Yep, so simple and clear. I am at a loss for words here because all this is quite new to me. But what impresses me most is that you have a "resource model" (these are not my words, comes from John Kemp), and "triple model" (comes from Peter Williams).<div>
<br></div><div>Whatever you call call it, the fact of the matter is you have a "model" to work with, and hence the chances of you going wrong with it is much reduced.</div><div><br></div><div>People who don't have "models" to work with, end up "shooting in the dark", and "shooting in the dark" seems to be quite a common practice among a few organizations (not all) around here.</div>
<div><br></div><div>My apologies for the tirade in the last paragraph. Just consider me as one of those wonks who speaks his mind out around here.</div><div><br></div><div><br><br><div class="gmail_quote">On Fri, Nov 20, 2009 at 2:46 PM, Akbar Hossain <span dir="ltr"><<a href="mailto:akkiehossain@googlemail.com">akkiehossain@googlemail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Hi<br>
<br>
You may find looking at the html source of this example identity page helpful.<br>
<br>
<a href="Http://openid4.me/http://bblfish.net/people/henry/card%23me" target="_blank">Http://openid4.me/http://bblfish.net/people/henry/card%23me</a><br>
<br>
You will see the rdfa markup of a few attributes extracted from henrys<br>
foaf file. As well as the openid link discovery markup. So this page<br>
or something similiar could be used as your openid identity page and<br>
foaf file. A hAtom version should be very doable.<br>
<br>
There is a link at the bottom of the page to show its contents in rdf/xml.<br>
<br>
Thanks<br>
<div><div></div><div class="h5"><br>
<br>
On 11/20/09, Santosh Rajan <<a href="mailto:santrajan@gmail.com">santrajan@gmail.com</a>> wrote:<br>
> Thanks for the hint Peter. I need to study this in more detail. Looks<br>
> promising.<br>
><br>
> On Fri, Nov 20, 2009 at 8:46 AM, Peter Williams <<a href="mailto:home_pw@msn.com">home_pw@msn.com</a>> wrote:<br>
><br>
>> The only thing I see as viable alternative to rdfa would be some hatom<br>
>> microformat.<br>
>><br>
>> If the major content mgy systems such as drupal become rdfa capable, the<br>
>> complexity of the rdf triple model becomes a non issue.<br>
>><br>
>> Using the triple model for the data model also aligns with the xri/Xdi<br>
>> Model - which is a custom rdf vocabulary tuned to fine grained access<br>
>> controls and data contracts. ( just like tagset allow one to use XML to<br>
>> define markups providing custom languages, so one can define rdf vocabs -<br>
>> that let custom graph meta-structures similarly characterise custom data<br>
>> meshes (ie security models with specific lattices for authorization or<br>
>> obligation structures, ...).<br>
>><br>
>><br>
>><br>
>><br>
>> On Nov 19, 2009, at 6:29 PM, Santosh Rajan <<a href="mailto:santrajan@gmail.com">santrajan@gmail.com</a>> wrote:<br>
>><br>
>> Yes indeed Peter. More than anything, it has cleared my confused head (as<br>
>> you can make out from my original post).<br>
>><br>
>> We need to seriously look at RDF + RDFa. Or may be something analogous to<br>
>> it.<br>
>><br>
>> I am beginning to believe cows will lay eggs too :-)<br>
>><br>
>> On Fri, Nov 20, 2009 at 7:39 AM, Peter Williams < <<a href="mailto:home_pw@msn.com">home_pw@msn.com</a>><br>
>> <a href="mailto:home_pw@msn.com">home_pw@msn.com</a>> wrote:<br>
>><br>
>>> I have to say santosh, I find the story that henry tells to be very<br>
>>> compelling.<br>
>>><br>
>>> It didn't quite work last year. But now with rdfa expressing the triples<br>
>>> in html files and with foaf+ssl enabling a (photo) server to retrieve<br>
>>> access controlled subgraphs of data attributes the sheer parsimony of<br>
>>> required identity concepts and the sheer consistency of just a few<br>
>>> axioms<br>
>>> in the underlying identity logic makes it all quite impressive. The<br>
>>> subject<br>
>>> identifier model in the I&a space has merged with the object identifer<br>
>>> model<br>
>>> in the data world<br>
>>><br>
>>><br>
>>><br>
>>> On Nov 19, 2009, at 5:04 PM, Story Henry < <<a href="mailto:henry.story@bblfish.net">henry.story@bblfish.net</a>><br>
>>> <a href="mailto:henry.story@bblfish.net">henry.story@bblfish.net</a>> wrote:<br>
>>><br>
>>> Hi Santosh,<br>
>>>><br>
>>>> After commenting on your mail below, I realised that my latest blog post<br>
</div></div>>>>> would be of interest to you " <<a href="http://openid4.me/" target="_blank">http://openid4.me/</a>><a href="http://openid4.me/" target="_blank">http://openid4.me/</a> --<br>
<div class="im">>>>> OpenId ♥ foaf+ssl" .<br>
>>>><br>
>>>> But there is more to my answer below than that...<br>
>>>><br>
>>>> On 19 Nov 2009, at 15:54, Santosh Rajan wrote:<br>
>>>><br>
>>>>> This is something that has me stumped. I am sure this subject has been<br>
>>>>> discussed in various forms before. But i think we need to clarify this,<br>
>>>>> now<br>
>>>>> that we are talking about openid v.next.<br>
>>>>> Let us start with the semantic web folks.<br>
>>>>><br>
>>>><br>
>>>> I am really pleased that you are bringing up the semantic web here. You<br>
>>>> have things mostly right. They are in fact a bit simpler that what you<br>
>>>> make<br>
>>>> them below.<br>
>>>><br>
>>>> let us first define two prefixes using the N3 notation<br>
>>>><br>
</div>>>>> @prefix foaf: < <<a href="http://xmlns.com/foaf/0.1/" target="_blank">http://xmlns.com/foaf/0.1/</a>><a href="http://xmlns.com/foaf/0.1/" target="_blank">http://xmlns.com/foaf/0.1/</a>><br>
>>>> .<br>
>>>> @prefix : < <<a href="http://example.com/john#" target="_blank">http://example.com/john#</a>><a href="http://example.com/john#" target="_blank">http://example.com/john#</a>> .<br>
<div class="im">>>>><br>
>>>><br>
>>>> According to them the answer is no<br>
>>>>> (if i have understood them correctly)! eg. if John's OpenID was<br>
</div>>>>>> <<a href="http://example.com/john" target="_blank">http://example.com/john</a>><a href="http://example.com/john" target="_blank">http://example.com/john</a>, then according to<br>
>>>>> the semantic web folks<br>
>>>>> 1) <<a href="http://example.com/john#me" target="_blank">http://example.com/john#me</a>><a href="http://example.com/john#me" target="_blank">http://example.com/john#me</a> is John's<br>
<div class="im">>>>>> OpenID<br>
>>>>><br>
>>>><br>
>>>> It is simpler that that: the openid is simply < <<a href="http://example.com/" target="_blank">http://example.com/</a>><br>
>>>> <a href="http://example.com/john" target="_blank">http://example.com/john</a>><br>
>>>> OpenIds are indirect identifiers for people. They identify a resource<br>
>>>> that is a document. This resource has a unique agent, whose OpenId it<br>
>>>> is.<br>
>>>><br>
</div>>>>> :me foaf:openid < <<a href="http://example.com/john" target="_blank">http://example.com/john</a>><a href="http://example.com/john" target="_blank">http://example.com/john</a>><br>
>>>><br>
>>>> 2) <<a href="http://example.com/john#home" target="_blank">http://example.com/john#home</a>><a href="http://example.com/john#home" target="_blank">http://example.com/john#home</a> is John's<br>
<div class="im">>>>>> homepage<br>
>>>>><br>
>>>><br>
>>>> A homepage is a document. There is no need to use the hash indirection<br>
>>>> to<br>
>>>> identify the document. In the case you are describing the OpenId is the<br>
>>>> same<br>
>>>> as the homepage. So:<br>
>>>><br>
</div>>>>> :me foaf:homepage < <<a href="http://example.com/john" target="_blank">http://example.com/john</a>><a href="http://example.com/john" target="_blank">http://example.com/john</a>> .<br>
>>>><br>
>>>> 3) <<a href="http://example.com/john#RDF" target="_blank">http://example.com/john#RDF</a>><a href="http://example.com/john#RDF" target="_blank">http://example.com/john#RDF</a> is John's<br>
<div class="im">>>>>> resource descriptor. (I am using<br>
>>>>> RDF, or Atom if you may) instead of XRD because I am pissed off by<br>
>>>>> XRD).<br>
>>>>><br>
>>>><br>
>>>> yes, but to be consistent with the above let us make that<br>
>>>><br>
</div>>>>> < <<a href="http://example.com/john#me" target="_blank">http://example.com/john#me</a>><a href="http://example.com/john#me" target="_blank">http://example.com/john#me</a>> a foaf:Person<br>
<div><div></div><div class="h5">>>>> .<br>
>>>><br>
>>>> The above are minor but important details to get right. :-)<br>
>>>><br>
>>>>><br>
>>>>> Also they have another solution called content negotiation, (but it<br>
>>>>> does<br>
>>>>> not<br>
>>>>> matter as far as this discussion is concerned).<br>
>>>>><br>
>>>>> Next is OpenID 1.0. According to which John's OpenID resolves to his<br>
>>>>> html<br>
>>>>> homepage, which will contain his resource descriptor information.<br>
>>>>><br>
>>>>> Then we have directed identity, which resolves to nothing really, other<br>
>>>>> that<br>
>>>>> some "BIG EGOS". This should be dumped, and we should assuage the big<br>
>>>>> ego's<br>
>>>>> with an acct: URI. Which is actually fair.<br>
>>>>><br>
>>>><br>
>>>> I have not followed the discussion on directed identity. Can you fill me<br>
>>>> in?<br>
>>>><br>
>>>><br>
>>>>> Then we come to the final problem of OpenID's and acct: URI's. Both<br>
>>>>> should<br>
>>>>> resolve to something, and the same thing. The resource descriptor.<br>
>>>>><br>
>>>>> Now I firmly believe that identifiers should resolve to their<br>
>>>>> descriptor's.<br>
>>>>> It is only fair that identifiers resolve to something meaningful. This<br>
>>>>> is<br>
>>>>> where i disagree with the semantic web folks.<br>
>>>>><br>
>>>><br>
>>>> Here I am not sure where you disagree with semantic web folk. What are<br>
>>>> descriptors?<br>
>>>><br>
</div></div>>>>> In the above " <<a href="http://example.com/john#me" target="_blank">http://example.com/john#me</a>><a href="http://example.com/john#me" target="_blank">http://example.com/john#me</a>"<br>
<div><div></div><div class="h5">>>>> is a URI that identifies < <<a href="http://example.com/john#me" target="_blank">http://example.com/john#me</a>><br>
>>>> <a href="http://example.com/john#me" target="_blank">http://example.com/john#me</a>>, ie John. Dereferencing<br>
>>>> "<<a href="http://example.com/john#me" target="_blank">http://example.com/john#me</a>><br>
>>>> <a href="http://example.com/john#me" target="_blank">http://example.com/john#me</a>"<br>
>>>> with HTTP, results in a representation of the document<br>
>>>> <<<a href="http://example.com/john" target="_blank">http://example.com/john</a>><br>
>>>> <a href="http://example.com/john" target="_blank">http://example.com/john</a>> being returned, which indeed describes John.<br>
>>>><br>
>>>> Ah ok! I get it. You are thinking that the OpenId document should<br>
>>>> contain<br>
>>>> the description about the person! Yes, why not that could be done in<br>
>>>> RDFa,<br>
>>>> for example.<br>
>>>><br>
>>>> A couple of years ago, as RDFa was not yet finalised I showed how you<br>
>>>> could use the link relation in the OpenId page to point to an rdf/xml<br>
>>>> foaf<br>
>>>> file, and then put information there about the user:<br>
>>>><br>
>>>> <<a href="http://blogs.sun.com/bblfish/entry/foaf_openid" target="_blank">http://blogs.sun.com/bblfish/entry/foaf_openid</a>><br>
>>>> <a href="http://blogs.sun.com/bblfish/entry/foaf_openid" target="_blank">http://blogs.sun.com/bblfish/entry/foaf_openid</a><br>
>>>><br>
>>>> Then we come to the final question. Do we dump the idea of OpenID's<br>
>>>>> resolving to the document page? And make it mandatory for OpenID's to<br>
>>>>> resolve to the descriptors? Or we need a descriptor format that is<br>
>>>>> compatible and can be merged in to the html? Or we solve the problem<br>
>>>>> with<br>
>>>>> content negotiation?<br>
>>>>><br>
>>>><br>
>>>> So I think you can have the OpenId refer to the descriptor, as you say.<br>
>>>> With RDFa that can work well. It should not be any problem either for<br>
>>>> the<br>
>>>> OpenId page to return an RDF/XML representation too...<br>
>>>><br>
>>>> Now I think once you have that, then the final problem that Attribute<br>
>>>> Exchange architects will find to critique to this set up, and quite<br>
>>>> correctly I would like to add, is that the information about the user<br>
>>>> seems<br>
>>>> to be completely public.<br>
>>>><br>
>>>> But content negotiation can help here too. Essentially all one would<br>
>>>> need<br>
>>>> to do is to enhance the OpenId resource - the Identifier Resource - to<br>
>>>> return different rdf enhanced representations, depending on who connects<br>
>>>> to<br>
>>>> the page. Imagine for example that FaceBook made my OpenId be<br>
>>>> <<<a href="http://facebook.com/bblfish" target="_blank">http://facebook.com/bblfish</a>><br>
>>>> <a href="http://facebook.com/bblfish" target="_blank">http://facebook.com/bblfish</a>>. Then when you look at my page all you will<br>
>>>> see is just my name and my friends. But if you are logged in and a<br>
>>>> friend of<br>
>>>> mine you will see a lot more about me: my address, my latest posts, my<br>
>>>> latest music habits, etc, etc...<br>
>>>><br>
>>>> Now all that we need to do, is do the same as Facebook, but in a<br>
>>>> distributed fashion. So that means that when the Relying Party - the<br>
>>>> service<br>
>>>> that wants to verify my identity, and get some attributes - connects to<br>
>>>> my<br>
>>>> page, it has to simultaneously identify itself, so that this enhanced<br>
>>>> <<<a href="http://facebook.com/bblfish" target="_blank">http://facebook.com/bblfish</a>><br>
>>>> <a href="http://facebook.com/bblfish" target="_blank">http://facebook.com/bblfish</a>> resource can return it a bit more<br>
>>>> information - perhaps not as much information as it returns for good<br>
>>>> friends<br>
>>>> of mine, but the type of information that I am willing to return to<br>
>>>> services<br>
>>>> like photo printing services. Ok, for the sake of making this example<br>
>>>> more<br>
>>>> real, let us imagine the Relying Party is a photo printing service.<br>
>>>><br>
>>>> So the question is how does this enhanced Facebook, identify the<br>
</div></div>>>>> <<a href="http://photo.com" target="_blank">http://photo.com</a>><a href="http://photo.com" target="_blank">photo.com</a> service so that it can return it the correct<br>
>>>> subgraph of information. Well clearly <<a href="http://photo.com" target="_blank">http://photo.com</a>><a href="http://photo.com" target="_blank">photo.com</a> has to<br>
>>>> log into <<a href="http://facebook.com" target="_blank">http://facebook.com</a>><a href="http://facebook.com" target="_blank">facebook.com</a>, ie, <<a href="http://photo.com" target="_blank">http://photo.com</a>><br>
<div class="im">>>>> <a href="http://photo.com" target="_blank">photo.com</a> has to have it's own OpenId. This could be done by simply<br>
>>>> having a pointer in the Identifier page, < <<a href="http://facebook.com/bblfish" target="_blank">http://facebook.com/bblfish</a>><br>
>>>> <a href="http://facebook.com/bblfish" target="_blank">http://facebook.com/bblfish</a>> to an OpenId login point. That type of<br>
>>>> relation would be easy to create.<br>
>>>><br>
>>>> The problem is that the above will then require the Relying party to<br>
>>>> 1. fetch the openid page<br>
>>>> 2. search for that OpenId login page<br>
>>>> 3. login using openid<br>
>>>> 4. refetch the OpenId page, to get the new more complete representation<br>
>>>><br>
>>>> This can be done, but this is where foaf+ssl shines: because it can do<br>
>>>> all of the above in 1 connection. Ie. the same connection the requests<br>
>>>> the<br>
>>>> page, can be the connection that does the identifying.<br>
>>>><br>
>>>> Well it should do. This is what I was looking at recently when I<br>
>>>> proposed<br>
>>>> to look at how to build a photo printing service using foaf+ssl.<br>
>>>><br>
>>>> <<a href="http://blogs.sun.com/bblfish/entry/sketch_of_a_restful_photo" target="_blank">http://blogs.sun.com/bblfish/entry/sketch_of_a_restful_photo</a>><br>
>>>> <a href="http://blogs.sun.com/bblfish/entry/sketch_of_a_restful_photo" target="_blank">http://blogs.sun.com/bblfish/entry/sketch_of_a_restful_photo</a><br>
>>>><br>
>>>> This requires some more thinking about. But I think it does provide a<br>
>>>> beginning of an answer for how one can have attribute exchange be<br>
>>>> RESTful.<br>
>>>><br>
>>>> Henry Story<br>
>>>><br>
>>>><br>
>>>><br>
>>>>> --<br>
</div>>>>>> <<a href="http://hi.im/santosh" target="_blank">http://hi.im/santosh</a>><a href="http://hi.im/santosh" target="_blank">http://hi.im/santosh</a><br>
>>>>> _______________________________________________<br>
>>>>> general mailing list<br>
>>>>> <<a href="mailto:general@lists.openid.net">general@lists.openid.net</a>><a href="mailto:general@lists.openid.net">general@lists.openid.net</a><br>
<div class="im">>>>>> <<a href="http://lists.openid.net/mailman/listinfo/openid-general" target="_blank">http://lists.openid.net/mailman/listinfo/openid-general</a>><br>
>>>>> <a href="http://lists.openid.net/mailman/listinfo/openid-general" target="_blank">http://lists.openid.net/mailman/listinfo/openid-general</a><br>
>>>>><br>
>>>><br>
>>>> _______________________________________________<br>
>>>> foaf-protocols mailing list<br>
>>>> <<a href="mailto:foaf-protocols@lists.foaf-project.org">foaf-protocols@lists.foaf-project.org</a>><br>
>>>> <a href="mailto:foaf-protocols@lists.foaf-project.org">foaf-protocols@lists.foaf-project.org</a><br>
>>>> <<a href="http://lists.foaf-project.org/mailman/listinfo/foaf-protocols" target="_blank">http://lists.foaf-project.org/mailman/listinfo/foaf-protocols</a>><br>
>>>> <a href="http://lists.foaf-project.org/mailman/listinfo/foaf-protocols" target="_blank">http://lists.foaf-project.org/mailman/listinfo/foaf-protocols</a><br>
>>>><br>
>>><br>
>><br>
>><br>
>> --<br>
>> <<a href="http://hi.im/santosh" target="_blank">http://hi.im/santosh</a>><a href="http://hi.im/santosh" target="_blank">http://hi.im/santosh</a><br>
>><br>
>><br>
>><br>
><br>
><br>
</div>> --<br>
> <a href="http://hi.im/santosh" target="_blank">http://hi.im/santosh</a><br>
><br>
<font color="#888888"><br>
--<br>
Sent from my mobile device<br>
</font></blockquote></div><br><br clear="all"><br>-- <br><a href="http://hi.im/santosh">http://hi.im/santosh</a><br><br><br>
</div>