used to be BrowserId, by Mozilla)
13:15:53 [chsiao]
chsiao has joined #webid
13:15:58 [betehess]
... this uses javascript in the browser for crypto
13:16:01 [MacTed]
MacTed has joined #webid
13:16:09 [betehess]
... they say it's decentralized
13:17:07 [betehess]
... I don't think it is, because the private key is in the browser, so there is a problem about the origin (for what I understand)
13:17:20 [betehess]
... this involves a redirect system
13:17:31 [pmaret]
pmaret has joined #webid
13:18:35 [betehess]
... nobody has denied that in the stackexchange article that I posted
13:18:54 [betehess]
... TLS follows the principle of least power
13:19:00 [betehess]
... it does one thing, very well
13:19:00 [jmvanel]
jmvanel has joined #webid
13:19:22 [betehess]
... javascript gives you way too much in my view
13:19:31 [betehess]
... but it's still important
13:19:41 [betehess]
... but they could still use webid in their system I believe
13:19:55 [betehess]
... eg. they use signed JSON certificates
13:20:12 [betehess]
... and use javascript to prove that you're the one with the right private key
13:20:34 [betehess]
... there is no reason for them not to have a real URL here
13:20:37 [betehess]
... oauth does not use Linked Data
13:20:55 [betehess]
... but you'd like your identity to be bound to a URI
13:21:05 [betehess]
... it's the Web architecture
13:21:30 [betehess]
... if you don't use it, you can't do as much and I consider it as broken
13:21:47 [betehess]
... I heard about the Identity Alliance while at Sun
13:21:53 [betehess]
... I believe it's SOAP-based
13:23:01 [bblfish]
13:23:06 [bblfish]
Liberty Alliance
13:23:17 [christine_]
Kantara Initiative
13:23:31 [betehess]
s/Identity Alliance/Liberty Alliance/
13:23:47 [christine_]
13:24:25 [betehess]
AnnBassetti: I can guaranty that Boeing will not be able to join the WebID work if this is not related to the Liberty Alliance somehow
13:24:28 [betehess]
s/Identity Alliance/Liberty Alliance/g
13:24:45 [betehess]
[Melvin Carvalho just arrived]
13:25:09 [betehess]
bblfish: maybe we need a real Working Group
13:25:21 [betehess]
... we have Standards expert here who understand that
13:25:31 [christine_]
13:25:35 [betehess]
13:26:03 [betehess]
AnnBassetti: it's hard to get people to move
13:26:15 [betehess]
christine_: it's easy to participate in Kantara work
13:26:29 [betehess]
... you could see if this is relevant to what you guys are doing
13:27:07 [betehess]
... for example, they have worked on an insurance framework for identity
13:27:13 [timbl_]
timbl_ has joined #webid
13:27:15 [betehess]
... relies on level of insurance
13:27:28 [timbl_]
13:27:45 [betehess]
deiu: based on the Web of Trust
13:27:56 [betehess]
... with no central authority
13:28:13 [betehess]
13:28:16 [betehess]
q- christine_
13:28:17 [christine_]
13:28:30 [betehess]
AnnBassetti: may not be enough for Boeing
13:28:33 [betehess]
timbl_: depends on what you do
13:29:36 [christine_]
13:29:45 [betehess]
deiu: nothing prevents you from using your own central authority
13:29:59 [betehess]
bblfish: you could have an institutuional trust network
13:30:15 [betehess]
... eg. the French government, and the German one...
13:30:28 [betehess]
... you could have a similar trust network
13:30:38 [betehess]
... this could be a strong trust
13:30:57 [betehess]
... but at the end, it's just a social network
13:31:17 [JonathanJ]
JonathanJ has joined #webid
13:31:31 [betehess]
AnnBassetti: how is this related to other work at W3C?
13:31:42 [betehess]
bblfish: Crypto WG, but that's it
13:31:56 [betehess]
SteveH: there was a workshop Identity in the Browser
13:32:02 [betehess]
bblfish: I presented webid there
13:32:17 [betehess]
... browser vendors presented their work too
13:32:40 [betehess]
... we didn't want to do identity, but decentralized networks
13:33:08 [betehess]
emmanuel: we're specialized in identity and access management
13:33:12 [betehess]
... esp. for the cloud
13:33:32 [betehess]
... for example, we synchronize LDAP and ActiveDirectory for our clients
13:33:45 [betehess]
... with all thei SAS applications
13:33:53 [betehess]
... we're linked to webid as we integrate it
13:34:10 [fwagner]
fwagner has joined #webid
13:34:22 [betehess]
... we're already deploying that in a school for 15000 students
13:34:34 [betehess]
... using my-profile
13:34:52 [bblfish]
scim ?
13:34:52 [betehess]
... we work with IETF on SIM
13:35:06 [betehess]
deiu: using JSON-LD?
13:35:17 [betehess]
emmanuel: no, standard JSON
13:35:30 [betehess]
... but now, we manage webid profiles in our platform
13:35:48 [JonathanJ]
rrsagent, draft minutes
13:35:48 [RRSAgent]
I have made the request to generate JonathanJ
13:36:20 [betehess]
... also, we offer a virtual desktop and we suport multidevice (you can access your webid from different devices)
13:36:35 [betehess]
13:37:11 [bblfish]
Topic: Cloudiway demo
13:37:44 [betehess]
emmanuel: we started with my-profile
13:37:51 [betehess]
... living on a separate branch
13:38:13 [betehess]
s/living/it's not living/
13:40:44 [betehess]
gregory: I'm showing a local version of the service
13:41:05 [betehess]
... if you want to get your certificate in another browser, you need a way to retrieve it
13:41:16 [betehess]
... or you need to send it to another one
13:42:44 [betehess]
... current UI is mainly for devs (still a bit hard)
13:43:01 [betehess]
... you can add another device
13:43:18 [betehess]
... you just register new devices
13:43:49 [betehess]
... certificate is generated server-side, and then we can send it
13:43:59 [betehess]
timbl_: so the server knows the private key?
13:44:03 [betehess]
emmanuel: yes
13:44:09 [betehess]
... it's easier like that
13:44:33 [betehess]
... but we also have username/password
13:44:54 [betehess]
... it's another way to recover your certificate
13:45:12 [betehess]
... you can also register your new device from there
13:45:21 [betehess]
melvin: there is another way to do it
13:45:44 [betehess]
... using @@@, will work for many desktop browsers
13:46:20 [betehess]
13:47:06 [betehess]
emmanuel: but henry told us: why not generate different certificates?
13:47:21 [bblfish]
13:47:23 [bblfish]
13:47:29 [betehess]
... it's actually interesting, especially if your certificate got compromised
13:47:51 [betehess]
... and your profile could have several public key
13:47:59 [betehess]
bblfish: yes, this should be reflected in the spec
13:48:02 [trueg]
13:48:06 [bblfish]
13:48:08 [betehess]
... where there is only one public key
13:48:19 [betehess]
... and this question always comes up
13:48:36 [betehess]
... "how to move a certificate from one place to another?"
13:48:50 [betehess]
... your certificate is very valuable, usually your pay for that, but we make 0-cost
13:49:06 [betehess]
... this TLS issue goes away
13:49:20 [betehess]
AnnBassetti: would be good to have all pros-cons listed somewhere
13:49:38 [betehess]
timbl_: not very good when the server gets to know the private key
13:50:01 [betehess]
emmanuel: we do it in a way such that the server is hosted publicly
13:50:14 [deiu]
13:50:14 [betehess]
... but the customer profile can be hosted on their site
13:50:46 [betehess]
timbl_: can you delete the private key?
13:50:50 [betehess]
... from server?
13:51:04 [betehess]
... after it's sent to the user for example
13:52:34 [betehess]
bblfish: there used to be an issue on cellphones, where the private keys had to be sent with emails
13:53:16 [bblfish]
13:53:16 [betehess]
13:53:26 [bblfish]
ack next
13:53:38 [betehess]
ack tru
13:54:12 [betehess]
trueg: just wanted to say that you can do the same today woth ODS
13:54:25 [bblfish]
13:54:26 [betehess]
13:54:31 [betehess]
ack next
13:55:25 [trueg]
ODS, the OpenLInk DataSpaces ( is a WebID-enabled personal data management system which exposes all managed data as linked data.
13:55:36 [betehess]
emmanuel: another story, we want to link personal and professional profiles together, automatically
13:55:42 [trueg]
It is built upon the OpenLink Virtuoso Universal server
13:55:47 [bblfish]
13:56:10 [betehess]
deiu: just wanted to comment on storing the complete certificate
13:56:21 [betehess]
... wouldn't be a problem if you trust the server
13:56:22 [betehess]
13:56:57 [betehess]
... should work as long as you don't send things through emails
13:57:11 [betehess]
... suggestion: don't send certificates by email
13:57:40 [bblfish]
encrypted mail is a good scenario
13:57:47 [jmvanel]
13:57:56 [jmvanel]
13:58:06 [betehess]
emmanuel: people say us: I've lost my profile and machine, please recover my stuff
13:58:06 [christine_]
@AnnBassetti: re earlier q - WebRTC will be discussing Identity Handling tomorrow am -
13:58:14 [timbl_]
13:58:27 [betehess]
ack me
13:58:34 [timbl_]
13:58:58 [bblfish]
+1 for the use case of saving public/private key for issues of encryption of mail
13:59:22 [trueg]
13:59:42 [bblfish]
USer case: 10 thousand users that need to be certified "quickly"?
13:59:43 [trueg]
14:00:10 [betehess]
timbl_: if you have a device which cannot create the device, you don't have a choice
14:00:15 [bblfish]
14:00:17 [betehess]
... it's like a pairing operation
14:00:52 [betehess]
betehess: if we start saying that we have people storing private keys server-side, we'll have trouble selling webid
14:01:15 [betehess]
... we should gather use-cases and see how to solve them
14:01:17 [bblfish]
ack next
14:01:34 [betehess]
jmvanel: re: stolen computer: it's not good to use the same certificate
14:01:38 [bblfish]
14:01:45 [betehess]
emmanuel: yes, we actually generate a new onw
14:01:47 [betehess]
ack next
14:02:34 [betehess]
bblfish: why not having people to go to your service, asking for credentials and re-generating the certificates?
14:02:39 [betehess]
emmanuel: it's jsut a different system
14:02:46 [betehess]
.. we target SAS applications
14:03:04 [shh]
shh has joined #webid
14:03:08 [bblfish]
14:03:40 [betehess]
... the admin must find a way to invalidate an account immediately
14:03:47 [betehess]
... you need something to lbock the user
14:03:52 [betehess]
bblfish: you just change the ACLs
14:04:22 [betehess]
... you can also remove the account page
14:04:38 [betehess]
emmanuel: if the company has only one account, that's fine
14:04:40 [webr3]
webr3 has joined #webid
14:04:48 [betehess]
14:05:09 [betehess]
... in practice, people have plenty of accounts
14:05:34 [bblfish]
14:06:32 [betehess]
betehess: maybe this could be handled by WebACLs?
14:07:04 [betehess]
topic: WebACLs
14:07:05 [bblfish]
Topic: WebACL
14:07:21 [bblfish]
14:08:24 [betehess]
[trueg demoing ODS]
14:08:41 [betehess]
trueg: ODS does everything -- including coffee
14:08:42 [develD]
i put the german translation of WebAccessControl on the HTML part of my webid:
14:08:59 [betehess]
... it's done at OpenLink
14:09:02 [AnnBassetti]
AnnBassetti has joined #webid
14:09:36 [betehess]
... in this page shown here, the integration is done with JS
14:09:46 [betehess]
... the hard work happens in the back-end
14:10:19 [betehess]
... the UI supports a lot of things, it's mostly a showcase
14:10:30 [betehess]
RRSAgent, please generate minutes
14:10:30 [RRSAgent]
I have made the request to generate betehess
14:10:45 [betehess]
.. you can register new accounts
14:11:07 [betehess]
... or just authenticate with webid
14:12:26 [timbl_]
RRSAgent, make minutes public
14:12:26 [RRSAgent]
I'm logging. I don't understand 'make minutes public', timbl_. Try /msg RRSAgent help
14:13:14 [melvster]
melvster has joined #webid
14:13:36 [jmvanel]
14:13:43 [betehess]
.../me AnnBassetti, yes, it's very slow: I was looking at the cached version
14:13:56 [betehess]
s|.../me AnnBassetti, yes, it's very slow: I was looking at the cached version||
14:14:14 [betehess]
... showing how to add new devices
14:14:45 [betehess]
... but in the end, you still need to use old authentication technologies
14:15:05 [betehess]
... but in my POV, you can't force people to use webid
14:15:20 [betehess]
... we need to offer fallbacks, until this is really solved
14:17:10 [trueg]
14:17:44 [betehess]
... what I really is the decoupling btw the UI and the back-end
14:17:54 [betehess]
s/really/really like/
14:19:44 [bblfish]
14:19:45 [webr3]
rrsagent, make logs public
14:19:47 [bblfish]
14:19:52 [webr3]
rrsagent, make minutes
14:19:52 [RRSAgent]
I have made the request to generate webr3
14:19:56 [betehess]
q- betehess
14:19:59 [betehess]
q- jmvanel
14:21:39 [betehess]
ack bblfish
14:22:07 [betehess]
bblfish: when I used to defend webid, I have to look at how it compares with other solutions
14:22:19 [betehess]
... you can actually bind it to other systems
14:22:30 [betehess]
... maybe you have an ontology to speak about it?
14:22:45 [betehess]
trueg: yes, everything is in your foaf profile
14:25:38 [betehess]
14:26:41 [webr3]
since it's break, I'll mention that it would be nice to have a seperation between "webid" (personal uri) and "webid protocol" again, as ultimately everyone having a "webid", regardless of whether they use "webid protocol" or not is the goal, "webid protocol" is just one vector to get there
14:29:36 [kidehen]
kidehen has joined #webid
14:50:43 [chsiao]
chsiao has joined #webid
14:51:31 [kidehen_]
kidehen_ has joined #webid
14:52:11 [kidehen_]
kidehen_ has joined #webid
14:52:23 [kidehen_]
kidehen_ has left #webid
14:52:30 [kidehen_]
kidehen_ has joined #webid
14:54:59 [philipp]
philipp has joined #webid
14:55:39 [fwagner]
fwagner has joined #webid
14:55:58 [bblfish]
bblfish has joined #webid
14:59:16 [deiu]
Bernadette is introducing herself.
14:59:28 [bblfish]
comed Linked Data in Government
14:59:40 [deiu]
she is working for the US gov, doing Linked Data
15:00:00 [deiu]
... they produce a web platform for publishing data on the web
15:00:05 [bblfish]
calamacus: open source platform for linked data
15:00:14 [bblfish]
integrating openid
15:01:39 [deiu]
ODS: integrating other authentication protocols means that users can reuse data from other platforms/applications
15:02:16 [deiu]
... it will be integrated in the "sponger" of ODS, which allows it to fetch data from multiple sources and create a unified local repository
15:03:20 [pmaret]
pmaret has joined #webid
15:03:23 [deiu]
... it will also allow users to authenticate using those applications (e.g. facebook, openID, twitter, etc.)
15:04:12 [deiu]
bblfish, openID only extracts the link to the identity provider, but an openID profile can just be the place where you publish a link to your personal profile
15:05:13 [deiu]
... they can link back and forward [openID to WebID relations] to allow service providers to link the two authentication protocols
15:05:48 [deiu]
... users can have an openID provider which links to the WebID profile
15:07:31 [deiu]
... not sure about OAuth and how it ties in with the rest
15:08:01 [deiu]
... there is a possibility to create an openID-to-WebID proxy
15:08:26 [deiu]
trueg: not sure how well OAuth can be used in such a poxy
15:08:59 [deiu]
15:09:10 [deiu]
topic: access control
15:09:34 [bblfish]
15:10:09 [deiu]
bblfish: we could demo
15:11:58 [deiu]
melvster: bblfish will demo in the context of a user with an acl policy
15:12:31 [melvster]
melvster has joined #webid
15:13:52 [bblfish]
15:13:58 [deiu]
bblfish: users can be given access to a resource, by giving the user different access types (e.g. read, write, etc.)
15:14:27 [deiu]
... created a foaf:group document with people attending the meeting at TPAC
15:14:37 [bblfish]
15:14:43 [deiu]
... respectively their WebIDs
15:15:35 [melvster]
15:15:39 [deiu]
trueg: will create a resource without granting access to it to anybody
15:16:04 [Ruinan]
Ruinan has joined #webid
15:16:05 [wei]
wei has joined #webid
15:16:08 [deiu]
... everyone will try to access that link and should normally fail to see it
15:16:32 [bblfish]
15:16:42 [deiu]
melvster: testing ACL on with bblfish's WebID
15:17:14 [JonathanJ]
JonathanJ has joined #webid
15:17:44 [deiu]
.... just added bblfish's WebID to the ACL file
15:18:14 [ttanaka2]
ttanaka2 has joined #webid
15:19:40 [trueg]
Try to access:
15:21:02 [JonathanJ]
rrsagent, draft minutes
15:21:02 [RRSAgent]
I have made the request to generate JonathanJ
15:22:32 [deiu]
... there's a small problem with (melvster is trying to fix it)
15:22:41 [deiu]
... testing the ODS version now
15:24:12 [deiu]
... users are not allowed to view the resource
15:24:27 [AnnBassetti]
AnnBassetti has joined #webid
15:24:37 [deiu]
... back to, once melvster added bblfish's WebID, bblfish can now view the resource that has been shared
15:25:43 [deiu]
... the "Powder" ontology can be used to express regex requests, so that users can access subdirectories
15:28:17 [deiu]
bblfish: the ACL file can be found on a different server, and it can be used through a rel=meta link
15:32:49 [develD]
what about roles in the wac ontology?
15:33:04 [bblfish]
15:33:43 [jmvanel]
my WebId :
15:34:01 [bblfish]
15:34:18 [deiu]
first link contains all people with an interest in WebID
15:34:29 [deiu]
the second link contains people actively working on WebID
15:34:44 [tpacbot]
tpacbot has joined #webid
15:37:02 [deiu]
please try to access:
15:41:34 [kidehen]
Note about WebID and OpenID proxy:
15:42:48 [melvster]
15:44:14 [timbl_]
I try to click on the "like" button and end up waiting for after choosing a cert
15:44:47 [deiu]
kidehen, "The post could not be found"
15:44:57 [deiu]
re. openID proxy
15:45:10 [kidehen]
posts about using WebID based ACLs that leverage social entity relationship semantics:
15:45:55 [kidehen]
deiu: the OpenID and WebID proxy service post? If so, goto:
15:46:33 [AnnBassetti]
15:46:43 [deiu]
kidehen, still cannot open the URI
15:47:28 [deiu]
kidehen, "Your URL may be incorrect, the post may have been deleted, or this account may not have access to the post."
15:47:37 [kidehen]
deiu: check with others re. . I am looking at it.
15:47:38 [deiu]
I'm more concerned about that last part
15:48:13 [kidehen]
@deiu : give me the URI
15:48:49 [kidehen]
@deiu: do you mean the proxy pattern example as in: ?
15:48:53 [SteveH]
SteveH has joined #webid
15:49:04 [deiu]
15:49:29 [deiu]
I think I'm not in the circles you've shared the post with
15:49:40 [kidehen]
@deiu: that's a local problem, I can de-reference it over here. Ask @trueg if he is having problems etc..
15:50:39 [deiu]
kidehen, trueg is busy working on an ACL demo
15:51:56 [kidehen]
@deiu : can you open: ?
15:52:04 [SteveH]
SteveH has left #webid
15:52:08 [deiu]
yes, it works
15:52:59 [kidehen]
@deiu: if so, then use pattern:{URI-Serving-As-Your-WebID}
15:53:11 [kidehen]
@deiu : in my case, I use:
15:54:08 [kidehen]
@deiu : you will be find yourself in a WebID authentication flow (i.e., X.509 certs selection UI) even though the service is OpenID based. Simple benefit: Password authentication eliminated.
15:54:42 [timbl_]
s/deiu: /deiu,/g
15:56:08 [betehess]
betehess has joined #webid
15:56:25 [deiu]
kidehen, "Error 22023 / R066: Unsupported case in CONVERT (incomplete RDF box -> IRI_ID)"
15:56:46 [deiu]
kidehen, switch to email for this convo please
15:57:16 [kidehen]
@deiu : email or G+ is fine. What is your goal? Testing WebID+OpenID proxy?
15:58:48 [bblfish]
Anne Bassetis use case: factory team have problem with computer security. They have to know who is logging on or off.
15:59:44 [deiu]
... the problem is that it takes time to logout/login
16:03:25 [deiu]
meeting is adjourned until tomorrow (see the agenda for topics to be discussed)
16:05:08 [bblfish]
ok, so that's all folks
16:05:37 [deiu]
RRSAgent, draft minutes
16:05:37 [RRSAgent]
I have made the request to generate deiu
16:05:58 [bblfish]
that's all for today folks
16:06:00 [bblfish]
see you tomorrow
16:06:05 [deiu]
16:12:15 [trueg]
trueg has joined #webid
16:15:40 [timbl]
timbl has joined #webid
16:23:45 [fwagner]
fwagner has joined #webid
16:29:00 [jonathandray]
jonathandray has joined #webid
17:13:07 [Zakim]
Zakim has left #webid
17:52:42 [tlr]
tlr has joined #webid
18:00:57 [trackbot]
trackbot has joined #webid
19:00:12 [kidehen]
kidehen has joined #webid
19:04:35 [jonathandray]
jonathandray has joined #webid
19:20:44 [kidehen]
deiu: are you sorted now? If not, stick to trueg who will get stuff to me. Back online temporarily (due to hurricane)
19:42:55 [kidehen]
Shared the following resource using an ACL that only allows TPAC foaf group members to de-ref:
19:44:40 [kidehen]
Image showing the ODS-Briefcase UI (trueg: it works with Firefox, and I am having a patch applied to that other browsers work properly):
19:46:50 [kidehen]
Note, your personal-verifiable URI (aka. WebID) needs to be in this document:
19:47:22 [kidehen]
I am testing for membership of the foaf:Goup denoted by URI:
20:14:40 [bblfish]
bblfish has joined #webid
20:16:07 [kidehen]
Here is a G+ note summarizing the above: . Let me know if it's inaccessible
20:29:32 [develD]
develD has joined #webid
20:32:28 [develD]
develD has joined #webid
21:50:13 [deiu]
deiu has joined #webid
22:06:13 [trueg]
trueg has joined #webid
22:12:25 [trueg_]
trueg_ has joined #webid
22:14:17 [kidehen]
All: this resource is only accessible to those in the TPAC group re. ACL test:
22:14:38 [kidehen]
next step is to get instance in sync with this instance
22:17:02 [domel]
domel has joined #webid
22:47:08 [tpacbot]
tpacbot has joined #webid
23:43:05 [kidehen]
The WebID ACLs for this resource should now perform as expected based on the requirement for TPAC foaf:Group membership:
23:43:08 [kidehen]
23:43:12 [kidehen]
23:49:21 [timbl_]
timbl_ has joined #webid