Looked into WebID lately? Maybe it’s time. The open standard for identity and login seems to be gaining more momentum following the spring W3C Workshop on Identity in the Browser. That’s when W3C WebID Incubator chair Henry Story presented a position case on the standard; that was followed up by the Berlin Social Web event that included an explanatory video of WebID that he created. Recently The Semantic Web Blog also has noticed some positive commentary in the Twittersphere about WebID’s progress, too.
It’s been a few years since Story hit upon the Subject Alternative Name field in x.509 certificates as an appropriate way to accommodate an owner’s WebID URL. (A URL to name things, says Story, webizes trust.) Since then work has been underway to ensure implementations work across browsers and web servers and different systems, and earlier this year the WebID Incubator Group was born to further advance the protocol. “The biggest part of the battle until now was just to get people to realize there is a way of solving these issues they’ve wanted to solve for a long time that was completely open, built into browsers, and could work,” says Story. “So now people are enthusiastic about the concept because it is so simple.”
The problem having been that, without the aid of the Semantic Web, using a client-side certificate will only work with one web site, making it not much more useful than relying on a user name and password at each one anyway. “So that gives a whole lot of hassle for nearly no value, until we discovered how when you merged this with the Semantic Web …you can use this technology people think of as centralized in a de-centralized way,” he says. “And suddenly it works because you use the web in a webbish way, and you distribute trust around the web.”
Trust can’t be objective and therefore it can’t be centralized: “The Russians trust in certain organizations, Americans in their own, businesses in something else,” Story says. “There is no global business of trust for everything.” Rather, it makes more sense to build a peer-to-peer distributed system of trust by tying it into the Web, and into the linked web of relationships among the people that ‘live’ there. So — in addition to a client’s certificate verifying that a WebID certificate sent to a web server upon a log-in attempt comes from a browser that has the private key associated with the public key published in it (more details here) — social network relationships exposed in Linked Data formats can be used to evaluate whether to authorize access to a protected resource.
Currently a lot of WebID implementations use the FOAF (Friend-of-a-Friend) ontology that describes people and their information on the web, and their relationships (i.e. foaf: knows). The WebID protocol doesn’t depend on FOAF, but in the social web it’s a very good ontology for describing relations between people, Story says. That said, as long as an XML format is transformable into Linked Data, it is a candidate, as well; GRIDDL is useful there, says Story, who notes that the goal for the standard is to be minimalistic about formats, so as to get the maximum number of people interested in WebID.
Why Try WebID?
There are a lot of little applications demoing WebID right now, Story says. And he is hoping for even bigger and better implementations – say, at the level of thousands or tens of thousands of users. It isn’t complicated to enable a site’s users with a WebID that would let them securely log into that site and others as well, he says. In particular, it makes sense for those web app providers out there already invested in Semantic Web technologies to get onboard, as they will immediately see advantages, Story thinks. (He himself is working on developing the Apache Clerezza semantic data management system that implements WebID.)
Social-mining services such as Tbeak (The Tagging Break) have come up on Twitter in discussions of WebID-enablement, for example. Tbeak is described as connecting users to their Twitter accounts, analyzing their messages to extract knowledge from them, and recommending people from their community who are the most relevant to their current information need. “Anybody like this, and especially anyone in the Semantic Web space like Tbeak, should immediately see advantages,” says Story. And anyone with a bit of Linked Data experience – which Tbeak seems to have – will have the know-how to get going very quickly, he adds. “They can use the Semantic Web tools they have been building to be able to build services that are a lot more interesting,” by reaching beyond the Twitter environs to an open social network.
Story sees opportunity in those connections to build services other people would never think of because they didn’t see the potential of combining the Semantic Web and WebID authentication. “There’s a whole new space here growing for distributed data, distributed authentication and distributed social, and really it’s for the first people who explore it to discover where the riches are.”
Or what if open social networks like elgg take to the WebID format? Imagine, Story says, universities that adopt the elgg platform, and how cool it would be if students at one institution using elgg could seamlessly leave comments on their friends’ servers at another university after logging in and having the friend relationship confirmed. Or, if WordPress adopted WebID for its users: This not only could make it easier for those people to post comments to blogs without the bother of creating yet another user name and logging in, but if they were considered a friend in a distributed system of trust, their comments also wouldn’t have to be reviewed. “Wordpress or Drupals have a lot to gain by making their CMSs work together fluently. After all, what is Facebook other than a blog engine with access control?” he says. “Others, like identi.ca, that have distributed nodes and that could do with authentication there can also gain.”
Story adds that if you take into account the number of Semantic Web players who all have Web IDs and FOAF files, there can be a huge network effect of people working together in this space, “where they can do things together that are just as powerful as the more centralized [services] are doing all by themselves. It’s a game to explore.” Simply put, the Semantic Web “allows smaller players who don’t know each other to work together in such a way as to strengthen each other, reducing thereby the competitive advantage of the largest players.”
It doesn’t, after all, have to be a world of big monopolistic or oligopolistic social networks that hold all the cards, he says. There are a lot of little distributed social networks that, on their own, are small islands compared to giants like Facebook. But with WebID implemented and the power it can give to help users log in and work in a more distributed way, these little islands can add up to a bigger land mass, and potentially realize some dramatic gains.