ghopp
/
server_playground
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Another abandoned server code base... this is kind of an ancestor of taskrambler.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
144 Commits
1 Branch
0 Tags
51 MiB
 
 
 
 
 
 
Tree: 142319aeec
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '142319aeec'
${ noResults }
server_playground/doc/www.w3.org/2009/12/09-swxg-minutes.html

1003 lines
34 KiB
Raw Blame History

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 12 April 2005), see www.w3.org" />
<title>Social Web Incubator Group Teleconference -- 09 Dec
2009</title>
<link type="text/css" rel="STYLESHEET" href=
"http://www.w3.org/StyleSheets/base.css" />
<link type="text/css" rel="STYLESHEET" href=
"http://www.w3.org/StyleSheets/public.css" />
<link type="text/css" rel="STYLESHEET" href=
"http://www.w3.org/2004/02/minutes-style.css" />
<meta content="Social Web Incubator Group Teleconference" name=
"Title" />
<meta content="text/html; charset=utf-8" http-equiv=
"Content-Type" />
</head>
<body>
<p><a href="http://www.w3.org/"><img src=
"http://www.w3.org/Icons/w3c_home" alt="W3C" border="0" height=
"48" width="72" /></a></p>
<h1>- DRAFT -</h1>
<h1>Social Web Incubator Group Teleconference</h1>
<h2>09 Dec 2009</h2>
<p>See also: <a href="http://www.w3.org/2009/12/09-swxg-irc">IRC
log</a></p>
<h2><a name="attendees" id="attendees">Attendees</a></h2>
<div class="intro">
<dl>
<dt>Present</dt>
<dt>Regrets</dt>
<dt>Chair</dt>
<dd>danbri</dd>
<dt>Scribe</dt>
<dd>mischat</dd>
</dl>
</div>
<h2>Contents</h2>
<ul>
<li>
<a href="#agenda">Topics</a>
<ol>
<li><a href="#item01">2005 -
http://www.w3.org/2001/sw/Europe/events/foaf-galway/
?</a></li>
</ol>
</li>
<li><a href="#ActionSummary">Summary of Action Items</a></li>
</ul>
<hr />
<div class="meeting">
<p class='phone'>&nbsp;</p>
<p class='phone'>&nbsp;</p>
<p class='irc'>&lt;<cite>trackbot</cite>&gt; Date: 09 December
2009</p>
<p class='phone'>no one is chatting bblfish</p>
<p class='irc'>&lt;<cite>tinkster</cite>&gt; Nobody talking on
phone.</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; danbri: i propose
skipping all admin and going straight to henry</p>
<p class='irc'>&lt;<cite>bblfish</cite>&gt; ok :-)</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; hearing no
objections ...</p>
<p class='irc'>&lt;<cite>hhalpin</cite>&gt; who is
scribing?</p>
<p class='phone'>i can scribe</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; yes please!</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; what's the script
notation to say</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; scribe: mischat</p>
<p class='irc'>&lt;<cite>hhalpin</cite>&gt; scribe: mischat</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; :)</p>
<p class='irc'>&lt;<cite>bblfish</cite>&gt; ok, if people want
they can download a presentation I have made recently <a href=
"http://bblfish.net/tmp/2009/11/">http://bblfish.net/tmp/2009/11/</a></p>
<p class='irc'>&lt;<cite>tinkster</cite>&gt; This will be
useful, or just "if people want"?</p>
<p class='irc'>&lt;<cite>cperey</cite>&gt; which one?</p>
<p class='irc'>&lt;<cite>bblfish</cite>&gt; (it's 45MB, so just
start now. I won't go through all of it, but it will make
things easier)</p>
<p class='irc'>&lt;<cite>bblfish</cite>&gt; if you don't have
keynote, take the pdf</p>
<p class='irc'>&lt;<cite>rreck</cite>&gt; yes</p>
<p class='phone'>yes</p>
<p class='irc'>&lt;<cite>tinkster</cite>&gt; yes</p>
<p class='irc'>&lt;<cite>tinkster</cite>&gt; +1 skip</p>
<p class='phone'>any actions which people want to talk about
?</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; danbri proposing
skip admin</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; skipping!</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; Henry Story</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; ----</p>
<p class='phone'>henry story to talk about foaf+ssl</p>
<p class='irc'>&lt;<cite>bblfish</cite>&gt; <a href=
"http://bblfish.net/tmp/2009/11/">http://bblfish.net/tmp/2009/11/</a></p>
<p class='phone'><a href=
"http://bblfish.net/tmp/2009/11/TheSocialWeb-SantaClara.pdf">http://bblfish.net/tmp/2009/11/TheSocialWeb-SantaClara.pdf</a></p>
<p class='phone'>henry works for Sun Mircosystems, and has been
travelling around europe talking about distributed social
networks</p>
<h3 id="item01">2005 - <a href=
"http://www.w3.org/2001/sw/Europe/events/foaf-galway/">http://www.w3.org/2001/sw/Europe/events/foaf-galway/</a>
?</h3>
<p class='irc'>&lt;<cite>cperey</cite>&gt; +1</p>
<p class='phone'>semantic web helps us solve a problem which is
required to have a distributed social network</p>
<p class='phone'>issues with single sites such as facebook,
where you have to log in, and then add all your friends one by
one</p>
<p class='phone'>there are loads of social networks about</p>
<p class='phone'>recreating your social graph on every SNS is
tedious and causes problems</p>
<p class='phone'>such issues, and the notion of ownership of
data has led to the data-portablity movement</p>
<p class='phone'>scoble had an issue where he got kicked out of
his social network, after attempting to remove all of this
data</p>
<p class='phone'>users don't own the data they upload to social
networks</p>
<p class='phone'>social graph, and the issue that you only have
access to your own social graph, but the service providers have
a view of everyones' social graph</p>
<p class='phone'>companies with secrets cant use existing
social networks, re: data ownership problems</p>
<p class='phone'>there is a big brother privacy issue, we may
not want people to look at what you are doing on a given social
networking start</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; (2000 even)</p>
<p class='phone'>danbri and libby started foaf in 2000 :)</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; timbl: 1989!</p>
<p class='phone'>foaf project enables a distributed social
network</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; (I have a pile of
foaf slides here <a href=
"http://www.slideshare.net/danbri">http://www.slideshare.net/danbri</a>
)</p>
<p class='phone'>current social networks are really popular,
and they have good working UIs, and have engaged users</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; for timbl, see
<a href=
"http://www.w3.org/History/1989/proposal.html">http://www.w3.org/History/1989/proposal.html</a>
The "Personal Skills Inventory". "Personal skills and
experience are just the sort of thing which need hypertext
flexibility. People can be linked to projects they have worked
on, which in turn can be linked to particular machines,
programming languages, etc. "</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; (ie. this use case
was envisaged in the original design for the Web itself)</p>
<p class='phone'>foaf and the semantic web, allows for data to
be linked together between different sites</p>
<p class='phone'>foaf allows for people to be linked
together</p>
<p class='phone'>people get given a URI</p>
<p class='phone'>a foaf:Person URI</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; :)</p>
<p class='phone'>these URIs give you the ability to produce a
global namespace for people</p>
<p class='phone'>semantic web, builds on logic</p>
<p class='phone'>allows for sentences to be built about things
in the world</p>
<p class='phone'>semantic web, mathematics of merging and
mapping information</p>
<p class='phone'>in order to show how foaf works, and how the
Semantic Web can work, henry built a foaf-based Address
book</p>
<p class='phone'>this address-book allows for webpages to
dragged and dropped into the address book app</p>
<p class='phone'>and it grabs your foaf file</p>
<p class='phone'>and it then populates your address book with
information about the person just added to your address</p>
<p class='phone'>the address book makes http requests to
people's foaf files, and extracts information about that person
and adds this information into your address book</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; (public's good and
all, but not everyone wants to share everything :)</p>
<p class='phone'>the problem people had with the Address Book
was that it required that all your information be in public
foaf files</p>
<p class='phone'>foaf gives us data-ownership</p>
<p class='phone'>people can host their own info</p>
<p class='phone'>it doesn't solve the action creation
complexity problem</p>
<p class='phone'>it solves a bunch of problem by not touching
them, i.e. privacy</p>
<p class='phone'>henry has found that in order to support
privacy</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; (we had some old
experiments with PGP ... <a href=
"http://usefulinc.com/foaf/encryptingFoafFiles">http://usefulinc.com/foaf/encryptingFoafFiles</a>
... but it was limited to the tiny subset of us who could
remember their PGP / GPG passwords and how to use them :)</p>
<p class='phone'>there was a need to implement a form of
authentication</p>
<p class='phone'>and identification</p>
<p class='phone'>for the last 20 years we have relied on
usernames and password</p>
<p class='phone'>but imagine a distributed social network,
where people host their own data, you would have to hold
accounts with usernames and passwords on all of your friends
servers</p>
<p class='phone'>this just wouldn't work</p>
<p class='phone'>then came openid</p>
<p class='phone'>openid gave each person a global identifier or
a URI</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; ( slide 53 = openid
)</p>
<p class='phone'>the protocol is a tad complicated</p>
<p class='phone'>there is a lot of back and forwarding when
doing an openid login</p>
<p class='phone'>attribute exchange of openid is not
restful</p>
<p class='phone'>which makes it hard to link to information</p>
<p class='phone'>there are also known security issues with
openid ?</p>
<p class='phone'>openid is very much compatible with the
foaf+ssl work</p>
<p class='phone'>foaf+ssl uses the client-certificate
infrastructure built into modern web-browsers</p>
<p class='phone'>it is built on top of https</p>
<p class='phone'><a href=
"http://foaf.me/">http://foaf.me/</a></p>
<p class='irc'>&lt;<cite>bblfish</cite>&gt; <a href=
"http://foaf.me/">http://foaf.me/</a></p>
<p class='phone'>you can create your own certificate and your
own foaf file</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; (is foaf.me down
right now?)</p>
<p class='phone'><cite>melvster:</cite> ^^ ?</p>
<p class='irc'>&lt;<cite>petef</cite>&gt; seems to be down for
me</p>
<p class='irc'>&lt;<cite>melvster</cite>&gt; sorry yes</p>
<p class='phone'>it works in FF, opera , safari</p>
<p class='irc'>&lt;<cite>melvster</cite>&gt; appears down at
this second</p>
<p class='phone'>but not IE</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; fixable? :)</p>
<p class='irc'>&lt;<cite>melvster</cite>&gt; im looking ...</p>
<p class='phone'>slide 57 has a UML diagram</p>
<p class='irc'>&lt;<cite>tinkster</cite>&gt; Generating keys in
IE requires ActiveX and none of us have been bothered to look
at that yet.</p>
<p class='irc'>&lt;<cite>MacTed</cite>&gt; <a href=
"http://downforeveryoneorjustme.com/foaf.me">http://downforeveryoneorjustme.com/foaf.me</a></p>
<p class='phone'>yay to links</p>
<p class='irc'>&lt;<cite>bblfish</cite>&gt; here <a href=
"http://esw.w3.org/topic/foaf+ssl">http://esw.w3.org/topic/foaf+ssl</a></p>
<p class='phone'>links to most of the topics covered can be
found on the esw wiki</p>
<p class='phone'>^^</p>
<p class='irc'>&lt;<cite>bblfish</cite>&gt; here the protocol
description <a href=
"http://blogs.sun.com/bblfish/entry/foaf_ssl_adding_security_to">
http://blogs.sun.com/bblfish/entry/foaf_ssl_adding_security_to</a></p>
<p class='irc'>&lt;<cite>petef</cite>&gt; slide 57 = 59 = 62
?</p>
<p class='irc'>&lt;<cite>tinkster</cite>&gt; slide 61</p>
<p class='phone'>once you have created your certificate, you
can log in to a foaf+ssl enabled site by simply presenting your
cert to the site</p>
<p class='phone'>in order to attach a URI to a certificate</p>
<p class='phone'>foaf+ssl has used a property in the X.509
header</p>
<p class='phone'>property X?</p>
<p class='phone'>this property should point to your foaf
file</p>
<p class='irc'>&lt;<cite>tinkster</cite>&gt; (And Peter
Williams also said that we're using it pretty much how it
should be used.)</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; ' X509v3 Subject
Alternative Name:'</p>
<p class='phone'>thanks</p>
<p class='irc'>&lt;<cite>bblfish</cite>&gt; here <a href=
"http://esw.w3.org/topic/WebId">http://esw.w3.org/topic/WebId</a></p>
<p class='phone'>and if foaf file has the public key of the
cert in question, then the cert is said to be associated to the
foaf:Person URI</p>
<p class='irc'>&lt;<cite>melvster</cite>&gt; very sorry guys
... seems to be an ISP issue with foaf.me ... trying to trace
the issue ...</p>
<p class='phone'>which is now being called a WebID</p>
<p class='phone'>so whoever owns the private key of the public
key stated in the foaf file is said to be the person identified
in the X.509 certificate</p>
<p class='irc'>&lt;<cite>caribou</cite>&gt; <a href=
"http://esw.w3.org/topic/WebID">WebID</a></p>
<p class='phone'>danbri asks about the level of security in
foaf+ssl and the robustness of the desig</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; esp re first step,
where you're loading a public foaf file</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; ... how much of a
difference do we care re https vs http URIs for the public
files</p>
<p class='phone'>http resource can be made subject to man in
the middle attack</p>
<p class='phone'>so for more security critical applications one
should use an https WebId</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; wondering role for
xmldsig-signed markup here ...</p>
<p class='irc'>&lt;<cite>tinkster</cite>&gt; Use FOAF+SSL to
log into a social network, but not into a bank.</p>
<p class='irc'>&lt;<cite>MacTed</cite>&gt; since foaf.me is
down ... worth noting that this has all been built into
Virtuoso &amp; OpenLink Data Spaces ...</p>
<p class='irc'>&lt;<cite>MacTed</cite>&gt; docs -- <a href=
"http://ods.openlinksw.com/wiki/ODS/VirtODSFOAFSSL">http://ods.openlinksw.com/wiki/ODS/VirtODSFOAFSSL</a>
-- can be followed against <a href=
"http://myopenlink.net/ods/">http://myopenlink.net/ods/</a> or
<a href=
"http://my.openlinksw.com/ods/">http://my.openlinksw.com/ods/</a>
(which servers are up and running) or you can put up your own
pretty quickly.</p>
<p class='irc'>&lt;<cite>bblfish</cite>&gt; dnssec</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; tinkster, that's a
nice first step towards getting mother maiden names, birthdays
etc...</p>
<p class='phone'>using the WOT</p>
<p class='irc'>&lt;<cite>bblfish</cite>&gt; HAR</p>
<p class='phone'>back in the day danbri was playing with the
signed foaf files with pgp</p>
<p class='phone'>but the issue was that not that many people
used pgp</p>
<p class='phone'>danbri asked if henry thought it was a good
idea to revisit such things</p>
<p class='phone'>henry started talking about signing sub-graphs
in RDF</p>
<p class='phone'>i don't understand why you would want to sign
a sub-grapg</p>
<p class='phone'>?</p>
<p class='irc'>&lt;<cite>tinkster</cite>&gt; J Carroll paper
mentioned by danbri - <a href=
"http://www.hpl.hp.com/techreports/2003/HPL-2003-142.pdf">http://www.hpl.hp.com/techreports/2003/HPL-2003-142.pdf</a></p>
<p class='phone'>digitally signing rdf : <a href=
"http://xmlns.com/wot/0.1/">http://xmlns.com/wot/0.1/</a></p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; danbri: 2 scenarios
... user signs locally and pushes the result up to server
(atompub etc); or else the host signs, so even if they don't
use ssl everywhere, you could know livejournal/hi5 etc's pubkey
and be sure the file wasn't interfered with</p>
<p class='phone'>foaf+ssl makes it easy to have multiple
certs</p>
<p class='phone'>you can also easily invalidate a cert if you
loose a machine</p>
<p class='phone'>using pgp, if you loose your private key, you
will have to ask people to re-sign your key</p>
<p class='phone'>:)</p>
<p class='phone'>danbri proposes a method of pushing data
signed data via atom-pub or similar to a site such as
facebook</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; (with eg garlik as a
file-signing intermediary ...)</p>
<p class='phone'>our foaf validator, can tell you if your foaf
file is signed properly</p>
<p class='phone'>but yes, signing a foaf file for someone else
does sound interesting</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; (I'm not gonna hold
my breath waiting for dns to be secured :)</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; mischa, ... just to
say 'garlik saw this, and got it from the party whose openid x
checked out...' ... but not necc to vouch for its contents</p>
<p class='irc'>&lt;<cite>Zakim</cite>&gt; danbri, you wanted to
ask about attacks when not https</p>
<p class='phone'>it would be nice to see if there was a method
in the X.509 external where you could say only send information
to a party if it is signed ?</p>
<p class='irc'>&lt;<cite>tinkster</cite>&gt; <a href=
"http://openid4.me">http://openid4.me</a></p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; <a href=
"http://openid4.me/">http://openid4.me/</a></p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; also <a href=
"http://github.com/akbarhossain/openid4me">http://github.com/akbarhossain/openid4me</a></p>
<p class='phone'>understood danbri</p>
<p class='phone'>openid4.me allows you to use an openid login
form</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; (garlik or other
biz-s could also fact check specific claims, like
workplaceHomepage ... )</p>
<p class='irc'>&lt;<cite>melvster</cite>&gt; AX: not yet
programmed</p>
<p class='irc'>&lt;<cite>melvster</cite>&gt; sreg works</p>
<p class='phone'>openid4.me allows you to use your WebID, and
your foaf+ssl cert to log in openid providers</p>
<p class='phone'>one important piece which is yet to be solved,
that is content negotiation on foaf files</p>
<p class='phone'>so in openid you can decide which bits of
personal information you want to send to a service provider</p>
<p class='phone'>there is no solution as of yet in the foaf+ssl
world</p>
<p class='irc'>&lt;<cite>melvster</cite>&gt; <a href=
"http://foaf.me">http://foaf.me</a> appears to be back ...
?</p>
<p class='phone'>yup it is melvster</p>
<p class='irc'>&lt;<cite>bblfish</cite>&gt; openid <a href=
"http://openid4.me">http://openid4.me</a></p>
<p class='irc'>&lt;<cite>bblfish</cite>&gt; <a href=
"http://blogs.sun.com/bblfish/entry/sketch_of_a_restful_photo">http://blogs.sun.com/bblfish/entry/sketch_of_a_restful_photo</a></p>
<p class='phone'>this is a restful implementation of how you
may want to interact with a restful web service using your
foaf+ssl WebID</p>
<p class='phone'>isn't this a similar example as presented in
the openid spec</p>
<p class='phone'>ah</p>
<p class='phone'>yes</p>
<p class='phone'>you are right</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; oauth use photo
sites as their intro use case</p>
<p class='irc'>&lt;<cite>melvster</cite>&gt; it's actually
closer to oauth WRAP (the newer version) than oauth</p>
<p class='phone'>i recall the oauth example in the spec uses
the photo service</p>
<p class='phone'>foaf+ssl wants to be make us of linked data,
semantic web, RDF.</p>
<p class='phone'>in the future we can imagine a world where
every user has their own website</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; sounds like <a href=
"http://unite.opera.com/">http://unite.opera.com/</a> :)</p>
<p class='phone'>:)</p>
<p class='phone'>or mac.com user pages</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; see also <a href=
"http://mail.jabber.org/pipermail/social/2009-June/000540.html">
http://mail.jabber.org/pipermail/social/2009-June/000540.html</a></p>
<p class='irc'>&lt;<cite>bblfish</cite>&gt; <a href=
"http://ladistribution.net">http://ladistribution.net</a></p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; anyone have
questions for henry?</p>
<p class='phone'>ack?</p>
<p class='irc'>&lt;<cite>bblfish</cite>&gt; <a href=
"http://blogs.sun.com/bblfish/entry/identity_in_the_browser_firefox">
http://blogs.sun.com/bblfish/entry/identity_in_the_browser_firefox</a></p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; anyone with
questions, use "q+ to ask about blahblah" here please</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; see <a href=
"http://lists.foaf-project.org/pipermail/foaf-protocols/">http://lists.foaf-project.org/pipermail/foaf-protocols/</a></p>
<p class='irc'>&lt;<cite>bblfish</cite>&gt; here <a href=
"http://lists.foaf-project.org/pipermail/foaf-protocols/">http://lists.foaf-project.org/pipermail/foaf-protocols/</a></p>
<p class='phone'>people should join the foaf-protocol mailing
list</p>
<p class='irc'>&lt;<cite>cperey</cite>&gt; me too, bye</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; mischa: with
foaf+ssl you need something inside your browser ...</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; ... do you think
we're moving to a world where ppl carry their browser around
with them</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; ... or they use
machines from anywhere, unless you brin your cert</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; bblfish: i was a bit
worried initially re signing others' foaf files with my
pubkey</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; ppl can selfsign
their certs, ... very easy to create new certs, ...</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; foaf.me should let
you get a list of certs you have, ... click on them and cancel,
... to create one for 10 mins (eg. a net cafe), ...</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; ... also another
tech, USB cards, which can be linked with firefox so you can
put your key on usb card, they'll do the encryption</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; without privkey
being shared anywhere</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; (missed detail)</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; bblfish: by basing
on tls/ssl, we build on existing expertise</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; ... they relied a
bit too much on ldap data structures</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; so too much pre-web
design</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; lacking web-style
flexibility/ namespaces</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; ldap doesn't allow
you to have a global directory</p>
<p class='irc'>&lt;<cite>tinkster</cite>&gt; Also, too much
emphasis on top-down certificate signing, rather than
self-signed.</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; (x500 did, kinda?
-danbri)</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; bblfish: so we're
supplying a missing piece to make the most of ssl</p>
<p class='irc'>&lt;<cite>Zakim</cite>&gt; danbri, you wanted to
ask about feedback you've had, in your tours/talks</p>
<p class='irc'>&lt;<cite>petef</cite>&gt; have to duck out now,
thanks Henry.</p>
<p class='phone'>danbri askes about the feedback on your tour,
and your priorities for the upcoming months</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; bblfish: similar
questions come up</p>
<p class='phone'>mainly security based questions</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; re security, ... was
pleased that specialists seemed relatively untroubled by the
design</p>
<p class='phone'>services such as foaf.me</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; (foaf.me is back btw
:)</p>
<p class='phone'>and openid4.me have really helped when trying
to see foaf+ssl</p>
<p class='phone'>foaf+ssl is seen as a practical way of showing
the semantic web working</p>
<p class='phone'>in a real world context that is a social
networking application</p>
<p class='phone'>drupal dev's found it an easy way into
Semantic web tech</p>
<p class='phone'>henry thinks we need more use cases for such
technology</p>
<p class='irc'>&lt;<cite>tinkster</cite>&gt; bblfish, ARC2's
SPARQL is pretty good in my experience, but can only operate on
in-database (MySQL-only in fact) triple stores; not
in-memory.</p>
<p class='phone'>we need to have people using it, so that we
can identify issues with the foaf+ssl proposition</p>
<p class='phone'>ack?</p>
<p class='phone'>the european tour was very useful, giving
talks about the work really helped. Most talks at barcamps, and
non-traditional conferences, i.e. not that academic</p>
<p class='phone'>webfinger</p>
<p class='phone'>henry would love the swxg to support
foaf+ssl</p>
<p class='phone'>?ack</p>
<p class='phone'>?q</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; I logged into Jyte:
* Signed in as openid4.me/<a href=
"http://foaf.me/danbri2%23me">http://foaf.me/danbri2%23me</a></p>
<p class='irc'>&lt;<cite>tinkster</cite>&gt; RDF vCard would be
nearly as useful.</p>
<p class='phone'>no offense to danbri</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; yeah, it's a fair
question</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; foaf was designed to
be optional!</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; original name was
rdfweb ... foaf was just the 'utility vocab'</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; &lt;- <a href=
"http://www.foaf-project.org/original-intro">http://www.foaf-project.org/original-intro</a></p>
<p class='phone'>question regarding whether foaf was necessary
in the foaf+ssl</p>
<p class='irc'>&lt;<cite>tinkster</cite>&gt; DNA checksum will
be useful when we create FOAF+Blood authentication.</p>
<p class='phone'>semantic web tech allows you to add more
namespaces</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; 'please spit on the
screen'</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; 'no, down a
bit...'</p>
<p class='phone'>allowing you add more information to your foaf
file, as ontologies come about</p>
<p class='irc'>&lt;<cite>MacTed</cite>&gt; GoodRelations - what
do you need, what do you have...</p>
<p class='phone'>danbri asked which properties you need to
implement a foaf+ssl</p>
<p class='phone'>login</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; danbri: exactly
which properties (and classes) are needed when implementing a
foaf+ssl system</p>
<p class='irc'>&lt;<cite>tinkster</cite>&gt; cert:identity,
rsa:public_exponent, rsa:modulus, cert:hex, cert:decimal.</p>
<p class='phone'><cite>tinkster:</cite> a link to a cert:?</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; so those 2
namespaces timbl dropped onto w3.org?</p>
<p class='phone'><cite>bblfish:</cite> <a href=
"http://bblfish.net/people/henry/card#me">http://bblfish.net/people/henry/card#me</a>
WedID</p>
<p class='irc'>&lt;<cite>tinkster</cite>&gt; No, the cert links
to the FOAF file. The FOAF file doesn't need to link to the
cert (it describes it via those properties).</p>
<p class='phone'>for an example</p>
<p class='phone'>ah no my question was, could you give the full
URI for "cert:identity"</p>
<p class='phone'><a href=
"http://www.w3.org/ns/auth/cert">http://www.w3.org/ns/auth/cert</a>#</p>
<p class='phone'>got it</p>
<p class='phone'>and <a href=
"http://www.w3.org/ns/auth/rsa">http://www.w3.org/ns/auth/rsa</a>#</p>
<p class='irc'>&lt;<cite>caribou</cite>&gt; member
submission?</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; Todo:</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; - add some classes
and relations for DSA</p>
<p class='irc'>&lt;<cite>bblfish_</cite>&gt; <a href=
"http://www.w3.org/ns/auth/cert">http://www.w3.org/ns/auth/cert</a>#</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; - should this all be
in one file? Or should this be cut up a little? Say one file
for the general CERT ontology, and then files for RSA, DSA,
PGP, etc... Or perhaps it does not really matter?</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; - expand more on the
certification side of things</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; - verify this by
security experts</p>
<p class='irc'>&lt;<cite>bblfish_</cite>&gt; <a href=
"http://www.w3.org/ns/auth/rsa#%3E">http://www.w3.org/ns/auth/rsa#&gt;</a></p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; - add more todos</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; - owl2 has some
constructs for combined inverse functional properties.</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; This may be useful
to use in defining an RSA key which is identified</p>
<p class='phone'>wants a foaf:knows in bblfish's foaf file
:)</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; by two numbers.</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; - when more stable
create rdf/xml version</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; - also create html
version of the spec by using this as a template.</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; - should comments
such as this be in html?</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; we could publish a
swig note</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; or as caribou
mentions, a member sub (if you continue working for a
Member)</p>
<p class='irc'>&lt;<cite>bblfish</cite>&gt; here <a href=
"http://blogs.sun.com/bblfish/entry/foaf_ssl_adding_security_to">
http://blogs.sun.com/bblfish/entry/foaf_ssl_adding_security_to</a></p>
<p class='phone'>what is the smallest thing needed for the spec
to be useful</p>
<p class='irc'>&lt;<cite>caribou</cite>&gt; danbri, 1 member
amongst the authors is sufficient</p>
<p class='irc'>&lt;<cite>tinkster</cite>&gt; Smallest thing to
be useful = a blog post, though a UN resolution would be
nice.</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; UN :)</p>
<p class='phone'>danbri asks if Henry would be happy for the
work to be published via the W3C ?</p>
<p class='phone'>henry would be happy for the work to be
published via the W3C</p>
<p class='irc'>&lt;<cite>tinkster</cite>&gt; Open Web
Foundation is a possibility too.</p>
<p class='irc'>&lt;<cite>melvster</cite>&gt; graphical example
of the ontology (scroll down) <a href=
"http://www.w3.org/RDF/Validator/ARPServlet?URI=http%3A%2F%2Ffoaf.me%2Fah1&amp;PARSE=Parse+URI%3A+&amp;TRIPLES_AND_GRAPH=PRINT_BOTH&amp;FORMAT=PNG_EMBED">
http://www.w3.org/RDF/Validator/ARPServlet?URI=http%3A%2F%2Ffoaf.me%2Fah1&amp;PARSE=Parse+URI%3A+&amp;TRIPLES_AND_GRAPH=PRINT_BOTH&amp;FORMAT=PNG_EMBED</a></p>
<p class='phone'>the scribe will have to go soon</p>
<p class='irc'>&lt;<cite>danbri</cite>&gt; mischat, thanks for
scribing</p>
<p class='phone'>np</p>
</div>
<h2><a name="ActionSummary" id="ActionSummary">Summary of Action
Items</a></h2><!-- Action Items -->
[End of minutes]<br />
<hr />
<address>
Minutes formatted by David Booth's <a href=
"http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm">
scribe.perl</a> version 1.135 (<a href=
"http://dev.w3.org/cvsweb/2002/scribe/">CVS log</a>)<br />
$Date: 2009/12/09 17:21:31 $
</address>
<div class="diagnostics">
<hr />
<h2>Scribe.perl diagnostic output</h2>[Delete this section
before finalizing the minutes.]<br />
<pre>
This is scribe.perl Revision: 1.135 of Date: 2009/03/02 03:52:20
Check for newer version at <a href=
"http://dev.w3.org/cvsweb/~checkout~/2002/scribe/">http://dev.w3.org/cvsweb/~checkout~/2002/scribe/</a>
Guessing input format: RRSAgent_Text_Format (score 1.00)
Succeeded: s/WebId/WebID/
Found Scribe: mischat
Found Scribe: mischat
Inferring ScribeNick: mischat
WARNING: No "Topic:" lines found, but dash separators were found.
Defaulting to -dashTopics option.
WARNING: No "Present: ... " found!
Possibly Present: AX Anita AnitaD MacTed OpenLink_Software P18 P32 Todo bblfish bblfish_ caribou cert cperey danbri hhalpin melvster mischa pchampin petef rreck timbl tinkster trackbot
You can indicate people for the Present list like this:
&lt;dbooth&gt; Present: dbooth jonathan mary
&lt;dbooth&gt; Present+ amy
Found Date: 09 Dec 2009
Guessing minutes URL: <a href=
"http://www.w3.org/2009/12/09-swxg-minutes.html">http://www.w3.org/2009/12/09-swxg-minutes.html</a>
People with action items:
WARNING: Input appears to use implicit continuation lines.
You may need the "-implicitContinuations" option.
</pre>[End of <a href=
"http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm">
scribe.perl</a> diagnostic output]
</div>
</body>
</html>