[newmaint-site] Contributors identity management - Was: Re: contributors.debian.org milestones

Mon Nov 4 21:21:49 UTC 2013

Hi.

Enrico Zini <enrico at enricozini.org> writes:

[SNIP]

Great to see some progress :-)

> Milestone 3: moar identifiers
>
>  - Get more kinds of identifiers into the mix: emails, gpg fingerprints,
>    wiki names.
>
>    This needs figuring out both privacy requirements and integrity
>    requirements: we need to avoid to open trolling avenues, like sending
>    one silly bugreport a week as debiansux at ownyouftw.troll to get into
>    the list. Identifiers should be somehow tied to reputation that is
>    built up with constructive work: if one wants to have
>    debiansux at ownyouftw.troll end up in the list, they need to earn it
>    honestly.
>
>    Two possible ideas:
>
>     - one needs to have a gpg key with a trust path leading to the
>       strongly connected set;
>     - the initial opt-in is initiated with a mail from the Debian
>       Welcome Team, and they might decide to wait a bit and see when
>       they notice a suspicious identifier.
>
>    But really, different identifiers may have different requrements,
>    we'll see it when we get there. As data flows in from new data
>    sources, we should start getting some idea.
>
>    For example, emails in debian/changelog, since a DD signs for its
>    integrity, can be trusted differently than emails from the BTS, where
>    anyone can post.
>
>  - Identity management needs to be implemented, and this probably means
>    waiting until after the single signon sprint meeting that should
>    happen in January. Too much information is missing now to make good
>    tradeoffs.
>

As I mentioned in [0] I'm looking at WebID [1], a standard being
developped at the W3C as a mean to inter-link different user profiles
(machine processable ones), which could hopefully serve in the context
of DC.

I'm currently looking at integrating some Django code accessing the
Debian LDAP (written by Luca Filipozi for userdir-ldap) and the Django
WebID provider contrib written by Ben Nomadic, in an attempt at
providing reference Debian WebIDs for project members. My code is at
[2], quite early, but somehow working (here on my laptop, need to
install a demo, etc...). It's WIP ;-)

The goal would be that, at least for contributors to Debian who would
have such published WebID profiles, this could be a mean to trust some
descriptions of the different identities of these people.

It becomes interesting when this reference Debian WebID can be
interlinked (with owl:sameAs links) to other profiles in other
contexts/communities (potentially ones signed with their GPG keys, for
trust matters).

For instance, I have a WebID at home that says that I'm using both
oberger at ouvaton.org and obergix at debian.org [3], and one at work, that
says I'm using olivier.berger at telecom-sudparis.eu [4], and have
interconnected these. This can help relate my different identities
(provided that I wish so : I may not want to "endorse" my work activity
and my hobbyist time in the same manner). Now I could interlink them
with <http://webid.debian.net/maintainers/obergix#agent> (an early
experiment, but in the future, such profile could be on a debian.org Web
service, such as userdir-ldap/db.debian.org - hence my effort described
above).

I'm not exactly sure which parts of the problem, and to which extent
this could help with, but I'm quite sure we can make use of all this
somehow. The main deal is to use a standard of the Semantic Web here, to
maximize interoperability. This is probably a minor aspect vs. the
initial human-readable goal of DC, but quite complementary, I think.

If I can, I'd like to try and mix the WebID profile generation code for Django
with the code of DC in a later attempt, once I have quite reasonable
results for my current experiment with userdir-ldap.

Any questions/comments welcome.

Best regards,

P.S. note that WebIDs should now be publised as Turtle [5] but I haven't
yet migrated mines which are still RDF/XML :-/

[0] http://lists.alioth.debian.org/pipermail/newmaint-site/Week-of-Mon-20130930/000022.html
[1] http://www.w3.org/wiki/WebID
[2] http://anonscm.debian.org/gitweb/?p=users/obergix/userdir-ldap_and_webid.git
[3] http://www.olivierberger.org/foaf.rdf#me
[4] http://www-public.telecom-sudparis.eu/~berger_o/foaf.rdf#me
[5] http://www.w3.org/TR/turtle/
-- 
Olivier BERGER 
http://www-public.telecom-sudparis.eu/~berger_o/ - OpenPGP-Id: 2048R/5819D7E8
Ingenieur Recherche - Dept INF
Institut Mines-Telecom, Telecom SudParis, Evry (France)