Re: Quick review requested: short paper on XDI and privacy

[Drummond Reed <drummond.reed@xdi.org>]

[NOTE: For some unknown reason, email from this list is bouncing on my XDI.org email address. I am checking into this, but in the meantime, please cc my Cordance email address -- drummond.reed at the domain cordance.net -- on any replies. In this email I'll reply to Mike's and Mary's emails, quoted below.]

1) MIKE'S EMAIL

***** QUOTE ******

Drummond,

Quick feedback....

I know I sound like a broken record on this point, but I feel the opening 
paragraph's emphasis on RDF graphs minimalizes the importance of XDI. It 

makes XDI/XRI sound like an insignificant subset of an arcane, unknown 
technology. Also, I think the opening sentence and paragraph should be 
more thought provoking.

The common theme among people I talk to is that they don't understand what 

XDI is good for. We need to state our case in a way that a normal person 
can understand the value proposition.

How about something like this:

The Internet is broken. While DNS solves the issue of an Internet scale 

infrastructure for distributed host name resolution, no such 
infrastructure exists with regard to naming objects, for example people, 
groups or organziations. Without an Internet scale, federated naming 
infrastructure, all attempts to make global security policies are in vein. 

If you want to make a rule to protect a resource, and you can't name the 
subject that has access to a resource, you simply cannot implement 
technology to enforce the rule. XRI solves part of the problem: naming the 

resources. XDI solves the other portion: enabling a standard way for to 
communicate with XRI endpoints to gather the requisite information.

[I think we should go on to explain now that the data is addressable, 

where link contracts fit in...]

I think mention of trust frameworks and VRM is a waste of valuable space 
if I read the question correctly: describing how XDI and specifically XDI 
link contracts could be relevant to Internet privacy. Obviously I'm aware 

of the critical importance of these components, I just don't think mention 
of these addresses the question at hand.

I would go more deeply into the mechanism of link contracts, and address 
with a specific example how link contracts make possible what is 

impossible in LDAP : ACI's that address data in other LDAP servers.

I would also give diagrams as page 3.

If you use any of my blather, include me as an author. Otherwise I 
wouldn't want to take credit for someone else's work :)

thx,

- Mike
********* ENDQUOTE ******

Mike, you make some very good points. Unfortunately we have only 2 pages (max), and we also need to address an audience that consists of many of the people building on today's "broken Internet". The people I've talked to that don't "get" the full picture of XDI do seem to understand the need for XDI link contracts because of the gap they fill in other protocols (e.g., OAuth and UMA), so for this particular audience I believe this is the most effective message we can deliver so that they approach XDI with an open mind. I also try to emphasize the synergy with RDF and not the differences due to the stake I anticipate many in this audience has with RDF.

Hope this helps.

2) MARY

******** QUOTE ********

Hi Drummond,

  In order for anything to be submitted on behalf of the TC it must go through the Non-Standards Track process, which requires at minimum a 30-day public review before it can be presented. The alternative is to submit the paper as individuals/representatives of your companies rather than speaking on behalf of the TC itself.

Regards, 

Mary P McRae

******** ENDQUOTE

On Mon, Nov 8, 2010 at 6:25 PM, Drummond Reed <drummond.reed@xdi.org> wrote:

XDI TC Members,

We have been asked by a member of the program committee for the Internet Privacy Workshop (http://www.iab.org/about/workshops/privacy/) to submit a very short paper (<2 pages) describing how XDI and specifically XDI link contracts could be relevant to Internet privacy. The workshop is co-organized by the following groups: Internet Architecture Board (IAB), World Wide Web Consortium (W3C), Internet Society (ISOC), and Massachusetts Institute of Technology (MIT).

Technically the paper was due a week ago (the workshop is Dec. 8 & 9) but I told them we couldn't do it until early this week due to Internet Identity Workshop being last week.

I had time to discuss this topic with a few TC members at IIW and pulled their input together into the attached 2 pager. Several of them are willing to be co-authors on this (even though it's so short, I'm open to anyone on the TC being a co-author)

Please look it over and, if possible, do 2 things:

1) Send me any feedback (keep in mind we must keep it under 2 pages, which it just barely is now, so you can only suggest replacing, not adding, content)

2) Let me know if you want to be included as an author, and if so, exactly how your name should appear (no affiliations - we'll all just be identified as members of the OASIS XDI TC)

Thanks,

=Drummond