W3C home > Mailing lists > Public > public-xg-webid@w3.org > April 2011

Re: Position Paper for W3C Workshop on Identity

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Wed, 27 Apr 2011 12:24:00 -0400
Message-ID: <4DB84320.9070702@openlinksw.com>
To: public-xg-webid@w3.org
On 4/27/11 12:13 PM, Stéphane Corlosquet wrote:
> I find it strange that on a paper on WebID, most contributors do not 
> have their WebID URI in the RDFa. We've got Henry's and mine in, 
> please send me your WebID so I can add them in and avoid creating 
> blank nodes ;) (private email is fine to avoid noise on the mailing list).

Yep!

I raised that point earlier. But..?

Dogfooding is critical for credibility circa. 2011 :-)

Kingsley
>
> Steph.
>
> On Wed, Apr 27, 2011 at 11:39 AM, Henry Story <henry.story@bblfish.net 
> <mailto:henry.story@bblfish.net>> wrote:
>
>
>     On 27 Apr 2011, at 17:21, peter williams wrote:
>
>     > You might want to browse it - being all about the technology
>     topics you
>     > often struggle with. ON the other hand, when looking at life
>     anew, sometimes
>     > ignorance helps - so you is not drawn into the older mental models.
>     >
>     > Anyways, there are three terms of art:
>     >
>     > Identity  verification
>     > User authentication
>     > Information assurance
>
>     Ok, so when you go to a university, the Uni educates you, then
>     tests you,
>     then gives you a degree. That is information assurance! What is
>     the information?
>
>     Uni assures { X has Degree;
>                    field :medicine
>                    course </2011/Med/Liver> .. }
>
>     Presumably that means that he knows a certain amount about the
>     subject. But nothing
>     is absolutely final of course as you point out. His thesis may
>     have been plagiarised,
>     as recently happened in Germany when the Minister of Defence was
>     found to have employed
>     someone else to write his thesis.
>
>     http://online.wsj.com/article/SB10001424052748704506004576173970765020528.html
>
>     If the university had given Karl-Theodor zu Guttenberg a WebID,
>     they would not remove
>     their claim from his doctoral certificate page.
>
>     So it is easy to do assurance using WebID, and to remove assurance
>     too.
>
>     Henry
>
>     >
>     > A term of art is rarely discussed in Wikipedia or a common
>     dictionary.
>     >
>     > Identity verification is that act which a notary performs when
>     he/she
>     > authenticated an individual through personal knowledge or, more
>     likely,
>     > checking your passport or drivers license as evidence of id. The
>     notary
>     > attests to having done that act, while then making a statement.
>     Early in
>     > certs, for use by early Apple Mac users, one got a X.509 cert by
>     first going
>     > to a notary, obtaining the affidavit mentioned, and then sending
>     that as
>     > evidence of (notary-based) id verification to the CA .
>     >
>     > User authenication is the presentation of the cert to a relying
>     party, along
>     > with a signature showing control over the private key.
>     >
>     > Information assurance has nothing to do with any of the above,
>     except when
>     > computers are used in the processes above. If you want a birth
>     cert from the
>     > state of Hawaii, there is information assurance practices - that
>     support the
>     > status of a bit of paper as a "record". Long form records may be
>     valid
>     > legally, for the purposes of id verification; or may not.
>     Because assurance
>     > rules change, only shoft form record may not be valid, legally.
>     Assurance
>     > rules may require "originals", and not copies, and may
>     distintuish certified
>     > copies (from copies, and from originals). A certified copy may
>     have to be
>     > emboseed, by a particular seal (acting as a unique signing device.)
>     >
>     > In the computer world, IA often comes down to the security
>     audit, for the
>     > data center. If you are Comodo selling cert, and your resellers
>     apply
>     > computers to access the minting services, and that channel is
>     protected
>     > poorly, one can have the ridiculous situation in which the
>     auditor performed
>     > investigations and tests that qualified the information
>     assurance legvel as
>     > "sufficient", but non the less the channel is insecure. That's
>     because, IA
>     > is about rules, not security. Its similar to an accounting audit
>     that says
>     > the firm is not crooked, but it goes bust anyways. What matters
>     is that the
>     > tests shew it was not crooked, to "assure" the public, using the
>     services of
>     > public certified accountants.
>     >
>     > Yes apple assure the public their phone is safe. Doesn't mean
>     the fine print
>     > of the contract is not set to allow them and their friends to
>     spy on you, in
>     > a manner you find offense - since you didn't KNOW you agreed to
>     it!? Its
>     > deceptive, despite the assurance. The US government assures the
>     public that
>     > new citizens are suitable citizens. Doesn't mean they are not ex-SS
>     > officers, having spent years designed terror weapons, having run
>     factorys
>     > making them and having actually killed 20k civilians...(in
>     London) in
>     > attempt to terrorise an entire population. Assurance means they
>     now fit
>     > American rules, which change with the times.
>     >
>     > In the CA world, the government generally seeks assurance that
>     the firms
>     > will "do the right thing" - when asked. (This means spy, when
>     served a
>     > covert order.) Its an important assurance, that the firm has CEO
>     and staff
>     > that are "oriented" - and trustworthy, and can be trusted (to
>     maintain the
>     > secrecy of the covert surveillance order, and scope the
>     interception to the
>     > named individual, not the operators ex-spouse...).
>     >
>     > Put a key in the RDFa of the document. See what happens... its
>     not logical,
>     > but then neither is a non-deterministic search that guesses.
>     >
>     >
>     > -----Original Message-----
>     > From: public-xg-webid-request@w3.org
>     <mailto:public-xg-webid-request@w3.org>
>     [mailto:public-xg-webid-request@w3.org
>     <mailto:public-xg-webid-request@w3.org>]
>     > On Behalf Of Henry Story
>     > Sent: Tuesday, April 26, 2011 11:44 AM
>     > To: peter williams
>     > Cc: 'Dominik Tomaszuk'; public-xg-webid@w3.org
>     <mailto:public-xg-webid@w3.org>
>     > Subject: Re: Position Paper for W3C Workshop on Identity
>     >
>     >
>     > On 26 Apr 2011, at 20:34, peter williams wrote:
>     >
>     >> Please remove the link to
>     >>
>     http://agendabuilder.gartner.com/IAM4/WebPages/SessionList.aspx?Speake
>     >> r=7019
>     >> 95 for my name. Or just remove my name all together (whichever is
>     > easiest).
>     >> I do not want an association with Rapattoni to be inferred by
>     readers.
>     >>
>     >> Im mostly making a point, tuned to webid, that individuals are in
>     >> charge - and do NOT need an organizational affiliation. They
>     also do
>     >> NOT need evidence of standing (such as garner though me worth
>     inviting
>     >> to talk about the needs of realty, to others deploying websso).
>     >>
>     >> I know, it's a hard habit to break, since individuals have no
>     standing
>     >> in academia; only having any authority when introduced as "faculty"
>     >> (which then governs one's credentials and one's reputations).
>     >
>     > But I thought many of your points on this list was on the
>     importance of
>     > Information Assurance.
>     > Are universities, companies posting profiles about people not
>     well establish
>     > ways of doing information assurance?
>     >
>     > Henry
>     >
>     >
>     >>
>     >>
>     >>
>     >> -----Original Message-----
>     >> From: public-xg-webid-request@w3.org
>     <mailto:public-xg-webid-request@w3.org>
>     >> [mailto:public-xg-webid-request@w3.org
>     <mailto:public-xg-webid-request@w3.org>]
>     >> On Behalf Of Dominik Tomaszuk
>     >> Sent: Tuesday, April 26, 2011 7:43 AM
>     >> To: public-xg-webid@w3.org <mailto:public-xg-webid@w3.org>;
>     Henry Story
>     >> Subject: Re: Position Paper for W3C Workshop on Identity
>     >>
>     >> On 26.04.2011 12 <tel:26.04.2011%2012>:09, Dominik Tomaszuk wrote:
>     >>> On 26.04.2011 10 <tel:26.04.2011%2010>:36, Henry Story wrote:
>     >>>> Ok, the paper is ready for xhtml export. Any further changes can
>     >>>> then be edited in the xhtml.
>     >>> OK. In a few hours XHTML+RDFa version will be ready.
>     >> Alpha version without CSS, valid XHTML+RDFa:
>     >>
>     >> http://ii.uwb.edu.pl/~dtomaszuk/webid.html
>     <http://ii.uwb.edu.pl/%7Edtomaszuk/webid.html>
>     >>
>     >> Regards,
>     >>
>     >> Dominik Tomaszuk
>     >>
>     >
>     > Social Web Architect
>     > http://bblfish.net/
>     >
>     >
>     >
>
>     Social Web Architect
>     http://bblfish.net/
>
>
>


-- 

Regards,

Kingsley Idehen	
President&  CEO
OpenLink Software
Web: http://www.openlinksw.com
Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca: kidehen
Received on Wednesday, 27 April 2011 16:24:24 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:24 UTC