W3C home > Mailing lists > Public > public-xg-webid@w3.org > April 2011

Re: Position Paper for W3C Workshop on Identity

From: Henry Story <henry.story@bblfish.net>
Date: Wed, 27 Apr 2011 17:39:27 +0200
Cc: <public-xg-webid@w3.org>
Message-Id: <151F1343-D3D2-408A-AB47-5445CC9B047C@bblfish.net>
To: peter williams <home_pw@msn.com>

On 27 Apr 2011, at 17:21, peter williams wrote:

> You might want to browse it - being all about the technology topics you
> often struggle with. ON the other hand, when looking at life anew, sometimes
> ignorance helps - so you is not drawn into the older mental models.
> 
> Anyways, there are three terms of art:
> 
> Identity  verification
> User authentication
> Information assurance

Ok, so when you go to a university, the Uni educates you, then tests you,
then gives you a degree. That is information assurance! What is the information?

Uni assures { X has Degree;
                field :medicine
                course </2011/Med/Liver> .. }

Presumably that means that he knows a certain amount about the subject. But nothing
is absolutely final of course as you point out. His thesis may have been plagiarised, 
as recently happened in Germany when the Minister of Defence was found to have employed 
someone else to write his thesis.

http://online.wsj.com/article/SB10001424052748704506004576173970765020528.html

If the university had given Karl-Theodor zu Guttenberg a WebID, they would not remove
their claim from his doctoral certificate page.

So it is easy to do assurance using WebID, and to remove assurance too.

Henry

> 
> A term of art is rarely discussed in Wikipedia or a common dictionary.
> 
> Identity verification is that act which a notary performs when he/she
> authenticated an individual through personal knowledge or, more likely,
> checking your passport or drivers license as evidence of id. The notary
> attests to having done that act, while then making a statement. Early in
> certs, for use by early Apple Mac users, one got a X.509 cert by first going
> to a notary, obtaining the affidavit mentioned, and then sending that as
> evidence of (notary-based) id verification to the CA .
> 
> User authenication is the presentation of the cert to a relying party, along
> with a signature showing control over the private key.
> 
> Information assurance has nothing to do with any of the above, except when
> computers are used in the processes above. If you want a birth cert from the
> state of Hawaii, there is information assurance practices - that support the
> status of a bit of paper as a "record". Long form records may be valid
> legally, for the purposes of id verification; or may not. Because assurance
> rules change, only shoft form record may not be valid, legally. Assurance
> rules may require "originals", and not copies, and may distintuish certified
> copies (from copies, and from originals). A certified copy may have to be
> emboseed, by a particular seal (acting as a unique signing device.)
> 
> In the computer world, IA often comes down to the security audit, for the
> data center. If you are Comodo selling cert, and your resellers apply
> computers to access the minting services, and that channel is protected
> poorly, one can have the ridiculous situation in which the auditor performed
> investigations and tests that qualified the information assurance legvel as
> "sufficient", but non the less the channel is insecure. That's because, IA
> is about rules, not security. Its similar to an accounting audit that says
> the firm is not crooked, but it goes bust anyways. What matters is that the
> tests shew it was not crooked, to "assure" the public, using the services of
> public certified accountants.
> 
> Yes apple assure the public their phone is safe. Doesn't mean the fine print
> of the contract is not set to allow them and their friends to spy on you, in
> a manner you find offense - since you didn't KNOW you agreed to it!? Its
> deceptive, despite the assurance. The US government assures the public that
> new citizens are suitable citizens. Doesn't mean they are not ex-SS
> officers, having spent years designed terror weapons, having run factorys
> making them and having actually killed 20k civilians...(in London) in
> attempt to terrorise an entire population. Assurance means they now fit
> American rules, which change with the times.
> 
> In the CA world, the government generally seeks assurance that the firms
> will "do the right thing" - when asked. (This means spy, when served a
> covert order.) Its an important assurance, that the firm has CEO and staff
> that are "oriented" - and trustworthy, and can be trusted (to maintain the
> secrecy of the covert surveillance order, and scope the interception to the
> named individual, not the operators ex-spouse...).
> 
> Put a key in the RDFa of the document. See what happens... its not logical,
> but then neither is a non-deterministic search that guesses.
> 
> 
> -----Original Message-----
> From: public-xg-webid-request@w3.org [mailto:public-xg-webid-request@w3.org]
> On Behalf Of Henry Story
> Sent: Tuesday, April 26, 2011 11:44 AM
> To: peter williams
> Cc: 'Dominik Tomaszuk'; public-xg-webid@w3.org
> Subject: Re: Position Paper for W3C Workshop on Identity
> 
> 
> On 26 Apr 2011, at 20:34, peter williams wrote:
> 
>> Please remove the link to
>> http://agendabuilder.gartner.com/IAM4/WebPages/SessionList.aspx?Speake
>> r=7019
>> 95 for my name. Or just remove my name all together (whichever is
> easiest).
>> I do not want an association with Rapattoni to be inferred by readers.
>> 
>> Im mostly making a point, tuned to webid, that individuals are in 
>> charge - and do NOT need an organizational affiliation. They also do 
>> NOT need evidence of standing (such as garner though me worth inviting 
>> to talk about the needs of realty, to others deploying websso).
>> 
>> I know, it's a hard habit to break, since individuals have no standing 
>> in academia; only having any authority when introduced as "faculty" 
>> (which then governs one's credentials and one's reputations).
> 
> But I thought many of your points on this list was on the importance of
> Information Assurance. 
> Are universities, companies posting profiles about people not well establish
> ways of doing information assurance?
> 
> Henry
> 
> 
>> 
>> 
>> 
>> -----Original Message-----
>> From: public-xg-webid-request@w3.org 
>> [mailto:public-xg-webid-request@w3.org]
>> On Behalf Of Dominik Tomaszuk
>> Sent: Tuesday, April 26, 2011 7:43 AM
>> To: public-xg-webid@w3.org; Henry Story
>> Subject: Re: Position Paper for W3C Workshop on Identity
>> 
>> On 26.04.2011 12:09, Dominik Tomaszuk wrote:
>>> On 26.04.2011 10:36, Henry Story wrote:
>>>> Ok, the paper is ready for xhtml export. Any further changes can 
>>>> then be edited in the xhtml.
>>> OK. In a few hours XHTML+RDFa version will be ready.
>> Alpha version without CSS, valid XHTML+RDFa:
>> 
>> http://ii.uwb.edu.pl/~dtomaszuk/webid.html
>> 
>> Regards,
>> 
>> Dominik Tomaszuk
>> 
> 
> Social Web Architect
> http://bblfish.net/
> 
> 
> 

Social Web Architect
http://bblfish.net/
Received on Wednesday, 27 April 2011 15:40:01 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:24 UTC