09-swxg-minutes.html
33.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 12 April 2005), see www.w3.org" />
<title>Social Web Incubator Group Teleconference -- 09 Dec
2009</title>
<link type="text/css" rel="STYLESHEET" href=
"http://www.w3.org/StyleSheets/base.css" />
<link type="text/css" rel="STYLESHEET" href=
"http://www.w3.org/StyleSheets/public.css" />
<link type="text/css" rel="STYLESHEET" href=
"http://www.w3.org/2004/02/minutes-style.css" />
<meta content="Social Web Incubator Group Teleconference" name=
"Title" />
<meta content="text/html; charset=utf-8" http-equiv=
"Content-Type" />
</head>
<body>
<p><a href="http://www.w3.org/"><img src=
"http://www.w3.org/Icons/w3c_home" alt="W3C" border="0" height=
"48" width="72" /></a></p>
<h1>- DRAFT -</h1>
<h1>Social Web Incubator Group Teleconference</h1>
<h2>09 Dec 2009</h2>
<p>See also: <a href="http://www.w3.org/2009/12/09-swxg-irc">IRC
log</a></p>
<h2><a name="attendees" id="attendees">Attendees</a></h2>
<div class="intro">
<dl>
<dt>Present</dt>
<dt>Regrets</dt>
<dt>Chair</dt>
<dd>danbri</dd>
<dt>Scribe</dt>
<dd>mischat</dd>
</dl>
</div>
<h2>Contents</h2>
<ul>
<li>
<a href="#agenda">Topics</a>
<ol>
<li><a href="#item01">2005 -
http://www.w3.org/2001/sw/Europe/events/foaf-galway/
?</a></li>
</ol>
</li>
<li><a href="#ActionSummary">Summary of Action Items</a></li>
</ul>
<hr />
<div class="meeting">
<p class='phone'> </p>
<p class='phone'> </p>
<p class='irc'><<cite>trackbot</cite>> Date: 09 December
2009</p>
<p class='phone'>no one is chatting bblfish</p>
<p class='irc'><<cite>tinkster</cite>> Nobody talking on
phone.</p>
<p class='irc'><<cite>danbri</cite>> danbri: i propose
skipping all admin and going straight to henry</p>
<p class='irc'><<cite>bblfish</cite>> ok :-)</p>
<p class='irc'><<cite>danbri</cite>> hearing no
objections ...</p>
<p class='irc'><<cite>hhalpin</cite>> who is
scribing?</p>
<p class='phone'>i can scribe</p>
<p class='irc'><<cite>danbri</cite>> yes please!</p>
<p class='irc'><<cite>danbri</cite>> what's the script
notation to say</p>
<p class='irc'><<cite>danbri</cite>> scribe: mischat</p>
<p class='irc'><<cite>hhalpin</cite>> scribe: mischat</p>
<p class='irc'><<cite>danbri</cite>> :)</p>
<p class='irc'><<cite>bblfish</cite>> ok, if people want
they can download a presentation I have made recently <a href=
"http://bblfish.net/tmp/2009/11/">http://bblfish.net/tmp/2009/11/</a></p>
<p class='irc'><<cite>tinkster</cite>> This will be
useful, or just "if people want"?</p>
<p class='irc'><<cite>cperey</cite>> which one?</p>
<p class='irc'><<cite>bblfish</cite>> (it's 45MB, so just
start now. I won't go through all of it, but it will make
things easier)</p>
<p class='irc'><<cite>bblfish</cite>> if you don't have
keynote, take the pdf</p>
<p class='irc'><<cite>rreck</cite>> yes</p>
<p class='phone'>yes</p>
<p class='irc'><<cite>tinkster</cite>> yes</p>
<p class='irc'><<cite>tinkster</cite>> +1 skip</p>
<p class='phone'>any actions which people want to talk about
?</p>
<p class='irc'><<cite>danbri</cite>> danbri proposing
skip admin</p>
<p class='irc'><<cite>danbri</cite>> skipping!</p>
<p class='irc'><<cite>danbri</cite>> Henry Story</p>
<p class='irc'><<cite>danbri</cite>> ----</p>
<p class='phone'>henry story to talk about foaf+ssl</p>
<p class='irc'><<cite>bblfish</cite>> <a href=
"http://bblfish.net/tmp/2009/11/">http://bblfish.net/tmp/2009/11/</a></p>
<p class='phone'><a href=
"http://bblfish.net/tmp/2009/11/TheSocialWeb-SantaClara.pdf">http://bblfish.net/tmp/2009/11/TheSocialWeb-SantaClara.pdf</a></p>
<p class='phone'>henry works for Sun Mircosystems, and has been
travelling around europe talking about distributed social
networks</p>
<h3 id="item01">2005 - <a href=
"http://www.w3.org/2001/sw/Europe/events/foaf-galway/">http://www.w3.org/2001/sw/Europe/events/foaf-galway/</a>
?</h3>
<p class='irc'><<cite>cperey</cite>> +1</p>
<p class='phone'>semantic web helps us solve a problem which is
required to have a distributed social network</p>
<p class='phone'>issues with single sites such as facebook,
where you have to log in, and then add all your friends one by
one</p>
<p class='phone'>there are loads of social networks about</p>
<p class='phone'>recreating your social graph on every SNS is
tedious and causes problems</p>
<p class='phone'>such issues, and the notion of ownership of
data has led to the data-portablity movement</p>
<p class='phone'>scoble had an issue where he got kicked out of
his social network, after attempting to remove all of this
data</p>
<p class='phone'>users don't own the data they upload to social
networks</p>
<p class='phone'>social graph, and the issue that you only have
access to your own social graph, but the service providers have
a view of everyones' social graph</p>
<p class='phone'>companies with secrets cant use existing
social networks, re: data ownership problems</p>
<p class='phone'>there is a big brother privacy issue, we may
not want people to look at what you are doing on a given social
networking start</p>
<p class='irc'><<cite>danbri</cite>> (2000 even)</p>
<p class='phone'>danbri and libby started foaf in 2000 :)</p>
<p class='irc'><<cite>danbri</cite>> timbl: 1989!</p>
<p class='phone'>foaf project enables a distributed social
network</p>
<p class='irc'><<cite>danbri</cite>> (I have a pile of
foaf slides here <a href=
"http://www.slideshare.net/danbri">http://www.slideshare.net/danbri</a>
)</p>
<p class='phone'>current social networks are really popular,
and they have good working UIs, and have engaged users</p>
<p class='irc'><<cite>danbri</cite>> for timbl, see
<a href=
"http://www.w3.org/History/1989/proposal.html">http://www.w3.org/History/1989/proposal.html</a>
The "Personal Skills Inventory". "Personal skills and
experience are just the sort of thing which need hypertext
flexibility. People can be linked to projects they have worked
on, which in turn can be linked to particular machines,
programming languages, etc. "</p>
<p class='irc'><<cite>danbri</cite>> (ie. this use case
was envisaged in the original design for the Web itself)</p>
<p class='phone'>foaf and the semantic web, allows for data to
be linked together between different sites</p>
<p class='phone'>foaf allows for people to be linked
together</p>
<p class='phone'>people get given a URI</p>
<p class='phone'>a foaf:Person URI</p>
<p class='irc'><<cite>danbri</cite>> :)</p>
<p class='phone'>these URIs give you the ability to produce a
global namespace for people</p>
<p class='phone'>semantic web, builds on logic</p>
<p class='phone'>allows for sentences to be built about things
in the world</p>
<p class='phone'>semantic web, mathematics of merging and
mapping information</p>
<p class='phone'>in order to show how foaf works, and how the
Semantic Web can work, henry built a foaf-based Address
book</p>
<p class='phone'>this address-book allows for webpages to
dragged and dropped into the address book app</p>
<p class='phone'>and it grabs your foaf file</p>
<p class='phone'>and it then populates your address book with
information about the person just added to your address</p>
<p class='phone'>the address book makes http requests to
people's foaf files, and extracts information about that person
and adds this information into your address book</p>
<p class='irc'><<cite>danbri</cite>> (public's good and
all, but not everyone wants to share everything :)</p>
<p class='phone'>the problem people had with the Address Book
was that it required that all your information be in public
foaf files</p>
<p class='phone'>foaf gives us data-ownership</p>
<p class='phone'>people can host their own info</p>
<p class='phone'>it doesn't solve the action creation
complexity problem</p>
<p class='phone'>it solves a bunch of problem by not touching
them, i.e. privacy</p>
<p class='phone'>henry has found that in order to support
privacy</p>
<p class='irc'><<cite>danbri</cite>> (we had some old
experiments with PGP ... <a href=
"http://usefulinc.com/foaf/encryptingFoafFiles">http://usefulinc.com/foaf/encryptingFoafFiles</a>
... but it was limited to the tiny subset of us who could
remember their PGP / GPG passwords and how to use them :)</p>
<p class='phone'>there was a need to implement a form of
authentication</p>
<p class='phone'>and identification</p>
<p class='phone'>for the last 20 years we have relied on
usernames and password</p>
<p class='phone'>but imagine a distributed social network,
where people host their own data, you would have to hold
accounts with usernames and passwords on all of your friends
servers</p>
<p class='phone'>this just wouldn't work</p>
<p class='phone'>then came openid</p>
<p class='phone'>openid gave each person a global identifier or
a URI</p>
<p class='irc'><<cite>danbri</cite>> ( slide 53 = openid
)</p>
<p class='phone'>the protocol is a tad complicated</p>
<p class='phone'>there is a lot of back and forwarding when
doing an openid login</p>
<p class='phone'>attribute exchange of openid is not
restful</p>
<p class='phone'>which makes it hard to link to information</p>
<p class='phone'>there are also known security issues with
openid ?</p>
<p class='phone'>openid is very much compatible with the
foaf+ssl work</p>
<p class='phone'>foaf+ssl uses the client-certificate
infrastructure built into modern web-browsers</p>
<p class='phone'>it is built on top of https</p>
<p class='phone'><a href=
"http://foaf.me/">http://foaf.me/</a></p>
<p class='irc'><<cite>bblfish</cite>> <a href=
"http://foaf.me/">http://foaf.me/</a></p>
<p class='phone'>you can create your own certificate and your
own foaf file</p>
<p class='irc'><<cite>danbri</cite>> (is foaf.me down
right now?)</p>
<p class='phone'><cite>melvster:</cite> ^^ ?</p>
<p class='irc'><<cite>petef</cite>> seems to be down for
me</p>
<p class='irc'><<cite>melvster</cite>> sorry yes</p>
<p class='phone'>it works in FF, opera , safari</p>
<p class='irc'><<cite>melvster</cite>> appears down at
this second</p>
<p class='phone'>but not IE</p>
<p class='irc'><<cite>danbri</cite>> fixable? :)</p>
<p class='irc'><<cite>melvster</cite>> im looking ...</p>
<p class='phone'>slide 57 has a UML diagram</p>
<p class='irc'><<cite>tinkster</cite>> Generating keys in
IE requires ActiveX and none of us have been bothered to look
at that yet.</p>
<p class='irc'><<cite>MacTed</cite>> <a href=
"http://downforeveryoneorjustme.com/foaf.me">http://downforeveryoneorjustme.com/foaf.me</a></p>
<p class='phone'>yay to links</p>
<p class='irc'><<cite>bblfish</cite>> here <a href=
"http://esw.w3.org/topic/foaf+ssl">http://esw.w3.org/topic/foaf+ssl</a></p>
<p class='phone'>links to most of the topics covered can be
found on the esw wiki</p>
<p class='phone'>^^</p>
<p class='irc'><<cite>bblfish</cite>> here the protocol
description <a href=
"http://blogs.sun.com/bblfish/entry/foaf_ssl_adding_security_to">
http://blogs.sun.com/bblfish/entry/foaf_ssl_adding_security_to</a></p>
<p class='irc'><<cite>petef</cite>> slide 57 = 59 = 62
?</p>
<p class='irc'><<cite>tinkster</cite>> slide 61</p>
<p class='phone'>once you have created your certificate, you
can log in to a foaf+ssl enabled site by simply presenting your
cert to the site</p>
<p class='phone'>in order to attach a URI to a certificate</p>
<p class='phone'>foaf+ssl has used a property in the X.509
header</p>
<p class='phone'>property X?</p>
<p class='phone'>this property should point to your foaf
file</p>
<p class='irc'><<cite>tinkster</cite>> (And Peter
Williams also said that we're using it pretty much how it
should be used.)</p>
<p class='irc'><<cite>danbri</cite>> ' X509v3 Subject
Alternative Name:'</p>
<p class='phone'>thanks</p>
<p class='irc'><<cite>bblfish</cite>> here <a href=
"http://esw.w3.org/topic/WebId">http://esw.w3.org/topic/WebId</a></p>
<p class='phone'>and if foaf file has the public key of the
cert in question, then the cert is said to be associated to the
foaf:Person URI</p>
<p class='irc'><<cite>melvster</cite>> very sorry guys
... seems to be an ISP issue with foaf.me ... trying to trace
the issue ...</p>
<p class='phone'>which is now being called a WebID</p>
<p class='phone'>so whoever owns the private key of the public
key stated in the foaf file is said to be the person identified
in the X.509 certificate</p>
<p class='irc'><<cite>caribou</cite>> <a href=
"http://esw.w3.org/topic/WebID">WebID</a></p>
<p class='phone'>danbri asks about the level of security in
foaf+ssl and the robustness of the desig</p>
<p class='irc'><<cite>danbri</cite>> esp re first step,
where you're loading a public foaf file</p>
<p class='irc'><<cite>danbri</cite>> ... how much of a
difference do we care re https vs http URIs for the public
files</p>
<p class='phone'>http resource can be made subject to man in
the middle attack</p>
<p class='phone'>so for more security critical applications one
should use an https WebId</p>
<p class='irc'><<cite>danbri</cite>> wondering role for
xmldsig-signed markup here ...</p>
<p class='irc'><<cite>tinkster</cite>> Use FOAF+SSL to
log into a social network, but not into a bank.</p>
<p class='irc'><<cite>MacTed</cite>> since foaf.me is
down ... worth noting that this has all been built into
Virtuoso & OpenLink Data Spaces ...</p>
<p class='irc'><<cite>MacTed</cite>> docs -- <a href=
"http://ods.openlinksw.com/wiki/ODS/VirtODSFOAFSSL">http://ods.openlinksw.com/wiki/ODS/VirtODSFOAFSSL</a>
-- can be followed against <a href=
"http://myopenlink.net/ods/">http://myopenlink.net/ods/</a> or
<a href=
"http://my.openlinksw.com/ods/">http://my.openlinksw.com/ods/</a>
(which servers are up and running) or you can put up your own
pretty quickly.</p>
<p class='irc'><<cite>bblfish</cite>> dnssec</p>
<p class='irc'><<cite>danbri</cite>> tinkster, that's a
nice first step towards getting mother maiden names, birthdays
etc...</p>
<p class='phone'>using the WOT</p>
<p class='irc'><<cite>bblfish</cite>> HAR</p>
<p class='phone'>back in the day danbri was playing with the
signed foaf files with pgp</p>
<p class='phone'>but the issue was that not that many people
used pgp</p>
<p class='phone'>danbri asked if henry thought it was a good
idea to revisit such things</p>
<p class='phone'>henry started talking about signing sub-graphs
in RDF</p>
<p class='phone'>i don't understand why you would want to sign
a sub-grapg</p>
<p class='phone'>?</p>
<p class='irc'><<cite>tinkster</cite>> J Carroll paper
mentioned by danbri - <a href=
"http://www.hpl.hp.com/techreports/2003/HPL-2003-142.pdf">http://www.hpl.hp.com/techreports/2003/HPL-2003-142.pdf</a></p>
<p class='phone'>digitally signing rdf : <a href=
"http://xmlns.com/wot/0.1/">http://xmlns.com/wot/0.1/</a></p>
<p class='irc'><<cite>danbri</cite>> danbri: 2 scenarios
... user signs locally and pushes the result up to server
(atompub etc); or else the host signs, so even if they don't
use ssl everywhere, you could know livejournal/hi5 etc's pubkey
and be sure the file wasn't interfered with</p>
<p class='phone'>foaf+ssl makes it easy to have multiple
certs</p>
<p class='phone'>you can also easily invalidate a cert if you
loose a machine</p>
<p class='phone'>using pgp, if you loose your private key, you
will have to ask people to re-sign your key</p>
<p class='phone'>:)</p>
<p class='phone'>danbri proposes a method of pushing data
signed data via atom-pub or similar to a site such as
facebook</p>
<p class='irc'><<cite>danbri</cite>> (with eg garlik as a
file-signing intermediary ...)</p>
<p class='phone'>our foaf validator, can tell you if your foaf
file is signed properly</p>
<p class='phone'>but yes, signing a foaf file for someone else
does sound interesting</p>
<p class='irc'><<cite>danbri</cite>> (I'm not gonna hold
my breath waiting for dns to be secured :)</p>
<p class='irc'><<cite>danbri</cite>> mischa, ... just to
say 'garlik saw this, and got it from the party whose openid x
checked out...' ... but not necc to vouch for its contents</p>
<p class='irc'><<cite>Zakim</cite>> danbri, you wanted to
ask about attacks when not https</p>
<p class='phone'>it would be nice to see if there was a method
in the X.509 external where you could say only send information
to a party if it is signed ?</p>
<p class='irc'><<cite>tinkster</cite>> <a href=
"http://openid4.me">http://openid4.me</a></p>
<p class='irc'><<cite>danbri</cite>> <a href=
"http://openid4.me/">http://openid4.me/</a></p>
<p class='irc'><<cite>danbri</cite>> also <a href=
"http://github.com/akbarhossain/openid4me">http://github.com/akbarhossain/openid4me</a></p>
<p class='phone'>understood danbri</p>
<p class='phone'>openid4.me allows you to use an openid login
form</p>
<p class='irc'><<cite>danbri</cite>> (garlik or other
biz-s could also fact check specific claims, like
workplaceHomepage ... )</p>
<p class='irc'><<cite>melvster</cite>> AX: not yet
programmed</p>
<p class='irc'><<cite>melvster</cite>> sreg works</p>
<p class='phone'>openid4.me allows you to use your WebID, and
your foaf+ssl cert to log in openid providers</p>
<p class='phone'>one important piece which is yet to be solved,
that is content negotiation on foaf files</p>
<p class='phone'>so in openid you can decide which bits of
personal information you want to send to a service provider</p>
<p class='phone'>there is no solution as of yet in the foaf+ssl
world</p>
<p class='irc'><<cite>melvster</cite>> <a href=
"http://foaf.me">http://foaf.me</a> appears to be back ...
?</p>
<p class='phone'>yup it is melvster</p>
<p class='irc'><<cite>bblfish</cite>> openid <a href=
"http://openid4.me">http://openid4.me</a></p>
<p class='irc'><<cite>bblfish</cite>> <a href=
"http://blogs.sun.com/bblfish/entry/sketch_of_a_restful_photo">http://blogs.sun.com/bblfish/entry/sketch_of_a_restful_photo</a></p>
<p class='phone'>this is a restful implementation of how you
may want to interact with a restful web service using your
foaf+ssl WebID</p>
<p class='phone'>isn't this a similar example as presented in
the openid spec</p>
<p class='phone'>ah</p>
<p class='phone'>yes</p>
<p class='phone'>you are right</p>
<p class='irc'><<cite>danbri</cite>> oauth use photo
sites as their intro use case</p>
<p class='irc'><<cite>melvster</cite>> it's actually
closer to oauth WRAP (the newer version) than oauth</p>
<p class='phone'>i recall the oauth example in the spec uses
the photo service</p>
<p class='phone'>foaf+ssl wants to be make us of linked data,
semantic web, RDF.</p>
<p class='phone'>in the future we can imagine a world where
every user has their own website</p>
<p class='irc'><<cite>danbri</cite>> sounds like <a href=
"http://unite.opera.com/">http://unite.opera.com/</a> :)</p>
<p class='phone'>:)</p>
<p class='phone'>or mac.com user pages</p>
<p class='irc'><<cite>danbri</cite>> see also <a href=
"http://mail.jabber.org/pipermail/social/2009-June/000540.html">
http://mail.jabber.org/pipermail/social/2009-June/000540.html</a></p>
<p class='irc'><<cite>bblfish</cite>> <a href=
"http://ladistribution.net">http://ladistribution.net</a></p>
<p class='irc'><<cite>danbri</cite>> anyone have
questions for henry?</p>
<p class='phone'>ack?</p>
<p class='irc'><<cite>bblfish</cite>> <a href=
"http://blogs.sun.com/bblfish/entry/identity_in_the_browser_firefox">
http://blogs.sun.com/bblfish/entry/identity_in_the_browser_firefox</a></p>
<p class='irc'><<cite>danbri</cite>> anyone with
questions, use "q+ to ask about blahblah" here please</p>
<p class='irc'><<cite>danbri</cite>> see <a href=
"http://lists.foaf-project.org/pipermail/foaf-protocols/">http://lists.foaf-project.org/pipermail/foaf-protocols/</a></p>
<p class='irc'><<cite>bblfish</cite>> here <a href=
"http://lists.foaf-project.org/pipermail/foaf-protocols/">http://lists.foaf-project.org/pipermail/foaf-protocols/</a></p>
<p class='phone'>people should join the foaf-protocol mailing
list</p>
<p class='irc'><<cite>cperey</cite>> me too, bye</p>
<p class='irc'><<cite>danbri</cite>> mischa: with
foaf+ssl you need something inside your browser ...</p>
<p class='irc'><<cite>danbri</cite>> ... do you think
we're moving to a world where ppl carry their browser around
with them</p>
<p class='irc'><<cite>danbri</cite>> ... or they use
machines from anywhere, unless you brin your cert</p>
<p class='irc'><<cite>danbri</cite>> bblfish: i was a bit
worried initially re signing others' foaf files with my
pubkey</p>
<p class='irc'><<cite>danbri</cite>> ppl can selfsign
their certs, ... very easy to create new certs, ...</p>
<p class='irc'><<cite>danbri</cite>> foaf.me should let
you get a list of certs you have, ... click on them and cancel,
... to create one for 10 mins (eg. a net cafe), ...</p>
<p class='irc'><<cite>danbri</cite>> ... also another
tech, USB cards, which can be linked with firefox so you can
put your key on usb card, they'll do the encryption</p>
<p class='irc'><<cite>danbri</cite>> without privkey
being shared anywhere</p>
<p class='irc'><<cite>danbri</cite>> (missed detail)</p>
<p class='irc'><<cite>danbri</cite>> bblfish: by basing
on tls/ssl, we build on existing expertise</p>
<p class='irc'><<cite>danbri</cite>> ... they relied a
bit too much on ldap data structures</p>
<p class='irc'><<cite>danbri</cite>> so too much pre-web
design</p>
<p class='irc'><<cite>danbri</cite>> lacking web-style
flexibility/ namespaces</p>
<p class='irc'><<cite>danbri</cite>> ldap doesn't allow
you to have a global directory</p>
<p class='irc'><<cite>tinkster</cite>> Also, too much
emphasis on top-down certificate signing, rather than
self-signed.</p>
<p class='irc'><<cite>danbri</cite>> (x500 did, kinda?
-danbri)</p>
<p class='irc'><<cite>danbri</cite>> bblfish: so we're
supplying a missing piece to make the most of ssl</p>
<p class='irc'><<cite>Zakim</cite>> danbri, you wanted to
ask about feedback you've had, in your tours/talks</p>
<p class='irc'><<cite>petef</cite>> have to duck out now,
thanks Henry.</p>
<p class='phone'>danbri askes about the feedback on your tour,
and your priorities for the upcoming months</p>
<p class='irc'><<cite>danbri</cite>> bblfish: similar
questions come up</p>
<p class='phone'>mainly security based questions</p>
<p class='irc'><<cite>danbri</cite>> re security, ... was
pleased that specialists seemed relatively untroubled by the
design</p>
<p class='phone'>services such as foaf.me</p>
<p class='irc'><<cite>danbri</cite>> (foaf.me is back btw
:)</p>
<p class='phone'>and openid4.me have really helped when trying
to see foaf+ssl</p>
<p class='phone'>foaf+ssl is seen as a practical way of showing
the semantic web working</p>
<p class='phone'>in a real world context that is a social
networking application</p>
<p class='phone'>drupal dev's found it an easy way into
Semantic web tech</p>
<p class='phone'>henry thinks we need more use cases for such
technology</p>
<p class='irc'><<cite>tinkster</cite>> bblfish, ARC2's
SPARQL is pretty good in my experience, but can only operate on
in-database (MySQL-only in fact) triple stores; not
in-memory.</p>
<p class='phone'>we need to have people using it, so that we
can identify issues with the foaf+ssl proposition</p>
<p class='phone'>ack?</p>
<p class='phone'>the european tour was very useful, giving
talks about the work really helped. Most talks at barcamps, and
non-traditional conferences, i.e. not that academic</p>
<p class='phone'>webfinger</p>
<p class='phone'>henry would love the swxg to support
foaf+ssl</p>
<p class='phone'>?ack</p>
<p class='phone'>?q</p>
<p class='irc'><<cite>danbri</cite>> I logged into Jyte:
* Signed in as openid4.me/<a href=
"http://foaf.me/danbri2%23me">http://foaf.me/danbri2%23me</a></p>
<p class='irc'><<cite>tinkster</cite>> RDF vCard would be
nearly as useful.</p>
<p class='phone'>no offense to danbri</p>
<p class='irc'><<cite>danbri</cite>> yeah, it's a fair
question</p>
<p class='irc'><<cite>danbri</cite>> foaf was designed to
be optional!</p>
<p class='irc'><<cite>danbri</cite>> original name was
rdfweb ... foaf was just the 'utility vocab'</p>
<p class='irc'><<cite>danbri</cite>> <- <a href=
"http://www.foaf-project.org/original-intro">http://www.foaf-project.org/original-intro</a></p>
<p class='phone'>question regarding whether foaf was necessary
in the foaf+ssl</p>
<p class='irc'><<cite>tinkster</cite>> DNA checksum will
be useful when we create FOAF+Blood authentication.</p>
<p class='phone'>semantic web tech allows you to add more
namespaces</p>
<p class='irc'><<cite>danbri</cite>> 'please spit on the
screen'</p>
<p class='irc'><<cite>danbri</cite>> 'no, down a
bit...'</p>
<p class='phone'>allowing you add more information to your foaf
file, as ontologies come about</p>
<p class='irc'><<cite>MacTed</cite>> GoodRelations - what
do you need, what do you have...</p>
<p class='phone'>danbri asked which properties you need to
implement a foaf+ssl</p>
<p class='phone'>login</p>
<p class='irc'><<cite>danbri</cite>> danbri: exactly
which properties (and classes) are needed when implementing a
foaf+ssl system</p>
<p class='irc'><<cite>tinkster</cite>> cert:identity,
rsa:public_exponent, rsa:modulus, cert:hex, cert:decimal.</p>
<p class='phone'><cite>tinkster:</cite> a link to a cert:?</p>
<p class='irc'><<cite>danbri</cite>> so those 2
namespaces timbl dropped onto w3.org?</p>
<p class='phone'><cite>bblfish:</cite> <a href=
"http://bblfish.net/people/henry/card#me">http://bblfish.net/people/henry/card#me</a>
WedID</p>
<p class='irc'><<cite>tinkster</cite>> No, the cert links
to the FOAF file. The FOAF file doesn't need to link to the
cert (it describes it via those properties).</p>
<p class='phone'>for an example</p>
<p class='phone'>ah no my question was, could you give the full
URI for "cert:identity"</p>
<p class='phone'><a href=
"http://www.w3.org/ns/auth/cert">http://www.w3.org/ns/auth/cert</a>#</p>
<p class='phone'>got it</p>
<p class='phone'>and <a href=
"http://www.w3.org/ns/auth/rsa">http://www.w3.org/ns/auth/rsa</a>#</p>
<p class='irc'><<cite>caribou</cite>> member
submission?</p>
<p class='irc'><<cite>danbri</cite>> Todo:</p>
<p class='irc'><<cite>danbri</cite>> - add some classes
and relations for DSA</p>
<p class='irc'><<cite>bblfish_</cite>> <a href=
"http://www.w3.org/ns/auth/cert">http://www.w3.org/ns/auth/cert</a>#</p>
<p class='irc'><<cite>danbri</cite>> - should this all be
in one file? Or should this be cut up a little? Say one file
for the general CERT ontology, and then files for RSA, DSA,
PGP, etc... Or perhaps it does not really matter?</p>
<p class='irc'><<cite>danbri</cite>> - expand more on the
certification side of things</p>
<p class='irc'><<cite>danbri</cite>> - verify this by
security experts</p>
<p class='irc'><<cite>bblfish_</cite>> <a href=
"http://www.w3.org/ns/auth/rsa#%3E">http://www.w3.org/ns/auth/rsa#></a></p>
<p class='irc'><<cite>danbri</cite>> - add more todos</p>
<p class='irc'><<cite>danbri</cite>> - owl2 has some
constructs for combined inverse functional properties.</p>
<p class='irc'><<cite>danbri</cite>> This may be useful
to use in defining an RSA key which is identified</p>
<p class='phone'>wants a foaf:knows in bblfish's foaf file
:)</p>
<p class='irc'><<cite>danbri</cite>> by two numbers.</p>
<p class='irc'><<cite>danbri</cite>> - when more stable
create rdf/xml version</p>
<p class='irc'><<cite>danbri</cite>> - also create html
version of the spec by using this as a template.</p>
<p class='irc'><<cite>danbri</cite>> - should comments
such as this be in html?</p>
<p class='irc'><<cite>danbri</cite>> we could publish a
swig note</p>
<p class='irc'><<cite>danbri</cite>> or as caribou
mentions, a member sub (if you continue working for a
Member)</p>
<p class='irc'><<cite>bblfish</cite>> here <a href=
"http://blogs.sun.com/bblfish/entry/foaf_ssl_adding_security_to">
http://blogs.sun.com/bblfish/entry/foaf_ssl_adding_security_to</a></p>
<p class='phone'>what is the smallest thing needed for the spec
to be useful</p>
<p class='irc'><<cite>caribou</cite>> danbri, 1 member
amongst the authors is sufficient</p>
<p class='irc'><<cite>tinkster</cite>> Smallest thing to
be useful = a blog post, though a UN resolution would be
nice.</p>
<p class='irc'><<cite>danbri</cite>> UN :)</p>
<p class='phone'>danbri asks if Henry would be happy for the
work to be published via the W3C ?</p>
<p class='phone'>henry would be happy for the work to be
published via the W3C</p>
<p class='irc'><<cite>tinkster</cite>> Open Web
Foundation is a possibility too.</p>
<p class='irc'><<cite>melvster</cite>> graphical example
of the ontology (scroll down) <a href=
"http://www.w3.org/RDF/Validator/ARPServlet?URI=http%3A%2F%2Ffoaf.me%2Fah1&PARSE=Parse+URI%3A+&TRIPLES_AND_GRAPH=PRINT_BOTH&FORMAT=PNG_EMBED">
http://www.w3.org/RDF/Validator/ARPServlet?URI=http%3A%2F%2Ffoaf.me%2Fah1&PARSE=Parse+URI%3A+&TRIPLES_AND_GRAPH=PRINT_BOTH&FORMAT=PNG_EMBED</a></p>
<p class='phone'>the scribe will have to go soon</p>
<p class='irc'><<cite>danbri</cite>> mischat, thanks for
scribing</p>
<p class='phone'>np</p>
</div>
<h2><a name="ActionSummary" id="ActionSummary">Summary of Action
Items</a></h2><!-- Action Items -->
[End of minutes]<br />
<hr />
<address>
Minutes formatted by David Booth's <a href=
"http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm">
scribe.perl</a> version 1.135 (<a href=
"http://dev.w3.org/cvsweb/2002/scribe/">CVS log</a>)<br />
$Date: 2009/12/09 17:21:31 $
</address>
<div class="diagnostics">
<hr />
<h2>Scribe.perl diagnostic output</h2>[Delete this section
before finalizing the minutes.]<br />
<pre>
This is scribe.perl Revision: 1.135 of Date: 2009/03/02 03:52:20
Check for newer version at <a href=
"http://dev.w3.org/cvsweb/~checkout~/2002/scribe/">http://dev.w3.org/cvsweb/~checkout~/2002/scribe/</a>
Guessing input format: RRSAgent_Text_Format (score 1.00)
Succeeded: s/WebId/WebID/
Found Scribe: mischat
Found Scribe: mischat
Inferring ScribeNick: mischat
WARNING: No "Topic:" lines found, but dash separators were found.
Defaulting to -dashTopics option.
WARNING: No "Present: ... " found!
Possibly Present: AX Anita AnitaD MacTed OpenLink_Software P18 P32 Todo bblfish bblfish_ caribou cert cperey danbri hhalpin melvster mischa pchampin petef rreck timbl tinkster trackbot
You can indicate people for the Present list like this:
<dbooth> Present: dbooth jonathan mary
<dbooth> Present+ amy
Found Date: 09 Dec 2009
Guessing minutes URL: <a href=
"http://www.w3.org/2009/12/09-swxg-minutes.html">http://www.w3.org/2009/12/09-swxg-minutes.html</a>
People with action items:
WARNING: Input appears to use implicit continuation lines.
You may need the "-implicitContinuations" option.
</pre>[End of <a href=
"http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm">
scribe.perl</a> diagnostic output]
</div>
</body>
</html>