W3C home > Mailing lists > Public > public-credentials@w3.org > August 2016

Re: How the father of the World Wide Web plans to reclaim it from Facebook and Google

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Sat, 20 Aug 2016 00:12:20 -0400
To: Timothy Holborn <timothy.holborn@gmail.com>, public-webid@w3.org
Cc: Credentials Community Group <public-credentials@w3.org>, "public-rww@w3.org" <public-rww@w3.org>, business-of-linked-data-bold <business-of-linked-data-bold@googlegroups.com>
Message-ID: <6cc68253-b201-a653-7fa6-6b1b7e2a7cb0@openlinksw.com>
On 8/19/16 8:09 PM, Timothy Holborn wrote:
> I saw some use-cases, couldn't help myself - i had to respond...
> On Fri, 19 Aug 2016 at 23:00 Kingsley Idehen <kidehen@openlinksw.com
> <mailto:kidehen@openlinksw.com>> wrote:
>     On 8/19/16 6:20 AM, Adrian Hope-Bailie wrote:
>>     Kingsley,
>>     I am playing devil's advocate here but I don't think you have
>>     answered my question.
>>     Gaining agility is not a business case.
>     Enabling, enhancing,  and achieving agility via data access,
>     integration, and management is a fundamental business case. If
>     that weren't the case, why would markets for Analytics,
>     Recommendation Systems, AI-driven Bots, Big Data etc., exists?
>     It is always about data-driven agility.
>>     I am all for open standards, I spend the majority of my time
>>     working to promote them but I am still trying to understand what
>>     the economic incentive is for any service provider to adopt SoLiD
>>     as opposed to controlling their user's data.
>     The economic benefit of open standards are as follows, always:
>     1. Flexibility -- when choosing platform components i.e, you can
>     mix and match a combination components in line with needs
>     2. Vendor lock-in prevention
>     3. Technology longevity -- you can always go back to a full spec
>     for a specific platform component.
>     SoLiD isn't a standard, it is a combination of open standards and
>     best practices. Thus, its benefit is an open standards based
>     approach for a read-write web that benefits end-users and vendors.
>>     Google, Apple and  Microsoft control the end-user experience for
>>     the majority of users on the Web by giving them free browsers,
>>     email, social etc. In return they make money from controlling the
>>     data those products and services generate.
>     Correct! And history shows, companies don't adopt standards just
>     because they exists. They adopt standards as part of an
>     "opportunity cost" prevention or control mechanism, first.
>>     Are you surprised that the browser vendors all actively block
>>     initiatives at W3C that would promote an open identity system
>>     that would unlock their user data silos?
>     I am not convinced they are blocking initiatives per se. From my
>     vantage point, there is a general communication problems between
>     all the parties involved. For instance, there has been a lot of
>     fanfare about how browsers implement TLS and its impact on the
>     something like WebID+TLS protocol. That situation is rectified by
>     WebID+TLS+Delegation, but folks don't generally see or promote
>     that, on the pro WebID side of the argument.
>     Bottom line, you can't declare standards adoption. You have
>     demonstrate the virtues of standards via applications that are
>     adopted by end-users and technology vendors.
>>     There are always politically astute excuses but let's be honest,
>>     if the browsers wanted to they could have made adopting WebID an
>>     easy user friendly experience and the world would be full of
>>     people who all have their own WebID that is used to log into all
>>     the services they use on the Web.
>     They don't need to. That's the problem. Here's a breakdown of the
>     issue, as I've come to understand it after hours of study and
>     experimentation:
>     You have a digital highway provided by the Internet. That highway
>     (like in the real-world) enables movement of data from one point
>     to another where security is scoped to the agents (software)
>     transporting said data i.e., just like cars and car registration
>     numbers.
>     The Web is an Internet abstraction that introduces the ability to
>     identify the user of an agent (like a car driver) distinct from an
>     agent (the software). Thus, you can demand reworking the highway
>     just because car drivers are now identifiable using their driver's
>     licenses. That will never wash in the real-world, so why would it
>     work in cyberspace.
> Ok. 
> So, identifiers for the 'senario' of 'driving' (or being driven) down
> a highway.
> HWY Identifier Ontology (may include who fixed what, sensor data, GIS
> data, payments data, etc.)
> CAR ontology (make, model, functionality, who's in it, sensor info,
> ability to communicate with surrounding environment, ability to
> present media to occupants, etc.)
> NOTE: A part within the vehicle may have it's own agent / ontology. 
> IE: the communications platform may be managed by a different vendor
> to the power-plant / drive-train of a vehicle, who may in-turn have
> access to each element as a counterpart of their role?) \
> If owner of vehicle is subject to court order (ie: not allowed within
> x distance of x place, or cannot drive whilst intoxicated, etc.) then
> some other rule may apply...
> Occupants (whether self-driving car or simply the old-school method).
> - Occupants may have authority to direct the vehicle. 
> - Occupants may have authority to drive the vehicle 
> - Occupants may have authority to sell the vehicle.
> Multiple occupants may be in the vehicle; who may have multiple
> authorities at one time. 

In this example, multiple occupants are the point. A car has a single
driver. Of course, it may have many passengers where each person has
their own identity card (license, passport, or something else).

My simple example:

A Car is like your Browser (a Software Agent). It has a registration

You are identified by your Driver's License.

I've you skip toll payment, authorities triangulate back to you via your
car registration. Even if they have a photo of you, the toll matter
boils down to triangulation from the vehicle to its driver.

When you reach you destination, other forms of identity become relevant
e.g., use of your Driver's License as proof of age in a pub. Basically,
the critical credential in this context.
> ie: if the owner of the vehicle is intoxicated; then another person
> may be able to drive the vehicle on their behalf, whether or not
> they've previously been authorised to drive the vehicle - so long as
> the owner is in the car (and not in the boot) for instance...
>     Example:
>     I want to transport some goods from Boston to New York.
>     The scenario above includes toll booths and a final destination.
>     On the highway, my car registration is the identity focal point,
>     with regards to toll payments. When I reach my destination, my
>     personal identity card (license or something else) is how I prove
>     I am the delivery person expected at the final destination.
> isn't it simply your face? some sensor identifies something about you,
> and it's all very low-friction.  Question is - where do you store your
> permissions for how those systems work - or are they your permissions?
>  or something else's permissions about you?

In my example I trying to illustrate how a simple highway toll booth
system works. One that's oriented towards vehicles driven (or controlled
by) a driver .

In my example, Car registration is the credential of relevance i.e.,
what the system is built around.

>     Another example: I drive my car to a pub. At the pub my personal
>     ID is what's important. En route to the pub, my Car registration
>     is what's important. There are two distinct scenarios requiring
>     different kinds of identity.
>     WebID+TLS doesn't have the fidelity required for traversing the
>     existing highway without asking its current maintainers
>     (Certificate Authorities and Browser Vendors) to change
>     infrastructure and practices.
>     WebID+TLS+Delegation simply adds the "On-Behalf-Of" relationship
>     type to the mix (i.e., in the data) which distinguishes the user
>     from the software they use (drive) thereby enabling one toggle
>     WebIDs without browser restarts (due to TLS requirements) [1].
> IMHO: Credentials add's via HTTP Signed documents containing RDF; the
> ability to produce another important counterpart to the identity
> lifecycle mix, but only if humans are active actors in the creation
> and management process of credentials use. 

You are an active participant in the creation of your Driver's License :)


Kingsley Idehen	      
Founder & CEO 
OpenLink Software   (Home Page: http://www.openlinksw.com)

Medium Blog: https://medium.com/@kidehen
Blogspot Blog: http://kidehen.blogspot.com
Twitter Profile: https://twitter.com/kidehen
Google+ Profile: https://plus.google.com/+KingsleyIdehen/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen
Personal WebID: http://kingsley.idehen.net/dataspace/person/kidehen#this

Received on Saturday, 20 August 2016 04:12:47 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:24:42 UTC