29 Oct 2012


See also: IRC log


AnnBassetti, betehess, scribe


<jin> I has joined ^^

<edreux> Cloudiway)

<edreux> Emmanuel Dreux


<bblfish> http://cloudiway.com/en/

<bblfish> scribenick: AnnBassetti

<jmvanel> Jean-Marc Vanel Hi , my FOAF profile : http://jmvanel.free.fr/jmv.rdf

starting gathering of WebID, ReadWriteWeb & Social Web CGs

starting gathering of WebID, ReadWriteWeb & Social Web CGs

attendees introducing themselves, getting going with IRC

<toshi> Hi, My name is Toshiaki Tanaka

<sangrae> Sangrae Cho from ETRI

<bblfish> ETRI Korea

<jin> Seung-Hun jin From ETRI

<sangrae> www.etri.re.kr

<bblfish> jin and sagrae is doing identity management at ETRI

<bblfish> http://www.etri.re.kr

<fwagner> Frank Wagner, working for Deutsche Telekom, Group Privacy, responsible for privacy requirements in the product development processes of DT, member of tracking protection WG and privacy interest group, PING. Joined this group as an observer.

<fwagner> https://my-profile.eu/people/fwagner/card#me

Ann Bassetti, Boeing

<sangrae> Official english web site for ETRI is http://www.etri.re.kr/eng/main/index.etri

<spiroid> Hi my name is Jonathan Dray

<develD> Hey, i am Norman Richter from the univerity of Halle / Leipzig, Germany. I'm doing resarch on webid, web access control, pubsubhubbub. I'm still a student and planning to start with my final thesis on this subject within the next weeks/months. It's about delivering Linked Data over a PubHub with WebAccessControl / ACL to subscribers who should authentify with webid.

<trueg> Sebastian Trueg (OpenLink Software) - http://www.openlinksw.com

<trueg> http://web.ods.openlinksw.com

<trueg> http://www.trueg.de/people/sebastian#me

<bblfish> HEnry Story, WebID Incubator chair http://bblfish.net/

<trueg> http://id.myopenlink.net/dataspace/person/trueg#this

<philipp> Philipp Frischmuth, University of Leipzig - https://philipp.frischmuth24.de (currently offline), https://my-profile.eu/people/pfrischmuth/card#me (today ;-))

<bblfish> http://bblish.net/people/henry/card#me

<develD> http://www.normanrichter.de/webid/norman#me

<timbl_> My name is Tim Berners-Lee, my webid is http://www.w3.org/People/Berners-Lee/card#i The tabulator <http://dig.csail.mit.edu/2005/ajar/ajaw/data#Tabulator> is my project which uses a lot of read-write linked data, and webids.

<bblfish> ACL Access Control Web

<bblfish> esw.w3.org/WebAccessControl

<bblfish> http://esw.w3.org/WebAccessControl

<bblfish> http://bblfish.net/people/henry/card#me

<oberger> morning

<develD> I have made a german translation to this http://esw.w3.org/WebAccessControl, i will put it later online

<bblfish> htttp://bblfish.net

<bblfish> htttp://bblfish.net/#hjs


Henry Story gives introduction of WebID

<bblfish> http://www.w3.org/2005/Incubator/webid/spec/#terminology

<bblfish> A WebID Verifier takes a WebID Certificate and verifies that the Subject of the Certificate is indeed identified by the Subject Alternative Name WebID published there. This is usually done, because the TLS Service Light did not verify the SAN using a Certificate Authority signature. But it can also be done to verify that the Certificate is still valid.

<timbl_> A webid is a URI which denotes an agent (e.g. a perdson)

<timbl_> When lookup up on the web, you get back infer about the person, including crypto info which allows us to have a login protocol based on this.

<bblfish> http://xmlns.com/foaf/0.1/knows

<bblfish> todo: better explanation of dereference

this introduction includes history of philosophy, physics, ... and basic geek terminology


<gaiaphj> Hello

<timbl_> We learn that "deiu" can be pronounced dayoo

<jmvanel> https://my-profile.eu/view.php?webid=http%3A%2F%2Fjmvanel.free.fr%2Fjmv.rdf%23me

<jmvanel> http://jmvanel.free.fr/jmv.rdf#me

<jmvanel> that's my webid :)

<rblin> Hi everybody my name is Romain Blin i'm student at University of Saint-Etienne and I work on distrubuted and secured social network with rww and webid

<deiu> Hey! My name is Andrei Sambra and I am responsible for the project MyProfile.

<christine_> Hi all. Christine Runnegar (Internet Society). PING co-chair and member of Prov WG. Thanks for opening up your meeting today.

Presentation of myProfile.eu

<bblfish> andrei: people should be able to control what they publish online and control this data

<bblfish> andrei: myprofile allows people to host their profile on their machine: eg. their freedombox.

<bblfish> adrei: all beased on linked data

<deiu> https://my-profile.eu/profile.php

<deiu> https://my-profile.eu/people/<username> /card#me

<betehess> abasset: what's the difference between username and nickname?

<develD> andrei: you can change your nickname, but not your usernames, because its part of your identity

Andrei is demonstrating MyProfile

<betehess> deiu,the username is part of the final URL

<betehess> scribenick: betehess

deiu,sometimes your browser requires some certificate to be installed

<sangrae> This is my WebID - https://my-profile.eu/people/cora1618/card#me

<jin> This is my WebID - https://my-profile.eu/people/tonghara-1/card#me

deiu,there are issues to create certificates in IE

bblfish: I've found a workaround for that

<christine_> repasting for Pierre - https://my-profile.eu/profile.php

bblfish: you need the server to do some stuff in the background

<oberger> deiu, I hope you don't pay for the CPU ;)

timbl_: abasset, it's ok, your mother won't see it

[deiu showing certificate informations from the web interface]

jmvanel: can we add arbitrary property values?

deiu,I want to support any kind of data

jmvanel: any roadmap?

deiu,don't know yet

deiu,let me add a logo to my profile

scribe: now showing in my-profile.eu!
... here we're using the pingback protocol
... lots to be said
... it's about sending little messages between endpoints
... there is a pingback:to in my profile

<philipp> http://de.slideshare.net/PhilippFrischmuth/ekaw-semantic-pingback

<bblfish> ack

<Zakim> betehess, you wanted to make relation with LDP and webbox

betehess: webbox relies on LDP to send data

deiu,want to do something similar

<Zakim> jonathandray, you wanted to authentication issue with a newly created webid

<bblfish> we are solving bugs

<jmvanel> could you show the pingback protocol in a sequence diagram � la UML ?

deiu,with jonathandray, we're seeing an SSL issue, related to ciphers

scribe: not sure why, you can try to force the SSL version
... I had to restrict the number of ciphers to be supported in my platform for security issues
... as I was vulnerable to the beast attack
... I'm a security freak

bblfish: there are some free Certificate Authoritities (CA)

<philipp> You can find a sequence diagram of Semantic Pingback in the paper: http://svn.aksw.org/papers/2010/EKAW_SemanticPingback/public.pdf

bblfish: CAs are more or less reliable

<bblfish> DANE

bblfish: it's a big issue for TLS
... one workaround is DANE
... you certificate could be in DNSSEC
... it relies on DNS
... this can prevent some of the issues with SSL, where DNS is spoofed and people are given wrong IP addresses when accessing a service
... this is done at IETF
... it's now possible to do secure DNS (with cryptography)
... this is basically webid on server side
... could be used by the server when retrieving the webids

<jonathandray> I got it working : I had to uncheck the SSL 3.0 protocol in the browser protocols preferences

<bblfish> http://tools.ietf.org/html/rfc6698

<bblfish> http://tools.ietf.org/wg/dane/

<bblfish> http://tools.ietf.org/html/rfc6394

bblfish: their Working Group has almost completed their work by now

<Zakim> betehess, you wanted to ask why webid could not rely on DANE directly (client side)

betehess: could webid rely on DANE directly?

bblfish: would not be a good idea
... it does not look as usable
... DANE is for domain names

[tlr introduces himself, he is a security geek]

tlr: people stores public key record in their DNS information

bblfish: do you know support for browser vendors?

tlr: no

Alexandre Bertails' WebID https://my-profile.eu/people/betehess/card#me

bblfish: the point now that you have your webid is to go to a service that does not know anything about you yet

<abasset> https://my-profile.eu/people/annbass/card#me

<jonathandray> my webid : https://my-profile.eu/people/jonathandray/card#me

<gaiaphj> https://my-profile.eu/people/gaiaphj1/card#me

<develD> http://www.normanrichter.de/webid/norman#me

<sangrae> https://my-profile.eu/people/cora1618/card#me

<gregory> https://my-profile.eu/people/gregoryB/card#me

<timbl_> If I click on https://my-profile.eu/people/jonathandray/foaf.rdf#me with FFox i get redirected to https://my-profile.eu/people/jonathandray/foaf.rdf#me

bblfish: I'm gonna create a foaf group of the members
... and make use of that with ACLs
... for example to restrict access to a wiki based on this group
... (probably for this afternoon)

<tlr> ScribeNick: scribe

<betehess> bblfish: it's nice to do light security

<betehess> ... it's enough in many cases

<betehess> ... it's a trade off between being flexible and "army-freak"

<edreux> https://my-profile.eu/people/edreux/card#me

<christine_> https://my-profile.eu/people/canary/card#me

<betehess> timbl_: I'm pasting a webid in tabulator

<betehess> ... I'm seeing informations about card#me

<betehess> ... tabulator is a firefox add-on

<AnnBassetti> http://www.w3.org/2005/ajar/tab

<betehess> [timbl demoing tabulator on screen]

<betehess> ... you should check out the latest version from github

<develD> http://www.w3.org/2005/ajar/tab

<develD> there's also a firefox extension

<develD> http://www.w3.org/wiki/TabulatorExtension

<bblfish> https://github.com/linkeddata/

<bblfish> this is the link for the tabulator on github https://github.com/linkeddata/tabulator

<betehess> timbl_: it looks at data

Timbl showing tabulator

<betehess> ... eg. here is my rdf id

<betehess> ... you see my webid info in there

<trueg> Get a bleeding edge build of Tabulator here: http://dig.csail.mit.edu/2007/tab/snapshot

<betehess> ... you see that the URL is still the same

<betehess> ... you can find plenty of URIs, many with #

<betehess> ... the little green/red dots say how many time the documents were fetched successfully

<betehess> ... some of the URIs link me to my other identities

<betehess> ... I could point to twitter, but they don't have RDF

<betehess> ... you also find my friends

<betehess> ... it's a very generic view

<betehess> ... but you can tweak that with the little icons on the top

<betehess> ... check/uncheck

<betehess> ... you can even know what triples were picked up

<betehess> ... here is an attempt for the facebook-like view

<develD> timbl_: with tabulator you can derefernce rdf resources

<betehess> ... the "this is you" checkbox means that it knows about your webid

<betehess> ... if you unckeck, you're unlogged

<betehess> ... by reloading the page, you then have less informations

<betehess> ... now, I can inspect my network of friends

<betehess> ... as you can see, it's really a decentralized database

<betehess> ... (could improve the user experience)

<betehess> ... here we got a message saying that some data was deleted

<betehess> ... we can re-fetch the data

<betehess> ... "look back to me"

<bblfish> timbl is showing the tabulator profile that was descrubed by a doap vocabulary

<betehess> ... let me show you the bug database

<betehess> ... it's like a tracker

<bblfish> doap: http://en.wikipedia.org/wiki/Description_of_a_Project

<betehess> ... all in RDF

<bblfish> doap ontology http://example.com/ns/doap#

<betehess> ... here, the specific view is way more interesting than the default one

<betehess> ... as you can see a real app

<betehess> [showing how to navigate through issues]

<betehess> ... we have an ontology for the tracker

<betehess> ... the UI knows about the kind of literals you enter

<betehess> ... the data is sent back to the server as you edit in place

<bblfish> note: timbl is using HTTP POST, PUT and GET to update the database

<bblfish> using SPARQL updates

<betehess> ... the UI changes color to distinguish if the data was already written back or not

<bblfish> in order to make this globally available the LDP group has been developed http://www.w3.org/2012/ldp/hg/ldb.html

<betehess> timbl, can you make the relation with LDP?

<AnnBassetti> hmm .. clicking that LDB link, I get: "error: ldb.html@a3be44430b37: not found in manifest"

<betehess> http://www.w3.org/2012/ldp/wiki/Main_Page

<betehess> timbl_: we're now following what the LDP WG is doing

<betehess> ... need ot adapt at some point

<betehess> [Steeve Holbrook from IBM just arrived and mentioned their work with LDP]

<betehess> bblfish: you need some restful interaction with the data

<betehess> ... webid is important to LDP

<betehess> ... to interact with this data

<betehess> ... but we also need web access control

<betehess> timbl_: eg. only some people should be allowed to add messages to the tracker

<betehess> jonathandray: what happens if you lost your certificate? how to get it back, proving that it's you?

<betehess> deiu,not that moment, but you should be given the username/password option

<betehess> ... then you could regenerate the certificate

<betehess> timbl_: I have some issues between my-profile and tabulator

<betehess> deiu,probably because of conneg

<betehess> ... don't know what tabulator sends

<bblfish> problem is my myprofile is that it redircects request

<bblfish> that have an HTTP host

<bblfish> sorry that have an accept: text/html request

<bblfish> ldp working group

<trueg> bblfish: what's the foaf:GRoup URI?

<betehess> betehess: look at LDP, as this is a fundamental work to make webid work with interoperability in mind

Post WebIDs

<betehess> bblfish: please post again your webids right now please, to help me find them

<AnnBassetti> https://my-profile.eu/people/annbass/card#me

<pmaret> https://my-profile.eu/people/pmaret/card#me

<jonathandray> https://my-profile.eu/people/jonathandray/card#me

<christine_> https://my-profile.eu/people/canary/card#me

<sangrae> https://my-profile.eu/people/cora1618/card#me

<fwagner> https://my-profile.eu/people/fwagner/card#me

<philipp> https://my-profile.eu/people/pfrischmuth/card#me

<develD> http://www.normanrichter.de/webid/norman#me

<betehess> https://my-profile.eu/people/betehess/card#me

<shh> Please repost the link to create a webid

<gregory> https://my-profile.eu/people/gregoryB/card#me

<betehess> deiu,I'm slowly moving to a triple store

<betehess> ... should simplify my work on conneg

<betehess> ... many things will become obsolete soon

<betehess> trueg: why is the redirect bad in this case?

<betehess> ... don't understand the background

<betehess> ... we also do that

<betehess> timbl_: you have to decide what the URIs have to be

<betehess> ... let me show using curl in a console

<betehess> timbl_: I'm telling curl to get RDF data specifically

<betehess> ... preferably not html

<betehess> ... but I get back a message telling me to go somewhere else: 303 See Other

<betehess> ... I'd like to get back the data for the document itself

<betehess> trueg: why is this bad?

<betehess> timbl_: because I want to see the URL of the document

<betehess> ...

<betehess> trueg: so you want the URL to map the virtual filesystem

<betehess> betehess: if you move to another document, you can't interact with it anymore as you've lost the context

<betehess> ... although it's ok if you're interested in read-only

<betehess> timbl_: if you've got a bug with tabulator, please call me :-)

<timbl_> 303 is for when the original rename was of a arbitrary thing

<timbl_> and 303 redirects you to a document above it...

<timbl_> You do not need and should not use 303 when using hashes

<bblfish> hi

Open Questions

<develD> hi

Relation to other Identity systems

<bblfish> public-identity@w3.org

<bblfish> http://lists.w3.org/Archives/Public/public-identity/

<bblfish> http://www.w3.org/wiki/WebID

<bblfish> wiki http://www.w3.org/wiki/Foaf%2Bssl

relationship with other identity initiatives

<betehess> bblfish: with openid, you have to type in your url

<betehess> ... considered as a problem

<betehess> scribenick: betehess

bblfish: webid was inspired by openid
... I wrote an article about that (including a sequence diagram for the protocol)
... you get more information with webid with less connections
... also, cryptography gives you a bit more
... also, the other protocols don't use Linked Data

<bblfish> http://security.stackexchange.com/questions/5406/what-are-the-main-advantages-and-disadvantages-of-webid-compared-to-browserid

bblfish: but they could, eg. Persona (used to be BrowserId, by Mozilla)
... this uses javascript in the browser for crypto
... they say it's decentralized
... I don't think it is, because the private key is in the browser, so there is a problem about the origin (for what I understand)
... this involves a redirect system
... nobody has denied that in the stackexchange article that I posted
... TLS follows the principle of least power
... it does one thing, very well
... javascript gives you way too much in my view
... but it's still important
... but they could still use webid in their system I believe
... eg. they use signed JSON certificates
... and use javascript to prove that you're the one with the right private key
... there is no reason for them not to have a real URL here
... oauth does not use Linked Data
... but you'd like your identity to be bound to a URI
... it's the Web architecture
... if you don't use it, you can't do as much and I consider it as broken
... I heard about the Liberty Alliance while at Sun
... I believe it's SOAP-based

<bblfish> Kantara

<bblfish> Liberty Alliance

<christine_> Kantara Initiative

<christine_> http://kantarainitiative.org/

AnnBassetti: I can guaranty that Boeing will not be able to join the WebID work if this is not related to the Liberty Alliance somehow

s/Identity Alliance/Liberty Alliance/g

[Melvin Carvalho just arrived]

bblfish: maybe we need a real Working Group
... we have Standards expert here who understand that

AnnBassetti: it's hard to get people to move

christine_: it's easy to participate in Kantara work
... you could see if this is relevant to what you guys are doing
... for example, they have worked on an insurance framework for identity
... relies on level of insurance

<timbl_> http://kantarainitiative.org/confluence/display/GI/Current+Members

deiu,based on the Web of Trust

scribe: with no central authority

AnnBassetti: may not be enough for Boeing

timbl_: depends on what you do

<christine_> http://kantarainitiative.org/idassurance/

deiu,nothing prevents you from using your own central authority

bblfish: you could have an institutuional trust network
... eg. the French government, and the German one...
... you could have a similar trust network
... this could be a strong trust
... but at the end, it's just a social network

AnnBassetti: how is this related to other work at W3C?

bblfish: Crypto WG, but that's it

SteveH: there was a workshop Identity in the Browser

bblfish: I presented webid there
... browser vendors presented their work too
... we didn't want to do identity, but decentralized networks

emmanuel: we're specialized in identity and access management
... esp. for the cloud
... for example, we synchronize LDAP and ActiveDirectory for our clients
... with all thei SAS applications
... we're linked to webid as we integrate it
... we're already deploying that in a school for 15000 students
... using my-profile

<bblfish> scim ?

emmanuel: we work with IETF on SIM

deiu,using JSON-LD?

emmanuel: no, standard JSON
... but now, we manage webid profiles in our platform
... also, we offer a virtual desktop and we suport multi-devices (you can access your webid from different devices)

Cloudiway demo

emmanuel: we started with my-profile
... it's not living on a separate branch

gregory: I'm showing a local version of the service
... if you want to get your certificate in another browser, you need a way to retrieve it
... or you need to send it to another one
... current UI is mainly for devs (still a bit hard)
... you can add another device
... you just register new devices
... certificate is generated server-side, and then we can send it

timbl_: so the server knows the private key?

emmanuel: yes
... it's easier like that
... but we also have username/password
... it's another way to recover your certificate
... you can also register your new device from there

melvin: there is another way to do it
... using PKCS-11, will work for many desktop browsers

emmanuel: but henry told us: why not generate different certificates?
... it's actually interesting, especially if your certificate got compromised
... and your profile could have several public key

bblfish: yes, this should be reflected in the spec

<bblfish> todo: http://www.w3.org/2005/Incubator/webid/spec/#creating-a-certificate

bblfish: where there is only one public key
... and this question always comes up
... "how to move a certificate from one place to another?"
... your certificate is very valuable, usually your pay for that, but we make 0-cost
... this TLS issue goes away

AnnBassetti: would be good to have all pros-cons listed somewhere

timbl_: not very good when the server gets to know the private key

emmanuel: we do it in a way such that the server is hosted publicly
... but the customer profile can be hosted on their site

timbl_: can you delete the private key?
... from server?
... after it's sent to the user for example

bblfish: there used to be an issue on cellphones, where the private keys had to be sent with emails

trueg: just wanted to say that you can do the same today with ODS

<trueg> ODS, the OpenLInk DataSpaces (http://web.ods.openlinksw.com) is a WebID-enabled personal data management system which exposes all managed data as linked data.

emmanuel: another story, we want to link personal and professional profiles together, automatically

<trueg> It is built upon the OpenLink Virtuoso Universal server

deiu,just wanted to comment on storing the complete certificate

scribe: wouldn't be a problem if you trust the server
... should work as long as you don't send things through emails
... suggestion: don't send certificates by email

<bblfish> encrypted mail is a good scenario

<jmvanel> +

emmanuel: people say us: I've lost my profile and machine, please recover my stuff

<christine_> @AnnBassetti: re earlier q - WebRTC will be discussing Identity Handling tomorrow am - http://www.w3.org/2011/04/webrtc/wiki/October_29_-_October_30_2012#Tuesday_morning_0830-1200

<timbl_> betehess:

<bblfish> +1 for the use case of saving public/private key for issues of encryption of mail

<bblfish> USer case: 10 thousand users that need to be certified "quickly"?

timbl_: if you have a device which cannot create the device, you don't have a choice
... it's like a pairing operation

betehess: if we start saying that we have people storing private keys server-side, we'll have trouble selling webid
... we should gather use-cases and see how to solve them

jmvanel: re: stolen computer: it's not good to use the same certificate

emmanuel: yes, we actually generate a new onw

bblfish: why not having people to go to your service, asking for credentials and re-generating the certificates?

emmanuel: it's jsut a different system
... we target SAS applications
... the admin must find a way to invalidate an account immediately
... you need something to lbock the user

bblfish: you just change the ACLs
... you can also remove the account page

emmanuel: if the company has only one account, that's fine
... in practice, people have plenty of accounts

betehess: maybe this could be handled by WebACLs?



<bblfish> http://www.w3.org/wiki/WebAccessControl

[trueg demoing ODS]

trueg: ODS does everything -- including coffee

<develD> i put the german translation of WebAccessControl on the HTML part of my webid: http://www.normanrichter.de/webid/norman/index.html#me

trueg: it's done at OpenLink
... in this page shown here, the integration is done with JS
... the hard work happens in the back-end
... the UI supports a lot of things, it's mostly a showcase
... you can register new accounts
... or just authenticate with webid
... showing how to add new devices
... but in the end, you still need to use old authentication technologies
... but in my POV, you can't force people to use webid
... we need to offer fallbacks, until this is really solved

<trueg> http://web.ods.openlinksw.com

trueg: what I really like is the decoupling btw the UI and the back-end

<bblfish> +1

bblfish: when I used to defend webid, I have to look at how it compares with other solutions
... you can actually bind it to other systems
... maybe you have an ontology to speak about it?

trueg: yes, everything is in your foaf profile


<webr3> since it's break, I'll mention that it would be nice to have a seperation between "webid" (personal uri) and "webid protocol" again, as ultimately everyone having a "webid", regardless of whether they use "webid protocol" or not is the goal, "webid protocol" is just one vector to get there

<deiu> Bernadette is introducing herself.

<bblfish> comed Linked Data in Government

<deiu> she is working for the US gov, doing Linked Data

<deiu> ... they produce a web platform for publishing data on the web

<bblfish> calamacus: open source platform for linked data

<bblfish> integrating openid

<deiu> ODS: integrating other authentication protocols means that users can reuse data from other platforms/applications

<deiu> ... it will be integrated in the "sponger" of ODS, which allows it to fetch data from multiple sources and create a unified local repository

<deiu> ... it will also allow users to authenticate using those applications (e.g. facebook, openID, twitter, etc.)

<deiu> bblfish, openID only extracts the link to the identity provider, but an openID profile can just be the place where you publish a link to your personal profile

<deiu> ... they can link back and forward [openID to WebID relations] to allow service providers to link the two authentication protocols

<deiu> ... users can have an openID provider which links to the WebID profile

<deiu> ... not sure about OAuth and how it ties in with the rest

<deiu> ... there is a possibility to create an openID-to-WebID proxy

<deiu> trueg: not sure how well OAuth can be used in such a poxy

access control

<bblfish> http://www.w3.org/wiki/WebAccessControl

<deiu> bblfish: we could demo data.fm

<deiu> melvster: bblfish will demo data.fm in the context of a user with an acl policy

<bblfish> www.w3.org/2005/Incubator/webid/team.n3

<deiu> bblfish: users can be given access to a resource, by giving the user different access types (e.g. read, write, etc.)

<deiu> ... created a foaf:group document with people attending the meeting at TPAC

<bblfish> http://www.w3.org/2005/Incubator/webid/tpac/group

<deiu> ... respectively their WebIDs

<melvster> https://test-rww.data.fm/

<deiu> trueg: will create a resource without granting access to it to anybody

<deiu> ... everyone will try to access that link and should normally fail to see it

<bblfish> http://bblfish.net/people/henry/card#me

<deiu> melvster: testing ACL on data.fm with bblfish's WebID

<deiu> .... just added bblfish's WebID to the ACL file

<trueg> Try to access: https://web.ods.openlinksw.com/DAV/home/sebastian.trueg/TPACTest/chinese-captcha.png

<deiu> ... there's a small problem with data.fm (melvster is trying to fix it)

<deiu> ... testing the ODS version now

<deiu> ... users are not allowed to view the resource

<deiu> ... back to data.fm, once melvster added bblfish's WebID, bblfish can now view the resource that has been shared

<deiu> ... the "Powder" ontology can be used to express regex requests, so that users can access subdirectories

<deiu> bblfish: the ACL file can be found on a different server, and it can be used through a rel=meta link

<develD> what about roles in the wac ontology?

<bblfish> http://www.w3.org/2005/Incubator/webid/tpac/group#socWeb

<jmvanel> my WebId : http://jmvanel.free.fr/jmv.rdf

<bblfish> http://www.w3.org/2005/Incubator/webid/team#we

<deiu> first link contains all people with an interest in WebID

<deiu> the second link contains people actively working on WebID

<deiu> please try to access: https://web.ods.openlinksw.com/DAV/home/sebastian.trueg/TPACTest/chinese-captcha.png

<kidehen> Note about WebID and OpenID proxy: http://bit.ly/OcbR8w

<melvster> http://melvincarvalho.com/

<timbl_> I try to click on the "like" button and end up waiting for foafssl.org after choosing a cert

<deiu> kidehen, "The post could not be found"

<deiu> re. openID proxy

<kidehen> posts about using WebID based ACLs that leverage social entity relationship semantics: http://bit.ly/OcbR8w

<kidehen> deiu,the OpenID and WebID proxy service post? If so, goto: https://plus.google.com/112399767740508618350/posts/JC5eYe3XMXB

<AnnBassetti> https://my-profile.eu/people/annbass/card#me

<deiu> kidehen, still cannot open the URI

<deiu> kidehen, "Your URL may be incorrect, the post may have been deleted, or this account may not have access to the post."

<kidehen> deiu,check with others re. https://plus.google.com/112399767740508618350/posts/JC5eYe3XMXB . I am looking at it.

<deiu> I'm more concerned about that last part

<kidehen> @deiu : give me the URI

<kidehen> @deiu,do you mean the proxy pattern example as in: http://id.myopenlink.net/openid-proxy/id.vsp?w=http://id.myopenlink.net/dataspace/person/KingsleyUyiIdehen ?

<deiu> kidehen, https://plus.google.com/112399767740508618350/posts/JC5eYe3XMXB

<deiu> I think I'm not in the circles you've shared the post with

<kidehen> @deiu,that's a local problem, I can de-reference it over here. Ask @trueg if he is having problems etc..

<deiu> kidehen, trueg is busy working on an ACL demo

<kidehen> @deiu : can you open: http://openid-demo.appspot.com/ ?

<deiu> yes, it works

<kidehen> @deiu,if so, then use pattern: http://id.myopenlink.net/openid-proxy/id.vsp?w=http://id.myopenlink.net/dataspace/person/KingsleyUyiIdehen{URI-Serving-As-Your-WebID}

<kidehen> @deiu : in my case, I use: http://id.myopenlink.net/openid-proxy/id.vsp?w=http://id.myopenlink.net/dataspace/person/KingsleyUyiIdehen

<kidehen> @deiu : you will be find yourself in a WebID authentication flow (i.e., X.509 certs selection UI) even though the service is OpenID based. Simple benefit: Password authentication eliminated.

<deiu> kidehen, "Error 22023 / R066: Unsupported case in CONVERT (incomplete RDF box -> IRI_ID)"

<deiu> kidehen, switch to email for this convo please

<kidehen> @deiu : email or G+ is fine. What is your goal? Testing WebID+OpenID proxy?

<bblfish> Anne Bassetis use case: factory team have problem with computer security. They have to know who is logging on or off.

<deiu> ... the problem is that it takes time to logout/login

<deiu> meeting is adjourned until tomorrow (see the agenda for topics to be discussed)

<bblfish> ok, so that's all folks

Summary of Action Items

[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.137 (CVS log)
$Date: 2012/10/29 16:05:42 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.137  of Date: 2012/09/20 20:19:01  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Succeeded: s/property values/arbitrary property values/
Succeeded: s/q+//
Succeeded: s/eg,/eg./
Succeeded: s/please you/please post again your/
Succeeded: s/303 is really when the data has moved, it's obsolete//
Succeeded: s/topic?//
Succeeded: s/Identity Alliance/Liberty Alliance/
FAILED: s/Identity Alliance/Liberty Alliance/g
Succeeded: s/multidevice/multi-devices/
Succeeded: s/living/it's not living/
Succeeded: s/@@@/PKCS-11/
Succeeded: s/woth/with/
Succeeded: s|.../me AnnBassetti, yes, it's very slow: I was looking at the cached version||
Succeeded: s/really/really like/
Succeeded: s/deiu: /deiu,/g
Found ScribeNick: AnnBassetti
Found ScribeNick: betehess
Found ScribeNick: scribe
WARNING: No scribe lines found matching ScribeNick pattern: <scribe> ...
Found ScribeNick: betehess
Inferring Scribes: AnnBassetti, betehess, scribe
Scribes: AnnBassetti, betehess, scribe
ScribeNicks: AnnBassetti, betehess, scribe

WARNING: No "Present: ... " found!
Possibly Present: AnnBassetti JonathanJ JonathanJ1 MacTed ODS Ruinan SteveH abasset adrei andrei bblfish betehess calamacus christine_ chsiao deiu develD doap edreux emmanuel fwagner gaiaphj gregory https htttp jin jmvanel joined jonathandray kidehen kidehen_ melvin melvster note oberger philipp philipp_ pmaret rblin sangrae scribenick shh spiroid timbl_ tlr todo toshi tpacbot trueg ttanaka2 webid webr3 wei
You can indicate people for the Present list like this:
        <dbooth> Present: dbooth jonathan mary
        <dbooth> Present+ amy

WARNING: No meeting title found!
You should specify the meeting title like this:
<dbooth> Meeting: Weekly Baking Club Meeting

Agenda: http://www.w3.org/community/rww/wiki/TPAC-Lyon-2012
Got date from IRC log name: 29 Oct 2012
Guessing minutes URL: http://www.w3.org/2012/10/29-webid-minutes.html
People with action items: 

WARNING: Possible internal error: join/leave lines remaining: 
        <jin> I has joined ^^

WARNING: Possible internal error: join/leave lines remaining: 
        <jin> I has joined ^^

[End of scribe.perl diagnostic output]