W3C home > Mailing lists > Public > public-credentials@w3.org > June 2017

Re: "Identity" - is a modal notion and the matrix

From: Timothy Holborn <timothy.holborn@gmail.com>
Date: Sat, 03 Jun 2017 09:02:48 +0000
Message-ID: <CAM1Sok2KvxpxjS4tHG7TZ=cHRgT2hSH_7QxvBBapjJynmB+5UA@mail.gmail.com>
To: Henry Story <henry.story@bblfish.net>, Chadwick David <d.w.chadwick@kent.ac.uk>
Cc: public-credentials@w3.org, public-rww <public-rww@w3.org>
Found: https://github.com/isnowfy/simple

Needs RDF added; means to reference concepts ontologically, perhaps also
some sort of method to crypt; as it doesn't matter if encrypted content is
'sniffable'; its the means to decode that content into something meaningful
that provides the sense of 'privacy' on the web.

But looks like a great way to make progress...

Free hosting!

Easy to see versions, contributions, et.al.

I think it's better to figure out how people can generate RDF marked-up
data in a decentralised format that can be discovered and represented in an
array of different ways; as the works of http://webizen.org/ and
http://linkeddata.github.io/rdflib.js/example/people/social_book.html before
that proved was possible.

The means to add 'verified statement' or 'verified (machine readable)
documents' is and was an important extension to the works; but i think
that's kinda done now.  We're missing tools to help people build ontology
(whether they're signed or otherwise) and we're missing functionality like
version-control, provenance, et.al.

We're also missing volumes of structured data that needs to be developed to
produce a rationale that can be ingested by policy groups to be presented
to politicians; who have NFI what RDF is; to describe the threat to
humanity that exists if we do not grapple with the 'identity problem' or
moreover 'digital identity problem' in a manner that we've not done yet.

anyhow.  I find this stuff really...  troubling, i find it hard at times to
maintain composure.  I think we have the knowledge to create better tooling
to help figure out this problem, and i think alot of that relates to our
capacity - to effectively use RDF & OWL to create meaningful statements
that can be argued and developed as to figure out where and what needs to
be done; and given it's not going to be an easy or 'static' answer, what
the dynamics of this new field of consideration - i think likely resonates
with the webscience concepts - as to have better tooling to produce
outcomes of substance for the betterment of the natural world; as members
of the sentient species, within whom hold particular knowledge as a
radically small representative; to mitigate perceived threats.

I also think that whilst the role of W3C and it's collaboration in solving
these important problems is so very, very important.

I don't think it can be done in a CG, IG or WG within W3C alone as a
starting-point in the innovation curve.


Stakeholders who make decisions here; are not individuals but moreover
'agents' for incorporated entities who most often have great interest in
the way things work today; and have little capital or investment available
for investigations into alternatives.

as would be illustrated by those who've specialised in the field for far
longer than me with a background that gives us all something to strive to


On Sat., 3 Jun. 2017, 6:33 pm Henry Story, <henry.story@bblfish.net> wrote:

> > On 2 Jun 2017, at 18:13, David Chadwick <d.w.chadwick@kent.ac.uk> wrote:
> >
> >
> > On 02/06/2017 15:57, Henry Story wrote:
> >>
> >>> On 2 Jun 2017, at 14:37, David Chadwick <D.W.Chadwick@kent.ac.uk
> >>> <mailto:D.W.Chadwick@kent.ac.uk>> wrote:
> >>>
> >>> My take on identity (or more properly the process of identifying an
> >>> entity) is that it is needed by everyone and everything for the
> >>> functional purpose of authorisation, which is the most generic of all
> >>> functions. It encapsulates all possible actions, including tracking
> >>> (from Joe's narrower definition). All actions need to be
> >>> authorised/controlled, thus they need to identify the actors.
> >>>
> >>> I identify you to decide whether I want to have or continue a
> >>> relationship with you (and not with someone else).
> >>>
> >>> Governments identify us to decide if we allowed to be citizens, drive
> >>> cars, have health care etc.
> >>>
> >>> Web services identify us to provide us with a service.
> >>>
> >>> I am hard pushed to find any use of 'identity' that does not have
> >>> authorisation as the base requirement.
> >>>
> >>> Examples that you might think are not related to authorisation, are
> >>> identifying celebrities, identifying inanimate objects, identifying
> >>> criminals from mug shots. Looking at each one of these in more detail:
> >>>
> >>> I identify celebrities to decide whether I want to follow them, read
> >>> about them, or ignore them etc. Each of my actions require
> >>> authorisation, (by my brain) and thus I need to identify who is the
> >>> person in the magazine to decide whether to read further about them or
> >>> turn the page and ignore them.
> >>>
> >>> I identify inanimate objects to decide whether to ignore them, pick
> them
> >>> up, switch them on etc. If I cannot identify one object from another
> >>> then I cannot decide what to do with it (i.e. an access control
> decision).
> >>>
> >>> I see a picture of a criminal on a police wanted poster. I identify him
> >>> to decide whether to phone the police or not when I see a stranger
> >>> walking down the street who may or may not match the mugshot.
> >>>
> >>> So I strongly believe that we identify entities in order to authorise
> >>> actions by them or on them (depending upon whether they are the subject
> >>> or object of the action).
> >>>
> >>> I would be pleased to hear from anyone who can specify a purpose of
> >>> identity/identification that does not involve authorisation.
> >>
> >>
> >> I can't quite tell if this is the result of a professional deformation
> >> from someone who has worked for years in this area or if it is
> brilliant :-)
> >
> >
> > Well actually I have Ron Rivest to thank for this brilliance, because he
> > showed me the light back in the 1990s, when he said 'I do not care who
> > you are, I only care what you can do'. i.e. authorisation is the
> > important factor, not authentication. And that is when I switched from
> > PKI to PMI (and built PERMIS).
> Could it be that both are important and that they work together? The guard
> needs to know that some Agent A that is at the other end of the connection
> is part of some group that has certain access rights. So there is
> identification
> - that agent A - and there is then decision as to whether it is part of
> the group,
> whether it has the required type.
> Let is consider a few limit cases.
> 1) the agent at the other end  of the connection - anonymous at this point,
> may have access to the resource, because the resource is public. The guard
> knows that any agent that connects is part of the class of agents. Hence
> it knows that it satisfies the access rule, so it can give access.
> 2) The resource is a paying resource that requires 2c micropayment. The
> agent at this
> point is anonymous and there is no record of it having paid, so the guard
> rejects the
> request with a 402 Payment Required. The client then sends a 2c coin in
> the new
> response somehow. The Guard now knows that the agent at the end of the
> connection
> is part of the class of agents that have paid for the resource, (perhaps
> he gives
> him a cookie to avoid the user having to pay twice), and gives him access
> to the
> request article on micropayments.
> 3) Can view the party invitation only the friends of friends of the
> organizer. The access
> control rule which would be written out in Description Logic as
> @prefix foaf: <http://xmlns.com/foaf/0.1/> .
> # for reference on OWL see
> https://www.w3.org/TR/2012/REC-owl2-quick-reference-20121211/
> # and a whole list of standards see
> https://www.w3.org/standards/techs/owl#w3c_all
> # the friend of a friend relation, is true of things that are related once
> by foaf:knows or twice
> :foaf owl:subPropertyOf foaf:knows,
>                         [ owl:propertyChainAxiom (foaf:knows foaf:knows) ].
> #The MyFOAF class contains all those agents that are :foaf related to me.
> :MyFOAF owl:equivalentClass [ a owl:Restriction;
>                               owl:onProperty [ owl:inverseOf :foaf ];
>                               owl:hasValue <
> http://bblfish.net/people/henry/card#me>  ].
> Now the client who connects may see this access control rule and determine
> that he is a member
> of the group and that the server accepts both WebID-TLS or OpenID
> authentication, and so at this
> point uses OpenID as it is more convenient from the machine he is using.
> The server can then tie
> the openId and find out that the user is indeed a friend of a friend. Here
> we use a pseudonym to
> authenticate and get access to the invitation
> 4) I'll leave it as an exercise to come up with examples requiring
> credentials
>   (which are somewhat between 2 and 3)
> >
> >
> >>
> >> The idea seems a bit stretched for mathematical objects. What would
> >> access control to
> >> mathematical objects be?
> >>
> >> There is certainly something very important to natural selection for
> >> animals of all types
> >> to be able to discriminate if something is of a type or not. Is this a
> >> poisonous mushroom or
> >> a tasty one? Is this object stable or is it going to fall over if I lean
> >> on it? Is that person coming
> >> to me a friend or a foe? (asked in a war like situation)
> >>
> >> Just to take the last one: we have some x identified of largish agent
> >> call it x is moving over in
> >> that direction with respect to us. We are in a war situation. Is it an
> >> animal (pig, fox, deer, ?)  or
> >> is it a human?  We look and we  start to get enough information to be
> >> able to discriminate
> >> more carefully. Soon we  can see that it is a human. So our alert level
> >> rises, since we don't yet know
> >> if it is a friend or an enemy.  After looking more carefully we
> >> recognize some element of the uniform,
> >> which indicates that it is an enemy soldier. So that would tend to
> >> indicate very strongly that it is a foe.
> >> I don't in this situation actually need to identify x any further to
> >> act. I don't need to know it's name,
> >> phone number, email address, mother name, etc... Depending on the
> >> gravity time I am allowed to
> >> think before being myself in danger I may have to act now just on that.
> >
> > thankyou for confirming my assertion that identification is ultimately
> > about authorisation. You have now performed sufficient identification to
> > be authorised to fire your gun. However, your humanity may determine
> > that you do not want to kill someone on such sparse identity
> > information, and you may choose to wait until you have more identity
> > information. But that is your choice and it does not ultimately effect
> > my thesis.
> >
> >
> >>
> >> I may have a bit more time and relay this information to someone else
> >> who has a different angle on the situation
> >> and they can calculate where the person is given the directions I gave
> >> with respect to me. From
> >> their angle they can (dis)confirm the relation of x to the type of
> >> our:EnemyCombatant. Of course
> >> x is very likely moving and so changing its relation to other things as
> >> we are trying to diagnose the situation.
> >> We need to figure out very fast if we need to act or if we can escape
> >> its attention unharmed
> >> and follow x to see what it is doing, i.e. to put it in relation to
> >> other enemy combatants, to work
> >> out what its plan is, and so what their plan is, .... We may be able to
> >> send a mosquito sized drone
> >> all the way to it, to spy on all its information exchanges with its
> >> headquarters, and so gather its e-mail
> >> address, home page, telephone number, mother and father's name etc... We
> >> will then have identified the
> >> individual much more precisely. Perhaps we will then know enough that we
> >> can convince it to switch sides.
> >>
> >> But perhaps we don't get all that information and it is only years after
> >> the war that having gotten hold
> >> of the enemy logs that we can work out that information and get that
> >> deeper identity which will allow us
> >> to let x's family know what happened that day.
> >>
> >> Still in order to do that we have also identified a number of objects in
> >> the background as trees, roads,
> >> lakes, bushes, all in some relation to us and the background mountains.
> >> Each of these objects we can
> >> categorize in some way or other, and this can be used to guide our
> >> action with respect to them. But
> >> perhaps that is just because information, action and strategies are very
> >> strongly linked.
> >>
> >> Types are often thought of as ways of discriminating objects. And to act
> >> successfully we need to discriminate
> >> correctly.
> >
> > Correct. And types are the fundamental objects in RBAC and ABAC. And
> > guess how types are catagorised? By their attributes.
> It Description Logics and OWL you can define a class from the attributes
> as I have done above with the :foaf relation. One can also describe classes
> as subclasses, intersections, unions etc of other classes. Attributes can
> be
> inherited somewhat like in OO programming - though in a declarative
> consistent
> style. In RDF relations are the basic thing: to declare an object to be of
> a type
> one relates it to that type. To specify an attribute one specifies a
> relation of the
> object to the attribute value. This consistency and uniformity removes a
> lot
> of complexity and simplifies the model to the maximum, leaving just the
> unavoidable
> computational complexity questions, that have already been classified and
> dealt with in large part by logicians  and mathematicians.
> >
> >>
> >> It is certainly true that as far as credentials go, the main use of them
> >> will be access control (I think).
> >> That could certainly help narrow the focus somewhat of our
> investigation.
> >>
> >> I think we can go further and then defined type of action an access
> >> control decision is. An act of
> >> access control is I think is an action that a Guard does that follows
> >> the following pattern:
> >> Is the thing x in front of me, at the other end of the connection,
> >> etc... allowed to act on object y
> >> that I control? What types of objects are allowed to do that action? Can
> >> that x prove to me that it is of that type?
> >> And we are interested for proofs of that type to be done via a
> >> credential of some form, where the x
> >> can prove that it is the object that is spoken of in the credential
> >> shown to us - the x can work out
> >> somehow which credential is the most appropriate to show.
> >>
> >> This seems to be getting closer to something useful.
> >
> > Great. Because ultimately if we build a technically beautiful construct
> > that has all the latest state of the art, but is not useful, then it
> > will not be used and it will become shelf-ware. I believe that VCs are
> > incredibly useful. I use the physical equivalent everyday and I cannot
> > live without them. They are of course plastic cards.
> >
> > regards
> >
> > David
Received on Saturday, 3 June 2017 09:03:39 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:38 UTC