Re: Should WebIDs denote people or accounts? from Sandro Hawke on 2014-05-17 (public-webid@w3.org from May 2014)

From: Sandro Hawke <sandro@w3.org>
Date: Sat, 17 May 2014 13:36:32 -0400
To: Melvin Carvalho <melvincarvalho@gmail.com>
CC: public-webid <public-webid@w3.org>
Message-ID: <53779E20.7080803@w3.org>
On 05/17/2014 12:28 PM, Melvin Carvalho wrote:
>
>
>
> On 17 May 2014 17:57, Sandro Hawke <sandro@w3.org 
> <mailto:sandro@w3.org>> wrote:
>
>     Summary: Most people will be unwilling to give up the idea of
>     having multiple separate accounts.  This calls into question the
>     whole idea of WebID.
>
>     First off, as an aside, hello everyone.   I was in the CG for its
>     first few weeks to help get things started, but then left when it
>     looked like things were well in hand, and I had many other W3C
>     duties.   Since then, nearly all of my Working Groups (SPARQL,
>     RDF, GLD, etc) have wrapped up, and I'm mostly doing R&D, working
>     with TimBL and Andrei Sambra.   The work we're doing needs
>     something like WebID.
>
>     That said, I have to raise a difficult issue.   Maybe there's a
>     simple solution I'm just missing, but I fear there is not.
>
>     The examples in the spec, and what I saw from Henry when he first
>     presented foaf+ssl, show the WebID denoting a person.   In the
>     examples, it's often an instance of foaf:Person, and occurs in
>     triples as the subject where the predicate is foaf:name,
>     foaf:knows, etc.  Also in triples as the object of foaf:knows.
>
>     So that means that in RDF, my WebID denotes me.   And if I have
>     three different WebIDs, they all denote me.  Anything that's said
>     in RDF using one of my WebIDs is equally true to say using any of
>     my other WebIDs, and a reasoner might well infer it.   That's how
>     it looks like WebIDs are supposed to work.
>
>     This is in stark contrast to how most online identity systems
>     work. The usually model is that a person has an account with a
>     particular service provider.   In the old days that might have
>     been a bank, while these days it might be some kind of "identity
>     provider" like Google or Facebook.   There is important
>     flexibility in this model.    I have two Google accounts, and my
>     kids have many among themselves, so on the computers around the
>     house, there are many possible Google accounts saved as possible
>     logins.    Behind the scenes, Google may or may not be correctly
>     inferring which humans are attached to each of these accounts, but
>     as long it doesn't get wrong which accounts can see adult content,
>     or use my credit card, or see/edit particular documents, that's
>     okay. Those important features are attached to accounts, not
>     people, in systems today.
>
>     FOAF makes this distinction quite clear, with classes foaf:Person
>     and foaf:OnlineAccount.   FOAF, quite reasonably, puts
>     relationships like foaf:name and foaf:knows on foaf:Person.   It's
>     interesting to know my name and who I know.   It might also be
>     interesting to see which of my accounts are linked with other
>     accounts, I suppose, although that's more complicated.
>
>     I'm not sure exactly why people might have multiple accounts.
>     Sometimes an account is provided by an employer or school and goes
>     along with lots of resources, but also includes restrictions on
>     use or limitations on privacy.  Sometimes an account is obtained
>     with a particular service provider, and then one no longer wants
>     to do business with them. Sometimes security on an account is
>     compromised and a backup is needed.   Sometimes one just wants to
>     separate parts of life, like work-vs-nonwork. I've asked a few
>     friends if they'd be willing to have exactly one computer account,
>     and gotten an emphatic "No!".
>
>     So the my question might be, can WebID allow that separation?   If
>     access control is granted by WebID (as I've always seen it done),
>     and WebID denotes a person (as I've always seen it), and the
>     computer figures out that multiple WebIDs denote the same person
>     (as it's likely to do eventually), then isn't it likely to grant
>     the same access to me no matter which of my WebIDs I'm using?
>     Wouldn't that be the technically correct thing for it to do?
>
>     In summary: WebID is doing something quite radical in the identity
>     space by identifying humans instead of accounts.   Are we sure
>     that's a good thing?    It seems like in practice, humans
>     interacting with service providers want to have multiple
>     distinguishable identities with separate authentication.  One
>     might try to clean this up with some kind of role-based access
>     control [1], but that might not solve the issue that by having
>     WebIDs denote people, they prevent people from authenticating
>     differently to get different access/behavior.
>
>     (It's true some identity providers, like Facebook, forbid a human
>     from having multiple accounts.  But I think in response we see
>     humans get their additional accounts by using other providers.)
>
>     The conclusion I'm tentatively coming to is that WebIDs should be
>     1-1 associated with accounts, not people.  As such, they'll be
>     associated with authentication, authorization, and profiles, as
>     they are now.   But the RDF modelling will have to be different,
>     with things like { <webid1> foaf:knows <webid2> } being disallowed.
>
>     If we're going to make a change like that, making the WebID one
>     hop away from Person, I'd suggest actually making it denote the
>     account's profile page, so that it can be a normal URL, denoting
>     an Information Resource.
>
>
> Neither, it denotes an Agent (being a person or machine)

I was glossing over the distinction between foaf:Person and foaf:Agent 
for simplicity.   I don't think it changes my argument.

>
> I think what you are referring to is AWW Indirect Identifiers?
>
> http://www.w3.org/TR/webarch/#indirect-identification
>
> [[
> To say that the URI "mailto:nadia@example.com 
> <mailto:nadia@example.com>" identifies both an Internet mailbox and 
> Nadia, the person, introduces a URI collision. However, we can use the 
> URI to indirectly identify Nadia. Identifiers are commonly used in 
> this way.
>
> Listening to a news broadcast, one might hear a report on Britain that 
> begins, "Today, 10 Downing Street announced a series of new economic 
> measures." Generally, "10 Downing Street" identifies the official 
> residence of Britain's Prime Minister. In this context, the news 
> reporter is using it (as English rhetoric allows) to indirectly 
> identify the British government. Similarly, URIs identify resources, 
> but they can also be used in many constructs to indirectly identify 
> other resources. Globally adopted assignment policies make some URIs 
> appealing as general-purpose identifiers. Local policy establishes 
> what they indirectly identify.
>
> Suppose that nadia@example.com <mailto:nadia@example.com> is Nadia's 
> email address. The organizers of a conference Nadia attends might use 
> "mailto:nadia@example.com <mailto:nadia@example.com>" to refer 
> indirectly to her (e.g., by using the URI as a database key in their 
> database of conference participants). This does not introduce a URI 
> collision.
> ]]
>

Sure, that's another way to frame the question: is the WebID a direct 
identifier for a human or an indirect identifier for a human?   Clearly 
WebIDs were originally intended as direct identifiers for humans, but 
the issue I'm raising is that such usage doesn't fit how people seem to 
want to interact with computers. I'm suggesting we may need to change 
them to being indirect identifiers.


> Why not just link an agent to an account, perhaps as an IFP?

Certainly agents and accounts can be linked, eg using foaf:account or 
sioc:account_of, but that doesn't answer my question - which end of that 
arc is the WebID?   Which end is the one that is authenticated?   Which 
end is used in stating authorization?   Which end is used when stating a 
name?  When stating a short biography? When stating a "knows" 
relationship?   When stating a subscription/follows relationship?

Also, foaf:account is neither FP nor IFP, which I think is correct.   
One could make an IFP variation, something like "individualsAccount" 
which would make it work more nicely for identifying humans.     Or 
"singleAgentAccount" if its for foaf:Agents.

>
> Timbl in his WebID has also a very interesting predicate, preferredURI ...
>
> http://www.w3.org/2000/10/swap/pim/contact#preferredURI → 
> "http://www.w3.org/People/Berners-Lee/card#i"
>
> Does this solve the mulitple identity issue?
>

Not at all.     That's for selecting among re-referring IRIs, for 
situations where you want a "best" one.   But they all have the same 
semantics.   In the problem I'm pointing out, it's the semantics that 
are wrong.


> It strikes me that an Agent and an Account are very different things, but

Oh, absolutely.   That's half my point -- that the are different.

The problem is that a significant fraction of the user base (including 
me, my kids, and the friends I talked to) strongly prefer logging in to 
an account rather than identifying themselves as being a particular agent.

> I'm open to persuasion.
>
> Note: also that webfinger tried to open this can of works and ended up 
> minting a acct: URI scheme ... seems like fragmentation is undesirable ...

Can you summarize the story there, or point to a summary?   I missed that.

        -- Sandro

>
>            -- Sandro
>
>     [1] http://en.wikipedia.org/wiki/Role-based_access_control
>
>
Received on Saturday, 17 May 2014 17:36:43 UTC