W3C home > Mailing lists > Public > public-privacy@w3.org > October to December 2012

Re: [saag] Liking Linkability

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Fri, 19 Oct 2012 13:42:34 -0400
Message-ID: <5081910A.1040601@openlinksw.com>
To: Ben Laurie <benl@google.com>
CC: Henry Story <henry.story@bblfish.net>, Ben Laurie <ben@links.org>, "public-philoweb@w3.org" <public-philoweb@w3.org>, "public-identity@w3.org" <public-identity@w3.org>, "public-privacy@w3.org" <public-privacy@w3.org>, Sam Hartman <hartmans-ietf@mit.edu>, "public-webid@w3.org" <public-webid@w3.org>, "saag@ietf.org" <saag@ietf.org>
On 10/19/12 9:52 AM, Ben Laurie wrote:
>> You really need to expand on what the danger is. Because again
>> >I think you are thinking of the site I am connecting to as the attacker.
>> >But I may be wrong.
> I'm getting quite tired of this: the point is, you cannot achieve
> unlinkability with WebID except by using a different WebIDs. You made
> the claim that ACLs on resources achieve unlinkability. This is
> incorrect.

What is an ACL (Access Control List) to you?

Does "Data Access Policy" work any better so that we stop being 
distracted by something with different means to the participants in this 
debate.

Can a data access policy deliver unlinkability ?
>
> So yes, the scenario is there are two sites that I connect to using
> WebID and I want each of them to not be able to link my connections to
> the other.

This is an absolute non issue re. the combination of  WebID, the WebID 
authentication protocol, and logic based data access policies. You're 
basically saying I (as in nebulous "You") have the personas 'Spiderman' 
and 'Peter Parker' and I want those personas to remain distinct. All of 
this holding true within the contextual fluidity of the Internet and 
World Wide Web.

>   To do this, I need two WebIDs, one for each site. ACLs do
> not assist.

It's a problem solved via the combination of WebIDs (cryptographically 
verifiable identifiers), WebID authentication protocol, and logic based 
data access policies. If this was actually the deal breaker for WebID 
(verifiable identifiers and authentication protocol) based data access 
policies (or ACLs) why would Henry and I invest some much time trying to 
get you to move beyond this fundamental misconception?
>


-- 

Regards,

Kingsley Idehen	
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen







Received on Friday, 19 October 2012 17:43:00 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 19 October 2012 17:43:01 GMT