Fwd: Whiteboard
12 views
Skip to first unread message
Melvin Carvalho
Nov 1, 2012, 11:12:27 AM11/1/12
to unhosted
Some of you may be interested in this whiteboard that was made by tim berners lee while he spent most of the first 2 days with us at TPAC
There is a particular focus on a clean modular design for the web.
You'll see that storage is separated from apps (which I think is one of the main unhosted motivations)
But furthermore, the read write web is modular as is the various auth systems.
One valuable point that came out is the difference between auth and identification, which people often couple together. The basic difference is that someone identity is a string you can use to refer to them. How you do auth (or indeed even IF you do auth) is a whole other problem. But it's that much easier to solve auth once you have solved the first part.
My great hope is that tim's vision of the web and unhosted's will at some point be aligned.
Hopefully some food for thought! :)
There is a particular focus on a clean modular design for the web.
You'll see that storage is separated from apps (which I think is one of the main unhosted motivations)
But furthermore, the read write web is modular as is the various auth systems.
One valuable point that came out is the difference between auth and identification, which people often couple together. The basic difference is that someone identity is a string you can use to refer to them. How you do auth (or indeed even IF you do auth) is a whole other problem. But it's that much easier to solve auth once you have solved the first part.
My great hope is that tim's vision of the web and unhosted's will at some point be aligned.
Hopefully some food for thought! :)
---------- Forwarded message ----------
From: Tim Berners-Lee <ti...@w3.org>
Date: 30 October 2012 10:00
Subject: Whiteboard
To: "public...@w3.org" <public...@w3.org>
Sent from my portable device.
From: Tim Berners-Lee <ti...@w3.org>
Date: 30 October 2012 10:00
Subject: Whiteboard
To: "public...@w3.org" <public...@w3.org>
Sent from my portable device.
Tony Garnock-Jones
Nov 1, 2012, 2:34:47 PM11/1/12
to unho...@googlegroups.com, Melvin Carvalho
On 11/01/2012 11:12 AM, Melvin Carvalho wrote:
> One valuable point that came out is the difference between auth and
> identification, which people often couple together. The basic
> difference is that someone identity is a string you can use to refer to
> them. How you do auth (or indeed even IF you do auth) is a whole other
> problem. But it's that much easier to solve auth once you have solved
> the first part.
This is why people take pains to distinguish between authentication and
> One valuable point that came out is the difference between auth and
> identification, which people often couple together. The basic
> difference is that someone identity is a string you can use to refer to
> them. How you do auth (or indeed even IF you do auth) is a whole other
> problem. But it's that much easier to solve auth once you have solved
> the first part.
authorization. Authentication is checking someone's identity.
Authorization is deciding what a particular principal is or is not
permitted to do or see. Unfortunately, both words start with "auth" :-/
Regards,
Tony
Melvin Carvalho
Nov 2, 2012, 6:42:26 AM11/2/12
to Tony Garnock-Jones, unho...@googlegroups.com
Yes absolutely correct.
Some people use the terms authn and authz (e.g. in apache)
But do note that there's a third part which is 'plain old' identification.
Regards,
Tony
Reply all
Reply to author
Forward
0 new messages