Henry Story And WebID

Henry Story was until recently a Social Web Architect at Sun Microsystems. Previously, he worked on Babel Fish, a machine translation service at AltaVista. The babel fish was a small creature featured in “The Hitch-Hiker’s Guide to the Galaxy“. When placed in the ear, it could translate all known languages. The author of the book, Douglas Adams, was also involved in the project.

Henry is the creator of WebID, and on a recent visit to 091 Labs in Galway, Ireland, he took some time out to tell us more about it.

Why is WebID important?

“Currently social networks are closed systems. You have to be part of a social network to friend or communicate with anybody on that social network.

“This isn’t the case for telephones. You notice the oddness of this when you start thinking about previous technologies. You can have a telephone number from any company. You can call anybody in the world in whatever telecommunications network they are part of. You don’t even know what provider people are using. The same with e-mail. You can e-mail anyone, anywhere in the world. It’s a cross-organisational method of communication.

“We have this situation with social networking. You can’t leave your social network. You can’t make a friend on another social network. You are tied. Whenever you want to communicate with someone you have to join their social network or you have to convince them to join your social network.

“So there’s a centralisation process. But centralised creates lots of problems. If a social network goes down, and one third of the social networks have disappeared completely, then all your work and all your relationships disappear too.

“Also, Facebook can’t provide for all the different needs of social networking. What we are really looking for is how we can create a distributed social web and that’s what WebID solves.”

So how does it do that?

“WebID is inspired by OpenID. OpenID allows you to type the URL of essentially what should be your homepage and use that to create an account. You then use that to log into any provider using one password which you never send to the relying parties – the people you are trying to log into. The only person who knows your password is your OpenID provider.

“OpenID was initially inspired by the Friend of a Friend (FOAF) project. The FOAF project allows me on my homepage to describe who my friends are and link to them in the Semantic Web way. Your Facebook is marked up with something like microformats. A successor to microformats is RDFa, and that would allow you to link to your friends. All your friends would have a profile on their server and you could link to them via their profile and say that you know them.

“That’s very nice because they can describe who they are, where they are, what their interests are on their page and keep that up to date. You can always be up-to-date with their information because all you have to do is have a robot fetch that information, read it and give you the latest version.

“The problem with the semantic linking of profiles is mainly that it is completely open. The information is visible to everybody. There are people who have a bit of a problem with that. People want a bit of privacy, a bit of intimacy, so they can develop new ideas and play around without having to think about the critical eye of society.”

You were working on a developing a protocol for an address book to solve this problem when you made a remarkable discovery. What was that?

“It turns out, amazingly enough, that HTTPS has all that built in.”

HTTPS allows for secure transactions over the Web by means of cryptography and the use of digital certificates. These certificates authenticate the user’s public key with the encoded key.

“In a usual HTTPS session you connect to a site and the site through cryptography tells you who it is.

“In the X.509 certificate, there is a subject alternative name ‘field’ that was placed in the certificate. Nobody has ever used it, so we just put the WebID in there. So when you click on the certificate, the certificate is sent with your WebID to the server. The server then fetches the document at that WebID and it verifies that you own the private key of the public key with which you just authenticated to the service. So in two HTTPS connections you get to do exactly what OpenID does [in seven] and in a web friendly manner.”

Henry will be speaking at Open Coffee Galway this Friday at 11 AM.

One thought on “Henry Story And WebID

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s