[Debwebid-discuss] Reworked the Wiki page a bit

Olivier Berger olivier.berger at telecom-sudparis.eu
Thu Nov 7 16:07:50 UTC 2013 

Hi.

Jonas Smedegaard <dr at jones.dk> writes:

> I am still wondering if the choice of domain webid.debian.net is 
> confusing more than it helps.  At least if confuses me - I wonder if 
> perhaps foaf.debian.net or lod.debian.net would've been more accurate:
>

It's just a .net one, so the problem is not critical in any case.

Note that its implementation details shouldn't be considered too
seriously for the moment. It was an early experiment, and my
understanding of WebID is hopefully better these days (and the
standardisation effort has evolved too).

> That website hosts auto-generated semantic data _describing_ DDs and 
> tying some project data (e.g. package releases) to DDs using URLs at 
> that same website, right?  But are those URLs WebIDs?

Yes, as it was generated from the people script of the Deian website
that knew of some of these links. However, there may be more accurate
sources of such links, like what the PTS publishes.


Anyway, about what a WebID is, there are 3 different concepts in the
specs AFAIU :
 - a WebID : a URI in the form <http://webid.debian.org/people/obergix#me>
 - a WebID profile : the graph of RDF attributes and links describing
   <http://webid.debian.org/people/obergix#me>
 - a WebID profile document : what is fetched when requesting
   'http://webid.debian.org/people/obergix', which could be done through
   content-negociation or redirection (303), for instance a
   'text/turtle' document named obergix.ttl, which contains the RDF
   serialization of <http://webid.debian.org/people/obergix#me> (named
   <#me> inside the document), and other linked resources (the user's
   certs, link to his contributions: packages, etc.)

So, strictly speaking, <http://webid.debian.org/people/obergix#me> could
be my "canonical" (sic) /identity/ of a member of Debian (my Debian
WebID), even if my profile physically rests at
'http://webid.debian.org/people/obergix.ttl' for instance.

>
> As I understand it, a WebID is a URL under the control of the agent that 
> it identifies.

The goal is to explicitely exercise access control over some parts of
your identity. So I imagine that as a person you would generally have
several different WebIDs as your profiles in different contexts (one for
professional activity, one for membership in Debian, one for family
affairs, etc.), and details of these may or may not be accessible to the
same people/services. All of these would be inter-linked with
rdfs:seeAlso links, and owl:sameAs ones when declaring equivalent
resources.

For instance there would my master WebID at
https://www.olivierberger.org/olivier :

 <https://www.olivierberger.org/olivier#me> 
   a foaf:Person ;
   rdfs:seeAlso <https://www.olivierberger.org/friends#oliviersfriends> ;
   rdfs:seeAlso <http://webid.debian.org/people/obergix> ;
   owl:sameAs <http://webid.debian.org/people/obergix#me> .

And at : https://www.olivierberger.org/friends (but accessible only to
my friends, who are the ones allowed to know my friends list, through
whatever ACLS mechanism I setup on my server) :

 <https://www.olivierberger.org/olivier#me> 
   a foaf:Person ;
   foaf:knows <http://jones.dk/jonas#me> .

And at <http://webid.debian.org/people/obergix#me> (generated by Debian,
and eventually trustable as such) :

 <http://webid.debian.org/people/obergix#me>
   a foaf:Person ;
   rdfs:seeAlso <https://www.olivierberger.org/olivier> ;
   owl:sameAs <https://www.olivierberger.org/olivier#me> .

So I have 2 identities, some part of my profile aren't accessible to
everyone, and some are, in the context of public projects.

There are backlinks between these so that anyone holding a DNS named
like me doesn't pretend to be the same as me in Debian.

>  Or am I then talking WebID+TLS - not the (new) 
> definition of WebID itself?!?
>

WeID + TLS is an extension to WebID in that some of the attributes of
the WebID are links to certs of public keys, which themselves point to
the WebID, allowing to perform Web authentication in addition of
identification.

Yes, the 2 specs have been splitted by the community group, to not limit
WebID's use to authentication (Identitication + authentication +
authorizations, etc.)

In my latest experiment on userdir's rewrite with Django, I've
tested the generation and management of certs in relation to WebIDs, but
I'm not sure the WebID + TLS is the priority for Debian, unless it can
clearly overrule other SSO mechanisms DSA are using (DACS).
I haven't investigated too much the storage of the links against other
WebIDs of the same Debian project member, but that could be added to the
TODO while I'm thinking about it.

I think that the use of WebID for interlinking contributor profiles on
the Semantic Web is probably the higher priority for me : both with the
PTS (and other RDF resources about development : packages, bugs, etc.)
or as a machine readable version of the contributions
(contributors.debian.org).

I hope this clarifies.

Best regards,
-- 
Olivier BERGER 
http://www-public.telecom-sudparis.eu/~berger_o/ - OpenPGP-Id: 2048R/5819D7E8
Ingenieur Recherche - Dept INF
Institut Mines-Telecom, Telecom SudParis, Evry (France)

More information about the Debwebid-discuss mailing list