W3C home > Mailing lists > Public > public-xg-webid@w3.org > January 2012

WebID equivalence

From: Henry Story <henry.story@bblfish.net>
Date: Mon, 2 Jan 2012 11:36:24 +0100
Message-Id: <CC275F9A-7FF1-4BE0-A621-13C8CB919C8E@bblfish.net>
To: "public-xg-webid@w3.org XG" <public-xg-webid@w3.org>
> On 1/1/12 11:38 AM, Mo McRoberts wrote:
>> On 31 Dec 2011, at 17:52, Kingsley Idehen wrote:
>> 
>>>> Now, because URI-A's document can't be parsed, there's no way to verify that it does contain the triples which confirm the relationship between it as a WebID URI and the WebID certificate, *however* a consumer can look for triples describing URI-A in the document referring to it retrieved from URI-B: in this case, it finds some, and can process them as being equivalent to as if they were asserted about URI-B, but what it cannot do is state that URI-A is an identifier for the certificate-holder.
>>> Identifier equivalence has been asserted in a signed claim via the use of multiple URIs in a Certs. SAN. The effect here is that we have synonyms so the public key associated with URI-B is now also a relation with URI-A. The fact that we can't make a union of all the data the one could de-reference via URI-A and URI-B doesn't matter re. this kind of equivalence and the resulting assurance.
>> The problem here isn't the data. Getting the union set of triples is fine.
> 
> You don't need to get a union of triples. You just need triples that describe any URI in the owl:sameAs relation.
> 
>>  The problem here is what you consider the URI to be for the certificate holder. As you can't retrieve and process the data for URI-A, you can't treat that URI as belonging to the holder.
> 
> The Certificate Identifies a Subject. The SAN is a slot for alternative Names of said subject. A composite of alternative names is a signed equivalence claim that may or may not be mirrored in idp space.
>> 
>> It's a subtle point, but it's an important one when you're dealing with synonyms.
> 
> <URIA> owl:sameAs <URIB> means that both URIs share a co-referent. Thus, what goes for one (e.g., public key association) goes for the other, if if the evidence emerges from triples that describe either <URIA> or <URIB>.  This is all about equivalence by name. You can also have equivalence by values, and you require an IFP predicate in the relation for that. All of this is quite easy to demonstrate.

Yes, you are right a = b means that a refers to the same thing as b.
But that is not the problem that needs to be addressed. The problem is whether the claim is true, or likely to be true. Do you believe what URIA-Profile-Doc says about URIA? Well you can believe what it says about terms it defines in that document, since it is master of the terms it defines there. That is why WebID works. 

But is the assertion of identity it makes in that document true, when those assertion cross namespaces? That is something that can be doubted and over which there can be disagreement, and so to the degree that it can be doubted so you have a problem of trust. It is the problem of trust that we are dealing with here, which is a layer above the linked data cake.

Henry



>> 
>> M.
>> 
> 
> 
> -- 
> 
> Regards,
> 
> Kingsley Idehen	
> Founder&  CEO
> OpenLink Software
> Company Web: http://www.openlinksw.com
> Personal Weblog: http://www.openlinksw.com/blog/~kidehen
> Twitter/Identi.ca handle: @kidehen
> Google+ Profile: https://plus.google.com/112399767740508618350/about
> LinkedIn Profile: http://www.linkedin.com/in/kidehen
Received on Monday, 2 January 2012 11:44:07 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 2 January 2012 11:44:07 GMT