16-swxg-irc.txt 17 KB

Raw Blame History Permalink

15:02:33 <RRSAgent> RRSAgent has joined #swxg
15:02:33 <RRSAgent> logging to http://www.w3.org/2010/06/16-swxg-irc
15:02:35 <trackbot> RRSAgent, make logs world
15:02:35 <Zakim> Zakim has joined #swxg
15:02:37 <trackbot> Zakim, this will be 7994
15:02:37 <Zakim> ok, trackbot; I see INC_SWXG()11:00AM scheduled to start 2 minutes ago
15:02:38 <trackbot> Meeting: Social Web Incubator Group Teleconference
15:02:38 <trackbot> Date: 16 June 2010
15:02:47 <caribou> zakim, call carine-617
15:02:47 <Zakim> ok, caribou; the call is being made
15:03:03 <caribou> zakim, who's here?
15:03:03 <Zakim> INC_SWXG()11:00AM has not yet started, caribou
15:03:12 <caribou> zakim, this is SWXG
15:03:12 <Zakim> ok, caribou; that matches INC_SWXG()11:00AM
15:03:14 <caribou> zakim, who's here?
15:03:14 <Zakim> On the phone I see +1.617.513.aaaa, Lalana, Carine
15:05:00 <lkagal> zakim, mute Lalana
15:05:00 <Zakim> Lalana should now be muted
15:05:32 <Zakim> +[IPcaller]
15:05:42 <hhalpin> Zakim, [IPcaller] is hhalpin
15:05:42 <Zakim> +hhalpin; got it
15:05:55 <hhalpin> Zakim, who's here?
15:05:55 <Zakim> On the phone I see +1.617.513.aaaa, Lalana (muted), Carine, hhalpin
15:06:07 <hhalpin> Zakim, aaaa is paul
15:06:07 <Zakim> +paul; got it
15:06:20 <hhalpin> chair: hhalpin
15:06:30 <hhalpin> carine - scribe?
15:06:38 <caribou> yes
15:06:45 <caribou> but I must drop at 18
15:06:46 <hhalpin> scribe: caribou
15:06:53 <hhalpin> scribenick: caribou
15:07:12 <paul> paul has joined #swxg
15:07:31 <hhalpin> MacTed, Oshani, Melvster, Mischat, FabGandon - anyone there?
15:07:48 <melvster> sorry was multi tasking ... dialling in ...
15:07:51 <hhalpin> PROPOSED: to approve minutes from June 9th meeting
15:07:58 <hhalpin> http://www.w3.org/2010/06/09-swxg-minutes.html
15:07:59 <hhalpin> +1
15:08:21 <hhalpin> RESOLOVED:  minutes from June 9th meeting approved
15:08:36 <hhalpin> PROPOSED: to meet again Wed. June 23rd (Mozilla's "Identity in the Browser")
15:08:57 <hhalpin> topic: final report update
15:09:16 <hhalpin> ACTION [CONTINUES]: DKA to write introduction.
15:09:16 <trackbot> Sorry, couldn't find user - [CONTINUES]
15:09:26 <hhalpin> [CONTINUES] ACTION: PeterF to make picture of landscape.
15:09:35 <hhalpin> [CONTINUES] ACTION: DKA to write introduction.
15:09:51 <hhalpin> [CONTINUES] ACTION: tpa to Work on a summary extract of the Social Web current use-cases for part 3 on wiki pages
15:10:01 <Zakim> +MIT531
15:10:04 <hhalpin> [CONTINUES] ACTION: hhalpin and melvster to write State of the Social Web in 2010.
15:10:08 <hhalpin> issue with gap analysis
15:10:36 <Zakim> +??P38
15:10:46 <melvster> zakim, ??P38 is me
15:10:47 <Zakim> +melvster; got it
15:11:38 <hhalpin> gap analysis?
15:12:08 <hhalpin> of what components of the Social Web have neither de jure or de facto standards?
15:12:59 <Zakim> +bblfish
15:13:36 <caribou> HH: Access control is a key for social networks
15:13:52 <paul> Are folks familiar with this: http://kantarainitiative.org/confluence/display/uma/Home
15:14:19 <caribou> Paul: wondering if people are aware of UMA
15:14:45 <hhalpin> technical details seem to be here:
15:14:48 <hhalpin> http://kantarainitiative.org/confluence/display/uma/Protocol+Flow
15:15:19 <hhalpin> +1 Eve
15:15:43 <caribou> Paul: the UMA group is looking at OAuth flows
15:15:57 <caribou> ... the person delegates authorisation decision to that service
15:15:59 <Zakim> +OpenLink_Software
15:16:17 <MacTed> Zakim, OpenLink_Software is temporarily me
15:16:17 <Zakim> +MacTed; got it
15:16:19 <MacTed> Zakim, mute me
15:16:19 <Zakim> MacTed should now be muted
15:16:30 <hhalpin> "privacy provider"
15:16:57 <caribou> http://kantarainitiative.org/confluence/display/uma/UMA+Explained
15:18:03 <caribou> Paul: the gap we're talking about is between the report and the things implemented out there?
15:18:38 <caribou> HH: gap between things widely implemented and things less mature but veyr much needed
15:18:43 <caribou> s/veyr/very
15:20:34 <hhalpin> ACTION: paul and bblfish to work on gap analysis
15:20:35 <trackbot> Created ACTION-143 - And bblfish to work on gap analysis [on Paul Trevithick - due 2010-06-23].
15:20:58 <hhalpin> topic: distributed access control languages
15:21:22 <lkagal> zakim, unmute Lalana
15:21:22 <Zakim> Lalana should no longer be muted
15:21:39 <caribou> Lalana: I'm from MIT/CSAIL
15:21:48 <lkagal> http://dig.csail.mit.edu/2010/Talks/0616-SocialXG-lk/AIR-overview.pdf
15:21:48 <Zakim> -bblfish
15:21:49 <hhalpin> David Raggett's previous talk
15:21:51 <hhalpin> http://www.w3.org/2009/09/16-swxg-minutes.html
15:22:54 <caribou> LK: N3Logic is a rule langage for N3
15:23:05 <bblfish> bblfish has joined #swxg
15:23:10 <bblfish> ok
15:23:57 <caribou> LK: a web rule language is not sufficient to express privacy
15:24:03 <caribou> ... we extended N3Logic
15:24:33 <Zakim> +bblfish
15:24:46 <bblfish> Hi Henry Story is bblfish
15:25:06 <Zakim> +Cedric/Karel/Konrad
15:25:08 <caribou> LK: named rules allow reuse
15:26:48 <bblfish> what is the url of the presentation again?
15:27:01 <Zakim> + +0798919aabb
15:27:05 <oshani> bblfish, http://dig.csail.mit.edu/2010/Talks/0616-SocialXG-lk/AIR-overview.pdf
15:27:26 <mischat> zakim, +0798919aabb is me
15:27:26 <Zakim> +mischat; got it
15:27:32 <mischat> zakim, mute me
15:27:32 <Zakim> mischat should now be muted
15:27:54 <caribou> LK: you split the matching sequencially
15:28:55 <caribou> LK: Justification helps trust that the policy system is actually working
15:29:30 <hhalpin> justification in natural language?
15:29:31 <caribou> ... it gives more information than a regular system that says OK or not
15:30:17 <caribou> ... we have a natural language description associated with "then" and "else" properties of rules
15:30:35 <caribou> ... it explains why the rule is fired
15:30:56 <caribou> LK: sometimes the policies are private
15:31:19 <caribou> ... sometimes you have a very long rule with long subclass hierarchy
15:31:36 <caribou> ... so we have hidden and ellipsed rules
15:32:07 <caribou> ... hidden rules are hidden in justifications
15:32:32 <caribou> for ellipsed rules, you only know that one rule exists that has been fired
15:32:52 <caribou> i/for/... for/
15:33:04 <tlr> zakim, call thomas-781
15:33:04 <Zakim> ok, tlr; the call is being made
15:33:05 <Zakim> +Thomas
15:33:11 <tlr> zakim, I am thomas
15:33:11 <Zakim> ok, tlr, I now associate you with Thomas
15:33:13 <tlr> zakim, mute me
15:33:13 <Zakim> Thomas should now be muted
15:34:03 <caribou> LK: we tried recently to use in real cases
15:36:40 <hhalpin> ah, but it does require RDF
15:36:41 <caribou> LK: in summary: domain independent, distributed, no need to customize, will work with any RDF
15:37:21 <caribou> ... compared to N3Logic, focus is on the Justification system
15:37:47 <caribou> ... policy conlicts still need to be done
15:38:39 <hhalpin> Slim?
15:39:05 <caribou> Slim's presentation
15:40:08 <caribou> ST: PrimeLife is a followup project to PRIME
15:40:26 <lkagal> Please could someone post a link to Slim's presentation
15:41:04 <MacTed> a URL for Slim's slides would be most helpful
15:41:09 <mischat_> mischat_ has joined #swxg
15:41:40 <caribou> ST: one of the activies in the project is a policy language
15:41:51 <lkagal> zakim, mute Lalana
15:41:51 <Zakim> Lalana should now be muted
15:42:01 <caribou> ... that can be used to declare user intentions in terms of data usage
15:42:02 <hhalpin> sent it to listserv earlier today
15:42:12 <hhalpin> http://www.slideshare.net/SlimTrabelsi/ppl-presentation-2010-4516166
15:42:20 <lkagal> Thanks
15:42:33 <MacTed> ah, I was just looking in agenda, not elsewhere
15:43:00 <MacTed> that URL errors
15:43:16 <MacTed> :-)
15:45:21 <bblfish> what is the slide share link?
15:46:19 <caribou> http://www.slideshare.net/SlimTrabelsi/ppl-presentation-2010
15:46:40 <mischat> mischat has joined #swxg
15:46:44 <bblfish> got it
15:46:50 <hhalpin> hhalpin has joined #swxg
15:47:00 <hhalpin> http://www.slideshare.net/SlimTrabelsi/ppl-presentation-2010
15:47:09 <hhalpin> That link in IRC should be to slim's slides
15:47:12 <mischat> all, i have to get off the call now, I just splitt water on my other laptop, will leave speaker phone on
15:48:58 <caribou> ST: privacy and obligation still empty shell in xacml 3.0
15:49:33 <caribou> ... we decided to extend it with our "PrimeLife People Language"
15:50:05 <caribou> ... scenario is creation of an account on astore.com
15:50:46 <caribou> ... the service is asking non-certified (e.g. email) and certified information (e.g. credit card info)
15:51:20 <caribou> ... currently there's no real control on the way the user data is handled
15:51:42 <mischat> which port on latin.garlik.com
15:51:43 <mischat> ?
15:51:51 <caribou> ST: (slide 4)
15:52:09 <caribou> ... the user can have personal policies and preferences
15:52:26 <hhalpin> interested in what RDF language AIR uses to describe people - FOAF I assume?
15:54:22 <caribou> ... on the server-side, the server has to reveal its policies
15:54:54 <caribou> ... not just for access control, but also data handling, e.g. how long data is stored, what it is used for...
15:55:36 <caribou> ST: Dave is implementing a browser plugin to check the generic browser policis
15:55:49 <caribou> s/policis/policies
15:55:55 <Zakim> -Thomas
15:56:23 <caribou> ST: PPL defines a simple vocabulary for purpose
15:57:16 <caribou> ... and downstream access control (kind of AC policy nested in DHP)
15:58:09 <caribou> ST: we define some obligations and triggers
15:58:59 <caribou> ST: (slide 6) We also provide a matching engine to compare the user preferences and the server policies
15:59:09 <caribou> ... and we provide a kind of contract
15:59:37 <lkagal> hhalpin, some of our examples use foaf for people, some use a version of a gov defined ontology, NIEM. But as AIR is a rule language, you can pick any domain ontology to  use with it.
16:01:14 <Zakim> -oshani
16:01:29 <caribou> ST: (slide 12) credential-based access control, that is not in XACML
16:02:10 <caribou> ... we can generate the claim + crypto proof
16:02:19 <lkagal> like a zero knowledge proof ?
16:02:41 <caribou> ... e.g. certify that you're > 18 without giving your birthdate nor information about ID
16:03:15 <caribou> ... in PPL we can express "I need a proof that you're >18"
16:03:34 <caribou> ... and on the user side, getting and sending that proof
16:03:46 <caribou> ... it relies on Idemix (IBM)
16:03:54 <hhalpin> lalana - slim's not on IRC, so let's do this
16:04:09 <hhalpin> over phone, using Zakim's queue
16:04:26 <hhalpin> scribenick: hhalpin
16:04:48 <Zakim> -Carine
16:04:59 <hhalpin> ST: we use bloom filters to hash information related to policies
16:05:04 <hhalpin> ... perform a bloom filter matching
16:05:13 <hhalpin> ... in order to figure out if client has correct PPI or proof
16:05:31 <hhalpin> ... without revealing preferences or policy
16:06:31 <lkagal> zakim, unmute Lalana
16:06:31 <Zakim> Lalana should no longer be muted
16:06:40 <hhalpin> 1) Have we tried phrasing in real-world social networking ToS in these languages
16:06:58 <hhalpin> 2) XACML vs AIR - what's the advantage
16:07:15 <hhalpin> looking at their TOS
16:07:20 <hhalpin> lkagal: we haven't looked at it
16:07:27 <hhalpin> ... but have modelled real world laws and policies
16:07:48 <hhalpin> ... advantage of XACML over AIR
16:07:57 <hhalpin> ... order of data and rules matter in XACML, not in RDF/AIR
16:08:05 <mischat> order free?
16:08:08 <hhalpin> ... its difficult to adapt language to different domains
16:08:19 <hhalpin> ... so we have to create extensions of language to work with social networking site
16:08:47 <hhalpin> ... would be better for mash-ups of different sites
16:09:18 <bblfish> there is a very interesting XACML-DL
16:09:41 <bblfish> http://video.google.com/videoplay?docid=563544055228153233#
16:09:54 <bblfish> http://www.mindswap.org/~kolovski/xacml_tr.pdf
16:10:07 <hhalpin> hmmm
16:10:17 <lkagal> Thanks bblfish, I'm aware of Vlads work.
16:11:57 <bblfish> There is work on integerating xacml and foaf+ssl btw
16:12:16 <bblfish> I think Bruno Harbulot at Manchester is working on things in that area
16:12:17 <lkagal> And on foaf+ssl and AIR :)
16:12:21 <hhalpin> ah ok.
16:12:28 <bblfish> ah yes :-)
16:12:45 <bblfish> q+
16:12:52 <hhalpin> lkagal: another thing about using RDF is the extensibility aspect
16:13:06 <hhalpin> ... I want to use someone else's policy to apply to our data
16:13:16 <hhalpin> slim: it's a trade-off between usability and functionality
16:13:27 <mischat> i bet there are more mature tools for XML
16:13:37 <hhalpin> ... for sure RDF is more powerful
16:13:49 <hhalpin> ... but people are refusing such concepts and very skeptical
16:14:05 <hhalpin> ... as the industry more accepts XML work.
16:14:12 <hhalpin> ... in terms of actual applications
16:14:13 <mischat> it will only change if tools get better
16:14:24 <hhalpin> ack bblfish
16:14:49 <melvster> gov is the biggest consumer of rdf i think
16:15:12 <hhalpin> lkagal: I haven't seen it deployed inside systems
16:15:21 <hhalpin> ... and that includes XACML
16:15:38 <mischat> there are small companies which use RDF ;)
16:15:41 <hhalpin> slim: here in France there is some adoption of XACML
16:16:09 <hhalpin> bblfish: debate between XML and RDF can go on over
16:16:19 <hhalpin> ... but there's no need to disagree
16:16:28 <hhalpin> ... work on XACML-DL by Uni. Manchester
16:16:39 <hhalpin> ... but can then transform it into ontologies and reason about that
16:17:46 <hhalpin> ... maybe we should get someone to speak on this space
16:17:50 <hhalpin> ... but it's about top-heavy
16:18:28 <mischat> :) go henry and foaf+ssl
16:18:53 <hhalpin> ... and then we merge xacml and semantic web stuff
16:18:59 <hhalpin> .. and we can tie webids to saml.
16:19:40 <lkagal> bblfish, fyi, the work on foaf+ssl and an earlier version of AIR http://www.pipian.com/blog/2008/12/12/taac-in-action/
16:19:56 <hhalpin> ... we want to push the decision-making down.
16:20:30 <hhalpin> ... some folks are working on adding foaf+ssl to elgg
16:20:38 <hhalpin> ... maybe we could work with clique people
16:20:58 <lkagal> hhalpin, a link for clique ?
16:21:17 <bblfish> http://clique.primelife.eu/
16:21:19 <mischat> q+ re: what does this stuff have to do with P3P
16:21:21 <lkagal> Thanks
16:21:23 <mischat> and similar efforts
16:21:24 <hhalpin> ack mischat
16:21:25 <Zakim> mischat, you wanted to discuss what does this stuff have to do with P3P
16:21:50 <hhalpin> http://clique.primelife.eu/
16:22:25 <hhalpin> mischat: I want a simple language to allow to tell people what to with my data, and I thought that's what P3P was doing
16:22:34 <hhalpin> ... what's the difference?
16:22:46 <hhalpin> lkagal: P3P is basically an ontology, server-side policy
16:22:54 <FabGandon> FabGandon has left #swxg
16:23:11 <hhalpin> ... there was some work by bijan parsia on converting p3p to rdf/owl
16:23:19 <hhalpin> ... you could then use AIR to define policies
16:23:22 <hhalpin> ... over that
16:23:37 <melvster> foaf+ssl for clique.primelife.eu : https://bitbucket.org/rhizomatik/elgg_foafssl
16:23:55 <hhalpin> mischat: I want a programmatic way to tell people
16:24:17 <hhalpin> ... who can access my data for how long
16:24:21 <hhalpin> lkagal: yes
16:24:32 <hhalpin> slim: we also looked at p3p
16:24:53 <hhalpin> ... and xacml by itself handled.
16:25:00 <hhalpin> q+
16:26:04 <hhalpin> ... we looked at these features
16:26:10 <hhalpin> ... in creating our people langauge
16:26:42 <bblfish> thanks
16:26:48 <hhalpin> ... in seeing if it can help us, so we mixed features
16:26:58 <mischat> zakim, mute me
16:26:58 <Zakim> mischat should now be muted
16:28:54 <hhalpin> hhalpin: what should be standardized in this area?
16:29:16 <hhalpin> hhalpin: is there a common core?
16:29:27 <hhalpin> lkagal: not sure if standardizing a policy language is way to go
16:29:49 <mischat> :)
16:29:58 <hhalpin> lkagal: we could just use RIF
16:30:00 <bblfish> yes, but probably still need a vocab
16:30:09 <bblfish> because you want browsers to understand it
16:30:22 <bblfish> so they can improve the UI
16:31:09 <hhalpin> slim: we need a RDF oriented approach
16:31:15 <hhalpin> ... the limit of XACML
16:31:52 <Zakim> -Lalana
16:31:59 <hhalpin> ... we can make a bridge for a lightweight language
16:32:24 <bblfish> thanks a lot
16:32:25 <lkagal> To clarify, I still think we might need a standard vocab that talks about purpose or usage of data but not a standard policy language.
16:32:35 <hhalpin> trackbot, end meeting
16:32:35 <trackbot> Zakim, list attendees
16:32:35 <Zakim> As of this point the attendees have been +1.617.513.aaaa, Lalana, Carine, hhalpin, paul, oshani, melvster, bblfish, MacTed, Cedric/Karel/Konrad, mischat, Thomas
16:32:36 <trackbot> RRSAgent, please draft minutes
16:32:36 <RRSAgent> I have made the request to generate http://www.w3.org/2010/06/16-swxg-minutes.html trackbot
16:32:37 <trackbot> RRSAgent, bye
16:32:37 <RRSAgent> I see 1 open action item saved in http://www.w3.org/2010/06/16-swxg-actions.rdf :
16:32:37 <RRSAgent> ACTION: paul and bblfish to work on gap analysis [1]
16:32:37 <RRSAgent>   recorded in http://www.w3.org/2010/06/16-swxg-irc#T15-20-34
16:32:37 <bblfish> bye
16:32:41 <Zakim> -MacTed
16:32:41 <lkagal> Sorry, call got dropped.
16:32:42 <melvster> bye
16:32:44 <Zakim> -Cedric/Karel/Konrad