Re: [xdi] Re: Quick review requested: short paper on XDI and privacy

[Michael Schwartz <mike@gluu.org>]

Drummond,

You state the question was :

"to submit a very short paper (<2 pages) describing how XDI and 
specifically XDI link contracts could be relevant to Internet privacy."

I think you don't make the point you are setting out to make... you don't 
sufficiently explain link contracts or XDI. You need to make a more 
compelling explanation of both in simple terms. If you want to set the 
context with a one liner about RDF, great. But your assumption that 
everyone appreciates that connection is probably flawed.

PDS technology, VRM, and Trust Frameworks are technology neutral. You 
spend a lot of your two pages on that, and I think you are avoiding the 
real question. What is XDI, what are link contracts, and why does this 
technology help address privacy? A concrete example and maybe even a 
diagram would help your case also.

- Mike



--------------------------------------------------------------------------------------

Michael Schwartz
Gluu
Founder, CEO
mike@gluu.org
https://www.gluu.org
+1 646-810-8761



On Tue, 9 Nov 2010, Drummond Reed wrote:

> [Sorry, accidentally hit the send button. See the response to Mary in this
> completed version, inline below.]
>
> On Tue, Nov 9, 2010 at 12:08 PM, Drummond Reed <drummond.reed@xdi.org>wrote:
>
>> [NOTE: For some unknown reason, email from this list is bouncing on my
>> XDI.org email address. I am checking into this, but in the meantime, please
>> cc my Cordance email address -- drummond.reed at the domain cordance.net-- on any replies. In this email I'll reply to Mike's and Mary's emails,
>> quoted below.]
>>
>> 1) MIKE'S EMAIL
>>
>> ***** QUOTE ******
>>
>> Drummond,
>>
>> Quick feedback....
>>
>> I know I sound like a broken record on this point, but I feel the opening
>> paragraph's emphasis on RDF graphs minimalizes the importance of XDI. It
>>
>> makes XDI/XRI sound like an insignificant subset of an arcane, unknown
>> technology. Also, I think the opening sentence and paragraph should be
>> more thought provoking.
>>
>> The common theme among people I talk to is that they don't understand what
>>
>> XDI is good for. We need to state our case in a way that a normal person
>> can understand the value proposition.
>>
>> How about something like this:
>>
>> The Internet is broken. While DNS solves the issue of an Internet scale
>>
>> infrastructure for distributed host name resolution, no such
>> infrastructure exists with regard to naming objects, for example people,
>> groups or organziations. Without an Internet scale, federated naming
>> infrastructure, all attempts to make global security policies are in vein.
>>
>> If you want to make a rule to protect a resource, and you can't name the
>> subject that has access to a resource, you simply cannot implement
>> technology to enforce the rule. XRI solves part of the problem: naming the
>>
>> resources. XDI solves the other portion: enabling a standard way for to
>> communicate with XRI endpoints to gather the requisite information.
>>
>> [I think we should go on to explain now that the data is addressable,
>>
>> where link contracts fit in...]
>>
>> I think mention of trust frameworks and VRM is a waste of valuable space
>> if I read the question correctly: describing how XDI and specifically XDI
>> link contracts could be relevant to Internet privacy. Obviously I'm aware
>>
>> of the critical importance of these components, I just don't think mention
>> of these addresses the question at hand.
>>
>> I would go more deeply into the mechanism of link contracts, and address
>> with a specific example how link contracts make possible what is
>>
>> impossible in LDAP : ACI's that address data in other LDAP servers.
>>
>> I would also give diagrams as page 3.
>>
>> If you use any of my blather, include me as an author. Otherwise I
>> wouldn't want to take credit for someone else's work :)
>>
>> thx,
>>
>> - Mike
>>
>> ********* ENDQUOTE ******
>>
>> Mike, you make some very good points. Unfortunately we have only 2 pages
>> (max), and we also need to address an audience that consists of many of the
>> people building on today's "broken Internet". The people I've talked to that
>> don't "get" the full picture of XDI do seem to understand the need for XDI
>> link contracts because of the gap they fill in other protocols (e.g., OAuth
>> and UMA), so for this particular audience I believe this is the most
>> effective message we can deliver so that they approach XDI with an open
>> mind. I also try to emphasize the synergy with RDF and not the differences
>> due to the stake I anticipate many in this audience has with RDF.
>>
>> Hope this helps.
>>
>> 2) MARY
>>
>> ******** QUOTE ********
>>
>> Hi Drummond,
>>
>>   In order for anything to be submitted on behalf of the TC it must go
>> through the Non-Standards Track process, which requires at minimum a 30-day
>> public review before it can be presented. The alternative is to submit the
>> paper as individuals/representatives of your companies rather than speaking
>> on behalf of the TC itself.
>>
>> Regards,
>>
>>     Mary P McRae
>>
>> ******** ENDQUOTE ********
>>
>
> Mary, I removed the reference to the TC in the authors line. It is now just
> from a group of individuals.
>
> Thanks,
>
> =Drummond
>
>
>>
>>
>> On Mon, Nov 8, 2010 at 6:25 PM, Drummond Reed <drummond.reed@xdi.org>wrote:
>>
>>> XDI TC Members,
>>>
>>> We have been asked by a member of the program committee for the Internet
>>> Privacy Workshop (http://www.iab.org/about/workshops/privacy/) to submit
>>> a very short paper (<2 pages) describing how XDI and specifically XDI link
>>> contracts could be relevant to Internet privacy. The workshop is
>>> co-organized by the following groups: Internet Architecture Board<http://www.iab.org/>(IAB), World
>>> Wide Web Consortium <http://www.w3.org/> (W3C), Internet Society<http://www.isoc.org/>(ISOC), and Massachusetts
>>> Institute of Technology <http://www.csail.mit.edu/> (MIT).
>>>
>>> Technically the paper was due a week ago (the workshop is Dec. 8 & 9) but
>>> I told them we couldn't do it until early this week due to Internet Identity
>>> Workshop being last week.
>>>
>>> I had time to discuss this topic with a few TC members at IIW and pulled
>>> their input together into the attached 2 pager. Several of them are willing
>>> to be co-authors on this (even though it's so short, I'm open to anyone on
>>> the TC being a co-author)
>>>
>>> Please look it over and, if possible, do 2 things:
>>>
>>> 1) Send me any feedback (keep in mind we must keep it under 2 pages, which
>>> it just barely is now, so you can only suggest replacing, not adding,
>>> content)
>>>
>>> 2) Let me know if you want to be included as an author, and if so, exactly
>>> how your name should appear (no affiliations - we'll all just be identified
>>> as members of the OASIS XDI TC)
>>>
>>> Thanks,
>>>
>>> =Drummond
>>>
>>
>>
>