[OpenID] openid, foaf and attribute exchange

Story Henry henry.story at bblfish.net
Wed Jul 25 22:19:24 UTC 2007 

On 25 Jul 2007, at 20:40, Peter Williams wrote:

> Using RDF resources for FOAF in the OpenID Context is a good idea ...
> for the very reason that significant FOAF infrastructure already  
> exists.
> OpenID deployments can easily cooperate with the parallel FOAF
> infrastructure that others develop and maintain. The whole  
> microformats
> aspect pursued by the FOAF community is well suited to OpenID design
> philosophy, I believe - using HTML rather than XML/RDF to communicate
> simplistic data fields, SIMPLY. As its only certain OP Consumers that
> might bother to add this kind of FOAF UI value and access controls  
> (and
> thus engineer the required support for the RDF handling), a nice
> distinction between OP Consumers comes about: some add FOAF/RDF  
> support,
> some do not. This parallels OpenID Exchange - an optional protocol for
> OP Consumers. An OpenID Consumer is NOT "incomplete", when support for
> OpenID Exchange is absent, we note.

Yes. I agree. OpenID exchange complements OpenId the way I am  
proposing foaf can.
But it would be worth looking at how much one can get done just with  
foaf and the
  basic elements of openid, and see how far that gets one.

>
> Making OpenID into more of a heavyweight identity management protocol
> (with RDF ontologies affecting OpenID core compliance itself)  
> starts to
> raise questions in my mind. Is OpenID _targeting_ federation-style
> architectures - rather than de-centralization? Is OpenID staying  
> simple,
> or is compliance going to assume that OP Consumers and OP Providers  
> must
> interface to RDF resources? Is the style of the spec going to go from
> its free and easy, free-form English... or become a barrier to reading
> by your average programmer, when it starts to exhibit use of high- 
> power
> formalisms?

Certainly not.  My thought is that OpenId could remain very simple,  
like it
is with version 1.1

The extra goodies can just come from extra metadata given by RDF.
RDF/XML by the way is difficult to understand, but not RDF itself.  
See my recent post

http://blogs.sun.com/bblfish/entry/the_limitations_of_json

Also don't bother initially with RDf/XML. Learn N3.

>
> These issues and question are pertinent believe - as they define what
> the goals of the community are. It OpenID going to stay
> philosophically-true to its grassroots image and nature ...which  
> led to
> its runaway success? Or, is a club of security professional vendors  
> now
> going to drive it... as yet another way to deliver identity management
> products/services?

It should stay simple and close to the web: ie RESTful. Which is why  
I am critical of
the attribute exchange spec.

>
> Let me put it more simply, perhaps. If it's the goal of OpenID to
> compete with SAML/ws-trust, I'm not sure I'm in the right place. I do
> like the way SUN characterize OpenID: it's a lightweight protocol that
> complements the world of SAML/ws-trust doing well things that  
> neither of
> the latter will do well, each being over-engineered for low- or
> medium-assurance webSSO.

He. I work at Sun, but I don't have any SAML baggage. I don't really  
know anything in that
space. I am looking at the world with my Matrix RDF glasses on, and I  
see a bunch of triples.
:-)

What I am looking at is how far one can go with a little extra  
metadata and simple openid.
It looks like there is quite a lot of fun things here.

>
> I saw recently, in contrast to the SUN philosophy, the way the Bandit
> project conceives of the world, and OpenID indeed. Whilst its seems
> proper that OpenID can be fit into Bandit as a plug-and-play  
> component,
> I'm not sure I'd counsel folks to let OpenID insist that implementers
> MUST adopt that design culture. Do I have to know what an RDF ontology
> even is, merely to send my OpenID to a form?

(I don't know Bandit)

As I see it, OpenId should work as it is as specified with 1.1  
(That's the piece I understand I think)
with or without RDF.

It is just fun to see what a little RDF can do in combination with  
OpenId.  For example
  in this blog http://blogs.sun.com/bblfish/entry/foaf_openid
I showed how one can link to a foaf file from an OpenId  
represenation, and thereby get all the
identity data one would ever want to have. It's all done allready,  
and the tools are there too

http://blogs.sun.com/bblfish/entry/java_leads_in_semweb_tools

Henry

>
> -----Original Message-----
> From: general-bounces at openid.net [mailto:general- 
> bounces at openid.net] On
> Behalf Of Mark Wahl
> Sent: Wednesday, July 25, 2007 6:16 AM
> To: Story Henry
> Cc: foaf-dev; general at openid.net
> Subject: Re: [OpenID] openid, foaf and attribute exchange
>
> Story Henry wrote:
>
>>    - duplicating effort. This spec is inventing a metadata format, a
>> query language and storage API, which is a lot of work. These things
>> have been done before:
>>       + metadata framework: as shown above RDF does this very well
>> already. It has a very powerful semantics, has gone through years of
>> review by some of the best thinkers in the world, is extensible, self
>
>> describing, etc, etc... having to learn another special convention as
>
>> proposed here, is one more unnecessary piece of work.
>
> Actually there has not yet been defined a suitable protocol- 
> indepdendent
>
> metadata format for identity schemas elements such as attribute types
> and claim types. "RDF" by itself is insufficient as there has not yet
> been defined ontologies for identity schemas.  To address this the
> Identity Commons Identity Schemas working group is defining a  
> common set
> of metadata representation elements for OpenID (and CardSpace and  
> others
> emerging protocols); a work-in-progress can be seen at
> http://idschemas.idcommons.net/moin.cgi/MetaData
> which can be expressed in RDF and retrieved via "GET", as described in
> http://idschemas.idcommons.net/moin.cgi/BasicRetrieval
>
>
> Mark Wahl
> Informed Control Inc.
>

More information about the general mailing list