[Debwebid-discuss] About userdir-ldap rewrite (again)

[Olivier Berger]

Martin Zobel-Helas <zobel at debian.org> writes:

> Hi, 
>
> What do you want to achieve with WebID? Authentication of users inside Debian
> for websites is done by the web-password ldap field and we use DACS as server
> side software. That can also do (in the next incarnation) x509 client
> authentication.
>

WebID + TLS [2] for authentication could be one use, but that's not my main
goal for now.


My idea is to provide a WebID [3] profile that could serve as a
reference profile/identity for a Debian project member, which could be
used to interlink profiles of people contributing to Debian, with other
sources of meta-data about the project/distro, on the Semantic Web
(i.e. in a machine processable way, aka Linked Data). I've previously
worked on such meta-data about packages, in the PTS, for instance (see
[0]).

Together with other profiles (personal, professional, in other
projects), this could be used to provide a standards based (RDF)
description of one's resume/profile, but all being controlled by the
user.

For instance, I could have my main WebID profile at my domain, pointing
to my reference profile in Debian published by db.debian.org (or another
base URI more like webid.debian.org), in turn linked to the packages I
maintain, etc. Think of a decentralized ohloh kind of model.

So here, this Django app would provide this reference profile for one's
involvement as a Debian project member (opt in, etc.).

The difference with LDAP queries results, of course, is that RDF used by
WebID profiles, is published as a semantic format, unambiguous.


Now, when we have these profiles, and if we couple them with TLS
(client) certs, we can also use them for authentication, which could
replace DACS, OpenID or other protocols for SSO between Debian Web
services.

Here again, the plus would be the use of standard protocols, where the
profile could provide meta-data of profile attributes to relying parties
in a standard manner.


The Django WebID provider I'm reusing provides mainly the TLS certs
generation and binding to the WebID profile, so, I'd better reuse it for
the future, even if it's not clear we'll use WebID + TLS any day soon.


I hope this makes my effort a bit more clear to you.


You may find some more bits about WebID at [1], although it needs some
love to structure the various bits discussed at the Debconf BoF and
later discussions on the ML.

Any comments welcome.

Best regards,

[0] http://www-public.telecom-sudparis.eu/~berger_o/weblog/2013/06/06/new-paper-authoritative-linked-data-descriptions-of-debian-source-packages-using-adms-sw-accepted-at-oss-2013/
[1] https://wiki.debian.org/WebIDDebianNet
[2] https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/tls-respec.html
[3] https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/identity-respec.html
-- 
Olivier BERGER 
http://www-public.telecom-sudparis.eu/~berger_o/ - OpenPGP-Id: 2048R/5819D7E8
Ingenieur Recherche - Dept INF
Institut Mines-Telecom, Telecom SudParis, Evry (France)