xdi message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Draft minutes for review: XDI TC Telecon Thursday 1-2PM PT2010-07-08
- From: "Barnhill, William [USA]" <barnhill_william@bah.com>
- To: Drummond Reed <drummond.reed@xdi.org>, OASIS - XDI TC<xdi@lists.oasis-open.org>
- Date: Thu, 8 Jul 2010 17:48:36 -0400
Draft
minutes for review of XDI
teleconference on July 8th, 2010
Attending:
Bill Barnhill
Kaliya Hamlin
Joseph Boyle
Markus Sabadello
John Bradley
1) LINK
CONTRACTS
First, Markus raised the
following questions on the list several weeks ago:
- If link contracts are
enabled at an XDI endpoint and no link contracts exists, what is the "default"
behavior? Allow nothing? Allow only $get?
- Can an XDI endpoint have
a special notion of the XDI endpoint "belonging" to a user?
- Is yes, does that user
automatically have "full rights" to the XDI endpoint outside of normal link
contract evaluation?
- As an alternative to
signing XDI messages with a key, can an XDI message contain a user's password
for authentication?
Second, Markus posed
another excellent set of questions last week around link contract
processing:
We need to discuss these
as well.
Bill: Joe asked a
question about default links contracts, if you have a link contract that has
trivial contract
Bill: with Joe
concurring, default should be deny all
Markus: We need to
specify syntax for such a deny all then. Markus agreed
Kaliya:
private. You could also create norm for reporting who is requesting
access.
Bill: So everyone
on call agreed.
Bill: That maps to
the XDI services model I've been using, async services:
You make a request
by pushing into the providers graph a XRI pointing to the request in the
Initiator's graph. That request sub-graph specifies where the result is pushed
to by the service provider. Acronym: Asynchronous XDI Services
(Axis).
joseph : Friend
request would be an XDI object
Bill: On second
question, my take has always been that the data authority is 'the owner' of the
XDI endpoint
Markus: So every
i-name owns the XDI endpoint under it. I think the XDI endpoint should know who
'owns' it and there could be an XDI endpoint though that doesn't, say an LDAP
endpoint
Bill: Wouldn't it
only be a matter of time before privacy act/ personally identifiable information
gets in there?
Joesph: Though
individual items would have link contracts as well
Bill: Aren't link
contracts between two data owners?
Joseph: I see how
that makes sense, but not clear to me whether that should be recorded in XDI or
expressed in some other way. Also, we're talking about ownership we're not
talking about what ownership means.
Bill: ?Mesh of
data, each individual owns data on their server and accessible
Joseph: Yes, thats
the default case. But I think there has to be a use case where your data has to
be on another persons server. Question is whether they can see that data, or
whether its encrypted.
Bill:
Joseph: I think we
have to keep this open as an issue, we should try to investigate it. It might
turn out to be not possible, but we should investigate.
Bill: Markus,
thoughts on last question?
Markus: I think we
discussed that on email. Your email on authentication
Bill: Yes, thats
right. I suggested we use something like SASL so we can support Kerberos,
etc.
Joseph: When we
get into security and privacy there's a huge # of methods.
Markus: I think of
it as HTTP posts
Joseph: Discussion
of synchronous vs asynchronous?
Bill: Believe
async, or should support both
John Bradley:
Given XDI stores can be distributed, theres a huge advantage to being
asynchronous.
Bill: The way I
would see it is
requestor
Joseph: I agree
that async might be a good thing to support, but proposal from Bill is not only
way to do async. So to sum up : yes it is important, and no we haven;t tackled
it yet, but is something we need to discuss. Edit: Reframing, let's decide
whether XDI is synchronous or asynchronous?
john: So the
question is do we have a description language that is separate from the query
protocol?
joseph: So the
query language is still XDI itself, but how do you relate queries together? I
think the default is that it would be in the code (i.e. up to the implementer),
not specified by XDI standard.
John: Also need to
consider whether you want to have atomic transactions?
Bill: Also what
level of ACID do we want to ensure we support?
Joseph: My opinion
is that this is going to be in the XDI query language not something
external.
Bill: Is XDI
Messaging protocol and XDI query language same thing or names for the same
thing.
Markus: My
implementation uses queries and messaging, two separate, using the query
mechanism come up by Giovanni. Query language can be a part of XDI messaging. He
also thinks of it as not just a query but as a constraint language. You can use
it for two things, queries or as policy enforcement
Bill: Markus' XDI
messaging I think came out of the HTTP GET model, whereas Giovanni's came out of
SPARQL I believe. His constraints are similar to a SPARQL ASK query, which
returns a boolean true or false, so you could express a policy as an ASK query
and if the query returned true when evaluated against an aggregate model of
requestor, request, and environment then the request is in compliance with the
policy. The query language I'm working on is more based on mapping
operators in SPARQL-DL to $ operators and addiing XDI predicates as extended
user defined SPARQL-DL like operators.
Joseph: Need a
better terminology and a better explanation of what the distinction is, and
possibly a merging.
Joseph: Messaging
sounds like it conveys async more.
2) PDX EXAMPLE APPS WIKI
PAGE
This page was posted at
Joe Johnston’s request:
We’ll talk about what we
plan to do with it.
3) QUESTIONS AROUND $IS
SEMANTICS
We did not close week
before last week on whether we need an additional $word that is the equivalent
of Higgins Personal Data Model (PDM) semantics of h:correlation, which is not as
strong as $is.
4) COMPATABILITY WITH COOL
URIS
Continue previous
discussion about the use of standard RDF URIs in XDI:
5) XDI ACCESS CONTROL
QUESTIONS
Markus sent a proposal for
how OAuth access tokens could be used with XDI:
Review and see how TC
members feel about this approach.
6) PDX EXAMPLE
DOCUMENT
Continue reviewing the
list of questions about
These
included:
-$is
-relationship btw PDX and
FOAF
-associativity
-"complex
predicate"
-usage of "relative" ref
e.g. (/+postal+address)
-"how much" goes in the
subject and "how much" in the predicate...
-$ as a
suffix
7) XDI JSON
SCHEMA
Check to see if Markus or
others have reviewed Bill’s schema:
Review and discuss next
steps.
Update: Currently fixing a
couple bugs so that the schema validates against the JSON meta-schema. I've also
written a node.js X3J validation service that I'll be committing to github,
which is what I am using to validate PDX X3J example.
The
models:
XDI Data model as a
set of XRIs, each of which may be an XRI wrapped URI
XDI Data model as a
graph vertices and edges
[Markus] XDI Data
model as a collection of subjects,
each one of which has a collection of predicates, each one of which has either a
literal, or inner graph, or collection of references
8) NEW
BUSINESS
XDI Camp - Bill is
pursuing funding to go, Drummond is definitely going, who else is going or may
be going?
9) NEXT CALL
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]