Reworking and shortening of the introduction. Moved some sections from Preconditions to Introduction. bblfish
authorHenry Story <henry.story@bblfish.net>
Tue, 06 Dec 2011 18:23:41 +0100
branchbblfish
changeset 227e63a5aeedc84
parent 226 fa3c8354db8b
child 228 fde7ac0ff5f5
Reworking and shortening of the introduction. Moved some sections from Preconditions to Introduction.
spec/index-respec.html
     1.1 --- a/spec/index-respec.html	Tue Dec 06 16:52:10 2011 +0100
     1.2 +++ b/spec/index-respec.html	Tue Dec 06 18:23:41 2011 +0100
     1.3 @@ -342,66 +342,17 @@
     1.4  <h1>Introduction</h1>
     1.5  
     1.6  <p>
     1.7 -The WebID specification is designed to help alleviate the difficultly that
     1.8 -remembering different logins, passwords and settings for websites has created.
     1.9 -It is also designed to provide a universal and extensible mechanism to express
    1.10 -public and private information about yourself. This section outlines the
    1.11 -motivation behind the specification and the relationship to other similar
    1.12 -specifications that are in active use today.
    1.13 -</p>
    1.14 -
    1.15 -<section class='informative'>
    1.16 -<h1>Motivation</h1>
    1.17 -
    1.18 -<p>
    1.19 -It is a fundamental to the architecture of the Web that anyone - be they an individual and organisation, be  able to participate in publishing resources and enableing services available to all.
    1.20 - This includes how one expresses their identity, public information and personal details to social networks, Web sites and services.
    1.21 -</p>
    1.22 -
    1.23 -<p>
    1.24 -Semantic Web vocabularies such as Friend-of-a-Friend (FOAF) permit distributed
    1.25 -hyperlinked social networks to exist. This vocabulary, along with other
    1.26 -vocabularies, allow one to add information and services protection to
    1.27 -distributed social networks.
    1.28 -</p>
    1.29 -
    1.30 -<p>
    1.31 -One major criticism of open networks is that they seem to have no way of
    1.32 -protecting the personal information distributed on the web or limiting
    1.33 -access to resources. Few people are willing to make all their personal
    1.34 -information public, many would like large pieces to be protected, making
    1.35 -it available only to a selected group of agents. Giving access to
    1.36 -information is very similar to giving access to services. There are many
    1.37 -occasions when people would like services to only be accessible to
    1.38 -members of a group, such as allowing only friends, family members,
    1.39 -colleagues to post an article, photo or comment on a blog. How does one do
    1.40 -this in a flexible way, without requiring a central point of
    1.41 -access control?
    1.42 -</p>
    1.43 -
    1.44 -<p>
    1.45 -Using a process made popular by OpenID, we show how one can tie a User
    1.46 -Agent to a URI by proving that one has write access to the URI.
    1.47 -WebID is an authentication protocol which uses X.509
    1.48 -certificates to associate a User Agent (Browser) to a Person identified
    1.49 -via a URI.
    1.50 -A WebID profile can also be used for OpenID, WebID provides a few additional
    1.51 -features such as trust management via digital signatures, and free-form
    1.52 -extensibility via RDF. By using the existing SSL certificate exchange
    1.53 -mechanism, WebID integrates smoothly with existing Web browsers, including
    1.54 -browsers on mobile devices. WebID also permits automated session login
    1.55 -in addition to interactive session login. Additionally, all data is encrypted
    1.56 -and guaranteed to only be received by the person or organization that was
    1.57 -intended to receive it.
    1.58 -</p>
    1.59 -
    1.60 +The WebID protocol enables secure, efficient and maximally user friendly authentication on the Web. 
    1.61 +It enables People using a Web Brower to authenticate onto any site by simply clicking on one of the certificates proposed to them by their browser. These certificates can be created by any Web Site for their users in one click.
    1.62 +The identity, known as the <tref>WebID</tref> is a URL pointing into a <tref>Profile Page</tref>, which any Social Network user is currently familiar with. These pointers into the Web then allow Web of trust based authorizations, where services can allow access to resource because of certain properties of an agent, such that the he is known by some relevant people.</p>
    1.63 +<p>WebID authentication can also be used for automatic authentication by robots, such as web crawlers of linked data repositories, which could be agents working on behalf of users to help them in their daily tasks. WebID is not limited to Web Authentication, but can work with any TLS based protocol.</p>
    1.64 +<section>
    1.65 +<h1>Outline</h1>
    1.66 +<p>This specification is divided in the following sections.</p>
    1.67 +<p><a href="#introduction">This section</a> gives a high level overview of the WebId Protocol, and presents the organisation of the specification and the conventions used throughout the document.</p>
    1.68 +<p><a href="#preconditions">Section 2</a> lists the preconditions that need to be in place for any authentication sequence to be successful: which include the creation of a <tref>WebID Profile</tref> and the creation of a <tref>WebID Certificate</tref></p>
    1.69 +<p><a href="#the-webid-protocol">Section 3</a> on the WebID Protocol describes in detail how a server can authenticate a user.</p>
    1.70  </section>
    1.71 -
    1.72 -</section>
    1.73 -
    1.74 -<section>
    1.75 -<h1>Preconditions</h1>
    1.76 -
    1.77  <section>
    1.78  <h1>Terminology</h1>
    1.79  <dl>
    1.80 @@ -414,8 +365,8 @@
    1.81  </dd>
    1.82  <dt><tdef>Subject</tdef></dt>
    1.83  <dd>The Subject is the Agent that is identified by the <tref>WebID</tref>.
    1.84 -When used correctly it is the Subject who wishes to authenticate to a <tref>Service</tref>.
    1.85 -When speaking of a particular agent, and in order to improve lisibility in this spec, we will name him <tref>Bob</tref>.
    1.86 +When used legally it is the Subject who wishes to authenticate to a <tref>Service</tref>.
    1.87 +We will name our princiap Subject <tref>Bob</tref> throughout the text, when this helps lisibility.
    1.88  The Subject is distinct from the <tref>Client</tref> which is used to connect to the <tref>Server</tref>.
    1.89  </dd>
    1.90  <dt><tdef>Client</tdef></dt>
    1.91 @@ -537,6 +488,10 @@
    1.92  
    1.93  <p>The ex: namespace is a URI that refers to Bob's profile, where Bob is an imaginary charcter well known in security circles.</p>
    1.94  </section>
    1.95 +</section>
    1.96 +
    1.97 +<section>
    1.98 +<h1>Preconditions</h1>
    1.99  
   1.100  
   1.101  <section class='normative'>