W3C home > Mailing lists > Public > public-xg-webid@w3.org > April 2011

Re: Position Paper for W3C Workshop on Identity

From: Stéphane Corlosquet <scorlosquet@gmail.com>
Date: Wed, 27 Apr 2011 12:13:38 -0400
Message-ID: <BANLkTinNwqwS-J4oa+pykmC2daq3WcFY6g@mail.gmail.com>
To: Henry Story <henry.story@bblfish.net>
Cc: peter williams <home_pw@msn.com>, public-xg-webid@w3.org
I find it strange that on a paper on WebID, most contributors do not have
their WebID URI in the RDFa. We've got Henry's and mine in, please send me
your WebID so I can add them in and avoid creating blank nodes ;) (private
email is fine to avoid noise on the mailing list).

Steph.

On Wed, Apr 27, 2011 at 11:39 AM, Henry Story <henry.story@bblfish.net>wrote:

>
> On 27 Apr 2011, at 17:21, peter williams wrote:
>
> > You might want to browse it - being all about the technology topics you
> > often struggle with. ON the other hand, when looking at life anew,
> sometimes
> > ignorance helps - so you is not drawn into the older mental models.
> >
> > Anyways, there are three terms of art:
> >
> > Identity  verification
> > User authentication
> > Information assurance
>
> Ok, so when you go to a university, the Uni educates you, then tests you,
> then gives you a degree. That is information assurance! What is the
> information?
>
> Uni assures { X has Degree;
>                field :medicine
>                course </2011/Med/Liver> .. }
>
> Presumably that means that he knows a certain amount about the subject. But
> nothing
> is absolutely final of course as you point out. His thesis may have been
> plagiarised,
> as recently happened in Germany when the Minister of Defence was found to
> have employed
> someone else to write his thesis.
>
>
> http://online.wsj.com/article/SB10001424052748704506004576173970765020528.html
>
> If the university had given Karl-Theodor zu Guttenberg a WebID, they would
> not remove
> their claim from his doctoral certificate page.
>
> So it is easy to do assurance using WebID, and to remove assurance too.
>
> Henry
>
> >
> > A term of art is rarely discussed in Wikipedia or a common dictionary.
> >
> > Identity verification is that act which a notary performs when he/she
> > authenticated an individual through personal knowledge or, more likely,
> > checking your passport or drivers license as evidence of id. The notary
> > attests to having done that act, while then making a statement. Early in
> > certs, for use by early Apple Mac users, one got a X.509 cert by first
> going
> > to a notary, obtaining the affidavit mentioned, and then sending that as
> > evidence of (notary-based) id verification to the CA .
> >
> > User authenication is the presentation of the cert to a relying party,
> along
> > with a signature showing control over the private key.
> >
> > Information assurance has nothing to do with any of the above, except
> when
> > computers are used in the processes above. If you want a birth cert from
> the
> > state of Hawaii, there is information assurance practices - that support
> the
> > status of a bit of paper as a "record". Long form records may be valid
> > legally, for the purposes of id verification; or may not. Because
> assurance
> > rules change, only shoft form record may not be valid, legally. Assurance
> > rules may require "originals", and not copies, and may distintuish
> certified
> > copies (from copies, and from originals). A certified copy may have to be
> > emboseed, by a particular seal (acting as a unique signing device.)
> >
> > In the computer world, IA often comes down to the security audit, for the
> > data center. If you are Comodo selling cert, and your resellers apply
> > computers to access the minting services, and that channel is protected
> > poorly, one can have the ridiculous situation in which the auditor
> performed
> > investigations and tests that qualified the information assurance legvel
> as
> > "sufficient", but non the less the channel is insecure. That's because,
> IA
> > is about rules, not security. Its similar to an accounting audit that
> says
> > the firm is not crooked, but it goes bust anyways. What matters is that
> the
> > tests shew it was not crooked, to "assure" the public, using the services
> of
> > public certified accountants.
> >
> > Yes apple assure the public their phone is safe. Doesn't mean the fine
> print
> > of the contract is not set to allow them and their friends to spy on you,
> in
> > a manner you find offense - since you didn't KNOW you agreed to it!? Its
> > deceptive, despite the assurance. The US government assures the public
> that
> > new citizens are suitable citizens. Doesn't mean they are not ex-SS
> > officers, having spent years designed terror weapons, having run factorys
> > making them and having actually killed 20k civilians...(in London) in
> > attempt to terrorise an entire population. Assurance means they now fit
> > American rules, which change with the times.
> >
> > In the CA world, the government generally seeks assurance that the firms
> > will "do the right thing" - when asked. (This means spy, when served a
> > covert order.) Its an important assurance, that the firm has CEO and
> staff
> > that are "oriented" - and trustworthy, and can be trusted (to maintain
> the
> > secrecy of the covert surveillance order, and scope the interception to
> the
> > named individual, not the operators ex-spouse...).
> >
> > Put a key in the RDFa of the document. See what happens... its not
> logical,
> > but then neither is a non-deterministic search that guesses.
> >
> >
> > -----Original Message-----
> > From: public-xg-webid-request@w3.org [mailto:
> public-xg-webid-request@w3.org]
> > On Behalf Of Henry Story
> > Sent: Tuesday, April 26, 2011 11:44 AM
> > To: peter williams
> > Cc: 'Dominik Tomaszuk'; public-xg-webid@w3.org
> > Subject: Re: Position Paper for W3C Workshop on Identity
> >
> >
> > On 26 Apr 2011, at 20:34, peter williams wrote:
> >
> >> Please remove the link to
> >> http://agendabuilder.gartner.com/IAM4/WebPages/SessionList.aspx?Speake
> >> r=7019
> >> 95 for my name. Or just remove my name all together (whichever is
> > easiest).
> >> I do not want an association with Rapattoni to be inferred by readers.
> >>
> >> Im mostly making a point, tuned to webid, that individuals are in
> >> charge - and do NOT need an organizational affiliation. They also do
> >> NOT need evidence of standing (such as garner though me worth inviting
> >> to talk about the needs of realty, to others deploying websso).
> >>
> >> I know, it's a hard habit to break, since individuals have no standing
> >> in academia; only having any authority when introduced as "faculty"
> >> (which then governs one's credentials and one's reputations).
> >
> > But I thought many of your points on this list was on the importance of
> > Information Assurance.
> > Are universities, companies posting profiles about people not well
> establish
> > ways of doing information assurance?
> >
> > Henry
> >
> >
> >>
> >>
> >>
> >> -----Original Message-----
> >> From: public-xg-webid-request@w3.org
> >> [mailto:public-xg-webid-request@w3.org]
> >> On Behalf Of Dominik Tomaszuk
> >> Sent: Tuesday, April 26, 2011 7:43 AM
> >> To: public-xg-webid@w3.org; Henry Story
> >> Subject: Re: Position Paper for W3C Workshop on Identity
> >>
> >> On 26.04.2011 12:09, Dominik Tomaszuk wrote:
> >>> On 26.04.2011 10:36, Henry Story wrote:
> >>>> Ok, the paper is ready for xhtml export. Any further changes can
> >>>> then be edited in the xhtml.
> >>> OK. In a few hours XHTML+RDFa version will be ready.
> >> Alpha version without CSS, valid XHTML+RDFa:
> >>
> >> http://ii.uwb.edu.pl/~dtomaszuk/webid.html
> >>
> >> Regards,
> >>
> >> Dominik Tomaszuk
> >>
> >
> > Social Web Architect
> > http://bblfish.net/
> >
> >
> >
>
> Social Web Architect
> http://bblfish.net/
>
>
>
Received on Wednesday, 27 April 2011 16:14:07 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:24 UTC