W3C home > Mailing lists > Public > public-xg-webid@w3.org > January 2012

Re: what are claims mirrors?

From: Henry Story <henry.story@bblfish.net>
Date: Mon, 16 Jan 2012 14:37:58 +0100
Cc: WebID XG <public-xg-webid@w3.org>
Message-Id: <F0DBB26E-0E8F-4D74-9956-40CFBB9AF284@bblfish.net>
To: Melvin Carvalho <melvincarvalho@gmail.com>

On 16 Jan 2012, at 13:11, Melvin Carvalho wrote:

> On 16 January 2012 12:20, Henry Story <henry.story@bblfish.net> wrote:
>> Kingsley keeps speaking of "Claims mirrors" in support of his arguments. What are they? How do they work?
> every rdf triple is a claim / assertion

I would add that an assertion is usually an assertion made by some agent

> it has a trust interval based on various factors
> the two main factors are :
> where did you find the triple? -- e.g.
> if you trust the dns you are more likely to trust the claim

You are more likely to know where you go the claim from. DNS is there to help you
resolve domain names. DNSsec will help you be more certain you got it from where you thought
you did.

> if the claim is signed you are more likely to trust the triple

that completely depends on who signed it and if you can verify the signature. A signed claim should not help you trust the claim, only that the person who signed it, made the claim.

So yes, you will be able to make up you decision of how much you trust an assertion based on who made it, and how much you trust them to make truthful assertions on that subject, and all of that really depends on what type of verification process was used to test the assertions.

So really the question is one of verification processes. In the WebID protocol, we have one very clear verification process, that is easy to follow.

> In webid you are linking a person to a public key

You are naming a person with a URL, and then tying that URL to a public key so that you can then link
that person in a world wide web of trust.

> It's easy to think that the only way to do this is to dereference the person and follow
> your nose to the key.  

That makes it sound like you think people here think that the WebId protocol is the only way to verify something. It should be evident to all who follow this list that it is not, since X509 for example when used the usual way has a different procedure for verifying claims based on trusted Certificate Authorities (who mirror claims?)  That mechanism has been relatively (un)successful for server certificates, but has failed completely for client certificates. For server certificates it has its own problems.

> But when you consider the web as a huge
> database of claims in billions or even trillions of places, you
> understand that it's just one small piece in a giant jigsaw.

That is hand waiving Melvin. Yes, there are an infinite number of ways of coming to conclusions, but what is needed is simple ways to do that, that are well described, easy to implement, that are valuable, that we can verify as working and whose security properties we can analyse.

Having said all that you have not really defined a claim mirror.  Is it 

A. stating something that confirms a statement someone else made. Eg jack claims

  :jack a foaf:Person;
        foaf:knows :joe .

   :joe cert:key key .

B. if the word "mirror" is to have some sense one feels like it has to have already been said by joe, so perhaps Joe claims (where?)

    :joe cert:key key . 

C. Or is a mirror a claim that says explicitly that someone else said something? For example jack claiming that

    :joe claims { :joe cert:key key } 

    Does it have to be signed? Or would that just be a signed claim mirror?  

Those are the types of things that one would need to look at. And then it would be useful to know what one is to make of it. 


> seeAlso:
> http://www.youtube.com/watch?v=mcBV-cXVWFw
> :)
>> Henry
>> Social Web Architect
>> http://bblfish.net/

Social Web Architect
Received on Monday, 16 January 2012 13:38:57 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:30 UTC