Re: [xdi] Quick review requested: short paper on XDI and privacy

[Michael Schwartz <mike@gluu.org>]

Drummond,

Quick feedback....

I know I sound like a broken record on this point, but I feel the opening 
paragraph's emphasis on RDF graphs minimalizes the importance of XDI. It 
makes XDI/XRI sound like an insignificant subset of an arcane, unknown 
technology. Also, I think the opening sentence and paragraph should be 
more thought provoking.

The common theme among people I talk to is that they don't understand what 
XDI is good for. We need to state our case in a way that a normal person 
can understand the value proposition.

How about something like this:

The Internet is broken. While DNS solves the issue of an Internet scale 
infrastructure for distributed host name resolution, no such 
infrastructure exists with regard to naming objects, for example people, 
groups or organziations. Without an Internet scale, federated naming 
infrastructure, all attempts to make global security policies are in vein. 
If you want to make a rule to protect a resource, and you can't name the 
subject that has access to a resource, you simply cannot implement 
technology to enforce the rule. XRI solves part of the problem: naming the 
resources. XDI solves the other portion: enabling a standard way for to 
communicate with XRI endpoints to gather the requisite information.

[I think we should go on to explain now that the data is addressable, 
where link contracts fit in...]

I think mention of trust frameworks and VRM is a waste of valuable space 
if I read the question correctly: describing how XDI and specifically XDI 
link contracts could be relevant to Internet privacy. Obviously I'm aware 
of the critical importance of these components, I just don't think mention 
of these addresses the question at hand.

I would go more deeply into the mechanism of link contracts, and address 
with a specific example how link contracts make possible what is 
impossible in LDAP : ACI's that address data in other LDAP servers.

I would also give diagrams as page 3.

If you use any of my blather, include me as an author. Otherwise I 
wouldn't want to take credit for someone else's work :)

thx,

- Mike




--------------------------------------------------------------------------------------

Michael Schwartz
Gluu
Founder, CEO
mike@gluu.org
https://www.gluu.org
+1 646-810-8761



On Mon, 8 Nov 2010, Drummond Reed wrote:

> XDI TC Members,
>
> We have been asked by a member of the program committee for the Internet
> Privacy Workshop (http://www.iab.org/about/workshops/privacy/) to submit a
> very short paper (<2 pages) describing how XDI and specifically XDI link
> contracts could be relevant to Internet privacy. The workshop is
> co-organized by the following groups: Internet Architecture
> Board<http://www.iab.org/>(IAB), World
> Wide Web Consortium <http://www.w3.org/> (W3C), Internet
> Society<http://www.isoc.org/>(ISOC), and Massachusetts
> Institute of Technology <http://www.csail.mit.edu/> (MIT).
>
> Technically the paper was due a week ago (the workshop is Dec. 8 & 9) but I
> told them we couldn't do it until early this week due to Internet Identity
> Workshop being last week.
>
> I had time to discuss this topic with a few TC members at IIW and pulled
> their input together into the attached 2 pager. Several of them are willing
> to be co-authors on this (even though it's so short, I'm open to anyone on
> the TC being a co-author)
>
> Please look it over and, if possible, do 2 things:
>
> 1) Send me any feedback (keep in mind we must keep it under 2 pages, which
> it just barely is now, so you can only suggest replacing, not adding,
> content)
>
> 2) Let me know if you want to be included as an author, and if so, exactly
> how your name should appear (no affiliations - we'll all just be identified
> as members of the OASIS XDI TC)
>
> Thanks,
>
> =Drummond
>