[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [DotGNU]Owner of the Data: potential impl, some problems with it

From: Peter Minten
Subject: Re: [DotGNU]Owner of the Data: potential impl, some problems with it
Date: Tue, 19 Nov 2002 19:46:02 +0100

Stephen Compall wrote:
> > I'd love to hear your suggestions for that :-).
> OOTD is some scary stuff....

Nope, .NET is scary, OOTD is just a complicated piece in the puzzle of freedom
> The client end of the OOTD can be enforced by scaring the users with
> messages about a service maybe stealing your data..."Are You Absolutely
> Sure You Want To Continue?" Except in super-guru-expert-debug-testing
> mode, which will be named as such in order to discourage curious users. :)

Hmm, better hide that mode behind a key binding, such as: 'C-x C-x C-x C-x M-x
super-guru-expert-debug-testing-mode' :-).

> Finally, the GBFM Virtual Identity consists of a GPG key.

And a lot more data. But the GPG key is by far the most important part (it's
also needed for authorization as explained in 'the trust triangle' message).

> However, there are a couple of problems with these alternatives:
> 1. Web-of-trust model: Rhetorical questions: how many signatures do you
> have on your key? or, how large is your web of trust? Presuming that you
> have a GnuPG key, as I assume you probably do. Speaking of which, maybe
> I should try to work on my key some getting it onto a key
> server....
> 2. Authority model: Who are the authorities in a decentralized model?

I'd say a DotGNU maintained webservice dir would serve for a lot of purposes. I
further propose that that would become a task of the webservice WG.

> And why the hell should we trust them? 

All data should be available for others to setup their own webservice server. If
DotGNU for some reason doesn't do the job right somebody else could take the
code and the trustability data and set up a server elsewhere.

But the ideas don't need to be mutually exclusive. The web of trust could be
used to assist the webservice dir. If enough trusted people report violation of
OOTD rules the DotGNU webservice dir maintainers could adjust the OOTD
trustability data for the webservice.

This model can be extended to other things than OOTD too. I think for example of
use of proprietary software in the webservice. This won't be exactly important
to most users, but it could help discouraging webservices from using proprietary



reply via email to

[Prev in Thread] Current Thread [Next in Thread]