W3C home > Mailing lists > Public > public-xg-webid@w3.org > January 2011

Re: ACL

From: Henry Story <henry.story@bblfish.net>
Date: Tue, 25 Jan 2011 22:05:02 +0100
Cc: Stéphane Corlosquet <scorlosquet@gmail.com>, Alexandre Passant <alexandre.passant@deri.org>, nathan@webr3.org, WebID XG <public-xg-webid@w3.org>
Message-Id: <758A429F-D64F-49F1-BB9A-2806FB5A7EE8@bblfish.net>
To: Reto Bachmann-Gmuer <reto.bachmann@trialox.org>

On 25 Jan 2011, at 21:44, Reto Bachmann-Gmuer wrote:

> On Tue, Jan 25, 2011 at 9:05 PM, Henry Story <henry.story@bblfish.net> wrote:
>  
> To be precise - realising that you already understand this, but just for newcomers - it ensures that you are the referent of the WebID.  Just as e-mail verification used so widely since the beginning of the web ensures that you are the owner of an e-mail box.
> 
> 
> Lets be even more precise and not introduce epistemological magic: email verification (together with login, cookies and stuff) ensures that you're a person capable of accessing mails in that mailbox (or intercept them on the way). Very similarly webid dereferenciation (together with tls, etc.) ensures that you're a person capable of controlling what the server to which the webid points to returns (or have otherwise control to the network of the authenticating agent to be able to control the result of its attempts to dereference the WebId).
> 
> With WOT features WebId allows to establish the level of confidence that you own the social identity named by the WebId. Where Social identity is a node in a Social Network and a Social Network is a network of trust relationships. If the authenticating agent is not part of the same social network as the claimer of the identity the level of confidence will invariably be 0.

This sounds really bad, but it's amazing just how much people are able to communicate and do things with so little as e-mail address verification! Answer on blog posts, join news groups, IETF working groups, W3C invited Expert groups, etc....

Instead of saying the level of confidence is 0, let us say that you have no confirmation. Because then the interesting thing to note is that you do know a few things:

  - when the same agent logs in at different intervals
  - what the agent claims about himself

That is imagine you are a shop keeper and someone walks into a shop and introduces himself as Jane Jackson then as a good shopkeeper you should in your immediate interactions talk to her as if this were the truth. Ie: you can personalise the experience the customer has for whatever she specifies as her identity. The trick is not to make others believe you have more confirmatory evidence about what she says than you do. Ie: you don't want to make statements yourself about who she is, by adding something in your profile linking you to her - other than via a :customer relationship.

(Btw. this does point out that following linked data relations cannot be enough to justify merging information about data that is linked. )

Anyway, we're out of ACLs and into trust logics at that point. My feeling is that trust logics are going to take a lot of time to investigate.

Henry


> 
> Cheers,
> Reto

Social Web Architect
http://bblfish.net/
Received on Tuesday, 25 January 2011 21:05:41 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 25 January 2011 21:05:41 GMT