W3C home > Mailing lists > Public > public-xg-webid@w3.org > July 2011

Re: WebID, BrowserID and NSTIC

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Sun, 24 Jul 2011 20:23:26 +0200
Message-ID: <4E2C631E.2070003@openlinksw.com>
To: public-xg-webid@w3.org
On 7/24/11 7:34 PM, Francisco Corella wrote:
> This not a theoretical issue, it is a very practical one.  If WebID
> were used as a general purpose WebID, a malicious medical insurance
> company in the US could set up a health information Web site with
> discussion groups.  If a user signed up with a WebID and joined a
> discussion group on cancer, the insurance company could later deny
> insurance to the user on suspicion that the user had cancer or a
> dependent who has cancer.  This issue can be avoided by using instead
> a "login certificate" issued by the relying party itself, as we
> propose in section 4.6 of our white paper.
But, nothing about WebID implies that a personal is 'You'.

Let's take the Spiderman and Peter Parker scenario. You can have WebIDs 
for both, and only the real identity behind either knows about the 
owl:sameAs relation.

I am saying WebID == Who You Really Are. It just enables identifiers to 
be verified. It basically caters for alter egos etc..

-- 

Regards,

Kingsley Idehen	
President&  CEO
OpenLink Software
Web: http://www.openlinksw.com
Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca: kidehen
Received on Sunday, 24 July 2011 18:24:06 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:25 UTC