W3C home > Mailing lists > Public > public-xg-webid@w3.org > January 2012

Re: changing WebIDs

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Mon, 02 Jan 2012 13:58:59 -0500
Message-ID: <4F01FE73.5020609@openlinksw.com>
To: public-xg-webid@w3.org
On 1/2/12 5:19 AM, Henry Story wrote:
> On 31 Dec 2011, at 18:24, Kingsley Idehen wrote:
>> On 12/30/11 7:21 PM, Mo McRoberts wrote:
>>> On 30 Dec 2011, at 22:28, Peter Williams wrote:
>>>> The foreseeable future is the caveat - and is fine (and traditional) in identity for content class resources
>>> Ah, perhaps, but the semantics of “your WebID URI changing” haven't really been defined yet — if your key persists but your URI changes, what happens?
>> They key is useless. The net effect is the same as your keystore computer (desktop, notebook, tablet, phone, USB cryto device) being stolen. A URI changing in manner that breaks its relation with a Public Key is implicitly handled by the semantics of the WebID protocol.
>> Peter gave an example a while back where he loses his Blog space URIs (since he doesn't control Blogspot or WordPress) but still needs to be able access resources where his old Blog space (the IdP)  URI is remains the focus of  ACL list by those granting him access to resources (e.g., photos). In this case, he can present a Cert. that has his old URI and his new URI in the certs. SAN. The ACLs don't have to change, assuming the verifiers comprehend coreference claims.
> That does not work according to the current spec. The current spec says that a claim is verified only if the verification procedure has been followed up on. If you have two web-ids and one of them verifies but the other old one no longer exists, then that would enable everyone to pretend to be owl:sameAs your old WebID if your site went down.

How so if signed claims carry value?

Did you look at the claim types and associated verification  I 
enumerated in my post re. this matter?

> For this to work you would need the confidence in your identity to be based in your knowledge of the private key above all. Ok, so if you move to knowledge of private key as being the long term determinant of your identity, then your problem will be how do you make a statement that you have lost control of it. (apart from problems relating to ease of use that such as system brings with it). This should not require control of the WebID profile of course.
> But I don't see this as such a problem at present. All consumer identity systems in existence today that I know of have this problem. Just think of 100 of millions of people on Facebook or G+. Your identity is currently built up via the domain on which it is hosted. So though a solution to this is nice to have, it is not even on most people's radar screen.
> But that is just one aspect of how people trust you. The other part is the people who link to that identity. If those people start to unlink to your WebID then the value of that for many services will go down. So one can see that more serious services in the longer term could build up pictures of who someone is that though initially it is based on a WebID, is also then supported by the social network. For example your hoster abandons his service, or your domain lapses, or in a future private key based DNS you loose your private key, then you could create a new profile somewhere saying you were the old Id, and if all your friends link to your new id, then that could be a good way for services to follow up. So I think this is again mostly in trust authorisation step that we are not going into at this point so much, but that we will do as we get our social networks working.

I don't really agree with you. My preference is for this to be tested in 
the real world of ACLs applied to resources.

There is a lot of fidelity that is being lost in over simplification of 
WebID and simple assumptions applied to OWL reasoning and graphs. 
Where's the rule that states that a claim cannot be signed in idp space? 
All it needs is relations from a reification ontology. Basically, make 
statements verifiable. Anyone can claim to be owl:sameAs anyone, but can 
they prove it? That's where a signed claim comes into play.

Happy New Year!
> Henry
> Social Web Architect
> http://bblfish.net/



Kingsley Idehen	
Founder&  CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen

Received on Monday, 2 January 2012 19:01:48 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:29 UTC