[Debwebid-discuss] Recap of past WebID discussions, including the Debconf BoF

[Olivier Berger]

Hi.

I've thus started this mailing list in order to try and find a place
where to discuss the use of WebID for the Debian project, and not
pollute too much debian-devel with it.

I'm putting Hector in CC: as I'm not sure he ahs subscribed yet, and
showed some interest during the Debconf BoF.


So, it I try to recap past discussions and efforts, and please
complement this as I will porbably forget a lot.


There are currently a few user identification/authentication mechanisms
in the Debian project, when contributors need to access services of the
project : via login/pass, or via OpenPGP signed emails.

It seems more and more Web apps are being written/rewritten, to serve as
platforms supporting various activities in the project.

So I'm thinking it could be interesting to evaluate WebID for a standard
based solution for contributors identification and/or authentication.

WebID [0] is interesting, in several aspects, as it is meant to be
interoperable, extensible, and inn control of the user.

Debian has already some experience in managing trust through its OpenPGP
base web of trust, and WebID relies on similar concepts.


For Web auth/Single Sign On, WebID + TLS could be used, of course, but
OpenPGP could be put in the loop too, if we find a convenient way. There
are some ongoing discussions on this aspect.


Another aspect is contributor identification, where WebID's FOAF [1]
attributes can serve a lot, in particular to represent people in Linked
Data representations of other Debian artifacts, like the ADMS.SW RDF
descriptions of Debian packages [2].


My idea is that the WebID could describe some Debian activities of
people, in a "certified" (by Debian or Debian peers) way, interlinked to
other aspects of the user's activities and identity in control of them
on their own storage (think freedombox, personnal data lockers,
decentralized social networks).

And this/these WebIDs, coupled with asymetric key techno could serve for
signature/authentication.


I hope this makes a short and consistent summary of the main ideas, and
makes sense to you too ;-). Maybe the WebID page in the wiki [3] should
be updated to reflect all of this ;-)


I'll add further details on other messages, including those relating to
webid.debian.net.


Comments much welcome, then.


Best regards,

[0] http://www.w3.org/wiki/WebID
[1] http://www.foaf-project.org/
[2] https://wiki.debian.org/qa.debian.org/pts/RdfInterface
[3] https://wiki.debian.org/WebID
-- 
Olivier BERGER 
http://www-public.telecom-sudparis.eu/~berger_o/ - OpenPGP-Id: 2048R/5819D7E8
Ingenieur Recherche - Dept INF
Institut Mines-Telecom, Telecom SudParis, Evry (France)