W3C home > Mailing lists > Public > public-xg-webid@w3.org > February 2011

WebID-ISSUE-24: Privacy issues from WebID URI dereferencing [WebID Spec]

From: WebID Incubator Group Issue Tracker <sysbot+tracker@w3.org>
Date: Tue, 01 Feb 2011 11:27:21 +0000
To: public-xg-webid@w3.org
Message-Id: <E1PkEOH-0000yf-57@barney.w3.org>

WebID-ISSUE-24: Privacy issues from WebID URI dereferencing [WebID Spec]

http://www.w3.org/2005/Incubator/webid/track/issues/24

Raised by: Nathan Rixham
On product: WebID Spec

Part of the WebID protocol includes dereferencing a "WebID URI" specified by the identifying agent.

Whilst a measure of privacy and anonymity is provided by one half of the protocol (the TLS side), the act of dereferencing a "WebID URI" currently has authority/provenance issues (as outlined in ISSUE-23) and privacy issues.

Namely, privacy is not guaranteed, an intermediary (or a "webid/profile host") can detect a request from a server (say a bank, a private site, an adult site, a gambling site) to a users WebID URI and thus know the user has attempted to identify on said site.

This may be something which the protocol needs to address (for instance, force TLS for dereferencing), or may be something that is best noted and addressed by specification text (note as a security consideration and give advice).
Received on Tuesday, 1 February 2011 11:27:23 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:22 UTC