W3C home > Mailing lists > Public > public-xg-webid@w3.org > July 2011

Re: WebID, BrowserID and NSTIC

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Sun, 24 Jul 2011 23:36:50 +0200
Message-ID: <4E2C9072.2010207@openlinksw.com>
To: public-xg-webid@w3.org
On 7/24/11 8:23 PM, Kingsley Idehen wrote:
> On 7/24/11 7:34 PM, Francisco Corella wrote:
>> This not a theoretical issue, it is a very practical one.  If WebID
>> were used as a general purpose WebID, a malicious medical insurance
>> company in the US could set up a health information Web site with
>> discussion groups.  If a user signed up with a WebID and joined a
>> discussion group on cancer, the insurance company could later deny
>> insurance to the user on suspicion that the user had cancer or a
>> dependent who has cancer.  This issue can be avoided by using instead
>> a "login certificate" issued by the relying party itself, as we
>> propose in section 4.6 of our white paper.
> But, nothing about WebID implies that a personal is 'You'.
>
> Let's take the Spiderman and Peter Parker scenario. You can have 
> WebIDs for both, and only the real identity behind either knows about 
> the owl:sameAs relation.
>
> I am saying WebID == Who You Really Are. It just enables identifiers 
> to be verified. It basically caters for alter egos etc.. 

Meant to say:

But, nothing about WebID implies that a personal URI refers to 'You', 
specifically. It just enables verifiable identifiers that are associated 
with identities :-)

-- 

Regards,

Kingsley Idehen	
President&  CEO
OpenLink Software
Web: http://www.openlinksw.com
Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca: kidehen
Received on Sunday, 24 July 2011 21:37:16 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:25 UTC