Thanks for the hint Peter. I need to study this in more detail. Looks promising.<br><br><div class="gmail_quote">On Fri, Nov 20, 2009 at 8:46 AM, Peter Williams <span dir="ltr"><<a href="mailto:home_pw@msn.com">home_pw@msn.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div bgcolor="#FFFFFF"><div>The only thing I see as viable alternative to rdfa would be some hatom microformat.</div><div>
<br></div><div>If the major content mgy systems such as drupal become rdfa capable, the complexity of the rdf triple model becomes a non issue.</div><div><br></div><div>Using the triple model for the data model also aligns with the xri/Xdi Model - which is a custom rdf vocabulary tuned to fine grained access controls and data contracts. ( just like tagset allow one to use XML to define markups providing custom languages, so one can define rdf vocabs - that let custom graph meta-structures similarly characterise custom data meshes (ie security models with specific lattices for authorization or obligation structures, ...).</div>
<div><div></div><div class="h5"><div><br></div><div><br><div><br></div></div><div><br>On Nov 19, 2009, at 6:29 PM, Santosh Rajan <<a href="mailto:santrajan@gmail.com" target="_blank">santrajan@gmail.com</a>> wrote:<br>
<br></div><div></div><blockquote type="cite"><div>Yes indeed Peter. More than anything, it has cleared my confused head (as you can make out from my original post).<div><br></div><div>We need to seriously look at RDF + RDFa. Or may be something analogous to it.</div>
<div>
<br></div><div>I am beginning to believe cows will lay eggs too :-)</div><div><br><div class="gmail_quote">On Fri, Nov 20, 2009 at 7:39 AM, Peter Williams <span dir="ltr"><<a href="mailto:home_pw@msn.com" target="_blank"></a><a href="mailto:home_pw@msn.com" target="_blank">home_pw@msn.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I have to say santosh, I find the story that henry tells to be very compelling.<br>
<br>
It didn't quite work last year. But now with rdfa expressing the triples in html files and with foaf+ssl enabling a (photo) server to retrieve access controlled subgraphs of data attributes the sheer parsimony of required identity concepts and the sheer consistency of just a few axioms in the underlying identity logic makes it all quite impressive. The subject identifier model in the I&a space has merged with the object identifer model in the data world<div>
<div></div><div><br>
<br>
<br>
On Nov 19, 2009, at 5:04 PM, Story Henry <<a href="mailto:henry.story@bblfish.net" target="_blank"></a><a href="mailto:henry.story@bblfish.net" target="_blank">henry.story@bblfish.net</a>> wrote:<br>
<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div></div><div>
Hi Santosh,<br>
<br>
After commenting on your mail below, I realised that my latest blog post would be of interest to you "<a href="http://openid4.me/" target="_blank"></a><a href="http://openid4.me/" target="_blank">http://openid4.me/</a> -- OpenId ♥ foaf+ssl" .<br>
<br>
But there is more to my answer below than that...<br>
<br>
On 19 Nov 2009, at 15:54, Santosh Rajan wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
This is something that has me stumped. I am sure this subject has been<br>
discussed in various forms before. But i think we need to clarify this, now<br>
that we are talking about openid v.next.<br>
Let us start with the semantic web folks.<br>
</blockquote>
<br>
I am really pleased that you are bringing up the semantic web here. You have things mostly right. They are in fact a bit simpler that what you make them below.<br>
<br>
let us first define two prefixes using the N3 notation<br>
<br>
@prefix foaf: <<a href="http://xmlns.com/foaf/0.1/" target="_blank"></a><a href="http://xmlns.com/foaf/0.1/" target="_blank">http://xmlns.com/foaf/0.1/</a>> .<br>
@prefix : <<a href="http://example.com/john#" target="_blank"></a><a href="http://example.com/john#" target="_blank">http://example.com/john#</a>> .<br>
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
According to them the answer is no<br>
(if i have understood them correctly)! eg. if John's OpenID was<br>
<a href="http://example.com/john" target="_blank"></a><a href="http://example.com/john" target="_blank">http://example.com/john</a>, then according to the semantic web folks<br>
1) <a href="http://example.com/john#me" target="_blank"></a><a href="http://example.com/john#me" target="_blank">http://example.com/john#me</a> is John's OpenID<br>
</blockquote>
<br>
It is simpler that that: the openid is simply <<a href="http://example.com/" target="_blank"></a><a href="http://example.com/" target="_blank">http://example.com/</a>john><br>
OpenIds are indirect identifiers for people. They identify a resource that is a document. This resource has a unique agent, whose OpenId it is.<br>
<br>
:me foaf:openid <<a href="http://example.com/john" target="_blank"></a><a href="http://example.com/john" target="_blank">http://example.com/john</a>><br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
2) <a href="http://example.com/john#home" target="_blank"></a><a href="http://example.com/john#home" target="_blank">http://example.com/john#home</a> is John's homepage<br>
</blockquote>
<br>
A homepage is a document. There is no need to use the hash indirection to identify the document. In the case you are describing the OpenId is the same as the homepage. So:<br>
<br>
:me foaf:homepage <<a href="http://example.com/john" target="_blank"></a><a href="http://example.com/john" target="_blank">http://example.com/john</a>> .<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
3) <a href="http://example.com/john#RDF" target="_blank"></a><a href="http://example.com/john#RDF" target="_blank">http://example.com/john#RDF</a> is John's resource descriptor. (I am using<br>
RDF, or Atom if you may) instead of XRD because I am pissed off by XRD).<br>
</blockquote>
<br>
yes, but to be consistent with the above let us make that<br>
<br>
<<a href="http://example.com/john#me" target="_blank"></a><a href="http://example.com/john#me" target="_blank">http://example.com/john#me</a>> a foaf:Person .<br>
<br>
The above are minor but important details to get right. :-)<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Also they have another solution called content negotiation, (but it does not<br>
matter as far as this discussion is concerned).<br>
<br>
Next is OpenID 1.0. According to which John's OpenID resolves to his html<br>
homepage, which will contain his resource descriptor information.<br>
<br>
Then we have directed identity, which resolves to nothing really, other that<br>
some "BIG EGOS". This should be dumped, and we should assuage the big ego's<br>
with an acct: URI. Which is actually fair.<br>
</blockquote>
<br>
I have not followed the discussion on directed identity. Can you fill me in?<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Then we come to the final problem of OpenID's and acct: URI's. Both should<br>
resolve to something, and the same thing. The resource descriptor.<br>
<br>
Now I firmly believe that identifiers should resolve to their descriptor's.<br>
It is only fair that identifiers resolve to something meaningful. This is<br>
where i disagree with the semantic web folks.<br>
</blockquote>
<br>
Here I am not sure where you disagree with semantic web folk. What are descriptors?<br>
<br>
In the above "<a href="http://example.com/john#me" target="_blank"></a><a href="http://example.com/john#me" target="_blank">http://example.com/john#me</a>" is a URI that identifies <<a href="http://example.com/john#me" target="_blank"></a><a href="http://example.com/john#me" target="_blank">http://example.com/john#me</a>>, ie John. Dereferencing "<a href="http://example.com/john#me" target="_blank"></a><a href="http://example.com/john#me" target="_blank">http://example.com/john#me</a>"<br>
with HTTP, results in a representation of the document <<a href="http://example.com/john" target="_blank"></a><a href="http://example.com/john" target="_blank">http://example.com/john</a>> being returned, which indeed describes John.<br>
<br>
Ah ok! I get it. You are thinking that the OpenId document should contain the description about the person! Yes, why not that could be done in RDFa, for example.<br>
<br>
A couple of years ago, as RDFa was not yet finalised I showed how you could use the link relation in the OpenId page to point to an rdf/xml foaf file, and then put information there about the user:<br>
<br>
<a href="http://blogs.sun.com/bblfish/entry/foaf_openid" target="_blank"></a><a href="http://blogs.sun.com/bblfish/entry/foaf_openid" target="_blank">http://blogs.sun.com/bblfish/entry/foaf_openid</a><br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Then we come to the final question. Do we dump the idea of OpenID's<br>
resolving to the document page? And make it mandatory for OpenID's to<br>
resolve to the descriptors? Or we need a descriptor format that is<br>
compatible and can be merged in to the html? Or we solve the problem with<br>
content negotiation?<br>
</blockquote>
<br>
So I think you can have the OpenId refer to the descriptor, as you say. With RDFa that can work well. It should not be any problem either for the OpenId page to return an RDF/XML representation too...<br>
<br>
Now I think once you have that, then the final problem that Attribute Exchange architects will find to critique to this set up, and quite correctly I would like to add, is that the information about the user seems to be completely public.<br>
<br>
But content negotiation can help here too. Essentially all one would need to do is to enhance the OpenId resource - the Identifier Resource - to return different rdf enhanced representations, depending on who connects to the page. Imagine for example that FaceBook made my OpenId be <<a href="http://facebook.com/bblfish" target="_blank"></a><a href="http://facebook.com/bblfish" target="_blank">http://facebook.com/bblfish</a>>. Then when you look at my page all you will see is just my name and my friends. But if you are logged in and a friend of mine you will see a lot more about me: my address, my latest posts, my latest music habits, etc, etc...<br>
<br>
Now all that we need to do, is do the same as Facebook, but in a distributed fashion. So that means that when the Relying Party - the service that wants to verify my identity, and get some attributes - connects to my page, it has to simultaneously identify itself, so that this enhanced <<a href="http://facebook.com/bblfish" target="_blank"></a><a href="http://facebook.com/bblfish" target="_blank">http://facebook.com/bblfish</a>> resource can return it a bit more information - perhaps not as much information as it returns for good friends of mine, but the type of information that I am willing to return to services like photo printing services. Ok, for the sake of making this example more real, let us imagine the Relying Party is a photo printing service.<br>
<br>
So the question is how does this enhanced Facebook, identify the <a href="http://photo.com" target="_blank"></a><a href="http://photo.com" target="_blank">photo.com</a> service so that it can return it the correct subgraph of information. Well clearly <a href="http://photo.com" target="_blank"></a><a href="http://photo.com" target="_blank">photo.com</a> has to log into <a href="http://facebook.com" target="_blank"></a><a href="http://facebook.com" target="_blank">facebook.com</a>, ie, <a href="http://photo.com" target="_blank"></a><a href="http://photo.com" target="_blank">photo.com</a> has to have it's own OpenId. This could be done by simply having a pointer in the Identifier page, <<a href="http://facebook.com/bblfish" target="_blank"></a><a href="http://facebook.com/bblfish" target="_blank">http://facebook.com/bblfish</a>> to an OpenId login point. That type of relation would be easy to create.<br>
<br>
The problem is that the above will then require the Relying party to<br>
1. fetch the openid page<br>
2. search for that OpenId login page<br>
3. login using openid<br>
4. refetch the OpenId page, to get the new more complete representation<br>
<br>
This can be done, but this is where foaf+ssl shines: because it can do all of the above in 1 connection. Ie. the same connection the requests the page, can be the connection that does the identifying.<br>
<br>
Well it should do. This is what I was looking at recently when I proposed to look at how to build a photo printing service using foaf+ssl.<br>
<br>
<a href="http://blogs.sun.com/bblfish/entry/sketch_of_a_restful_photo" target="_blank"></a><a href="http://blogs.sun.com/bblfish/entry/sketch_of_a_restful_photo" target="_blank">http://blogs.sun.com/bblfish/entry/sketch_of_a_restful_photo</a><br>
<br>
This requires some more thinking about. But I think it does provide a beginning of an answer for how one can have attribute exchange be RESTful.<br>
<br>
Henry Story<br>
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
-- <br>
<a href="http://hi.im/santosh" target="_blank"></a><a href="http://hi.im/santosh" target="_blank">http://hi.im/santosh</a><br>
_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@lists.openid.net" target="_blank"></a><a href="mailto:general@lists.openid.net" target="_blank">general@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-general" target="_blank"></a><a href="http://lists.openid.net/mailman/listinfo/openid-general" target="_blank">http://lists.openid.net/mailman/listinfo/openid-general</a><br>
</blockquote>
<br></div></div>
_______________________________________________<br>
foaf-protocols mailing list<br>
<a href="mailto:foaf-protocols@lists.foaf-project.org" target="_blank"></a><a href="mailto:foaf-protocols@lists.foaf-project.org" target="_blank">foaf-protocols@lists.foaf-project.org</a><br>
<a href="http://lists.foaf-project.org/mailman/listinfo/foaf-protocols" target="_blank"></a><a href="http://lists.foaf-project.org/mailman/listinfo/foaf-protocols" target="_blank">http://lists.foaf-project.org/mailman/listinfo/foaf-protocols</a><br>
</blockquote>
</blockquote></div><br><br clear="all"><br>-- <br><a href="http://hi.im/santosh" target="_blank"></a><a href="http://hi.im/santosh" target="_blank">http://hi.im/santosh</a><br><br><br>
</div>
</div></blockquote></div></div></div></blockquote></div><br><br clear="all"><br>-- <br><a href="http://hi.im/santosh">http://hi.im/santosh</a><br><br><br>