W3C home > Mailing lists > Public > public-privacy@w3.org > October to December 2012

Re: [saag] Liking Linkability

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Mon, 22 Oct 2012 14:46:58 +0200
Message-ID: <CAKaEYhJuY9vakh+AVRS7GfcBDe_Rh8hNd2YCPdC3gaw6yQ7O9g@mail.gmail.com>
To: Harry Halpin <hhalpin@w3.org>
Cc: Kingsley Idehen <kidehen@openlinksw.com>, Ben Laurie <benl@google.com>, nathan@webr3.org, Henry Story <henry.story@bblfish.net>, Ben Laurie <ben@links.org>, "public-philoweb@w3.org" <public-philoweb@w3.org>, "public-identity@w3.org" <public-identity@w3.org>, "public-privacy@w3.org" <public-privacy@w3.org>, Sam Hartman <hartmans-ietf@mit.edu>, "public-webid@w3.org" <public-webid@w3.org>, "saag@ietf.org" <saag@ietf.org>
On 22 October 2012 14:32, Harry Halpin <hhalpin@w3.org> wrote:

> On 10/22/2012 02:03 PM, Kingsley Idehen wrote:
>> On 10/22/12 7:26 AM, Ben Laurie wrote:
>>> On 22 October 2012 11:59, Kingsley Idehen <kidehen@openlinksw.com>
>>> wrote:
>>>> On 10/22/12 5:54 AM, Ben Laurie wrote:
>>>>> Where we came in was me pointing out that if you disconnect your
>>>>> identities by using multiple WebIDs, then you have a UI problem, and
>>>>> since then the aim seems to have been to persuade us that multiple
>>>>> WebIDs are not needed.
>>>> Multiple WebIDs (or any other cryptographically verifiable identifier)
>>>> are a
>>>> must.
>>>> The issue of UI is inherently subjective. It can't be used to
>>>> objectively
>>>> validate or invalidate Web-scale verifiable identifier systems such as
>>>> WebID or any other mechanism aimed at achieving the same goals.
>>> Ultimately what matters is: do users use it correctly? This can be
>>> tested :-)
>>> Note that it is necessary to test the cases where the website is evil,
>>> too - something that's often conveniently missed out of user testing.
>>> For example, its pretty obvious that OpenID fails horribly in this
>>> case, so it tends not to get tested.
>> Okay.
>>>  Anyway, Henry, I,  and a few others from the WebID IG (hopefully) are
>>>> going
>>>> to knock up some demonstrations to show how this perceived UI/UX
>>>> inconvenience can be addressed.
>>> Cool.
>> Okay, ball is in our court to now present a few implementations that
>> address the UI/UX concerns.
>> Quite relieved to have finally reached this point :-)
> No, its not a UI/UX concern, although the UI experience of both identity
> on the Web and with WebID in particular is quite terrible, I agree.

Harry, what exactly do you mean by "on the web"?

The reference point I take for this phrase is from the "Axioms of Web
Architecture" :


'An information object is "on the web" if it has a URI.'

If I have understood your previous posts correctly you perhaps have a
different definition or referring to something specific.  Sorry if im a bit
confused things, It's not that clear hat you mean by the phrase.

> My earlier concern was an information flow concern that causes the issue
> with linkability, which WebID shares to a large extent with other
> server-side information-flow. As stated earlier, as long as you trust the
> browser, BrowserID does ameliorate this. There is also this rather odd
> conflation of "linkability" of URIs with hypertext and URI-enabled Semantic
> Web data" and linkability as a privacy concern.
> I do think many people agree stronger cryptographic credentials for
> authentication are a good thing, and BrowserID is based on this and OpenID
> Connect has (albeit not often used) options in this space.  I would again,
> please suggest that the WebID community take on board comments in a polite
> manner and not cc mailing lists.

Feedback is valuable and appreciated.  Certainly the comments made are
taken on board.

With standards such as identity there's always an overlap between different
efforts.  I cant speak for others in the community, but I personally agree
that care should be taken to post the right topics to the right list.
Received on Monday, 22 October 2012 12:47:28 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:23:54 UTC