- From: Timothy Holborn <timothy.holborn@gmail.com>
- Date: Sat, 20 Aug 2016 04:39:28 +0000
- To: Kingsley Idehen <kidehen@openlinksw.com>, public-webid@w3.org
- Cc: Credentials Community Group <public-credentials@w3.org>, "public-rww@w3.org" <public-rww@w3.org>, business-of-linked-data-bold <business-of-linked-data-bold@googlegroups.com>
- Message-ID: <CAM1Sok0y_vLmuH2LbebS_O5AS2akwyRpNRwLe1TNfFp7pLgMmg@mail.gmail.com>
On Sat, 20 Aug 2016 at 14:12 Kingsley Idehen <kidehen@openlinksw.com> wrote: > On 8/19/16 8:09 PM, Timothy Holborn wrote: > > I saw some use-cases, couldn't help myself - i had to respond... > > On Fri, 19 Aug 2016 at 23:00 Kingsley Idehen <kidehen@openlinksw.com> > wrote: > >> On 8/19/16 6:20 AM, Adrian Hope-Bailie wrote: >> >> Kingsley, >> >> I am playing devil's advocate here but I don't think you have answered my >> question. >> Gaining agility is not a business case. >> >> >> Enabling, enhancing, and achieving agility via data access, integration, >> and management is a fundamental business case. If that weren't the case, >> why would markets for Analytics, Recommendation Systems, AI-driven Bots, >> Big Data etc., exists? >> >> It is always about data-driven agility. >> >> >> I am all for open standards, I spend the majority of my time working to >> promote them but I am still trying to understand what the economic >> incentive is for any service provider to adopt SoLiD as opposed to >> controlling their user's data. >> >> >> The economic benefit of open standards are as follows, always: >> >> 1. Flexibility -- when choosing platform components i.e, you can mix and >> match a combination components in line with needs >> 2. Vendor lock-in prevention >> 3. Technology longevity -- you can always go back to a full spec for a >> specific platform component. >> >> SoLiD isn't a standard, it is a combination of open standards and best >> practices. Thus, its benefit is an open standards based approach for a >> read-write web that benefits end-users and vendors. >> >> >> >> Google, Apple and Microsoft control the end-user experience for the >> majority of users on the Web by giving them free browsers, email, social >> etc. In return they make money from controlling the data those products and >> services generate. >> >> >> Correct! And history shows, companies don't adopt standards just because >> they exists. They adopt standards as part of an "opportunity cost" >> prevention or control mechanism, first. >> >> >> Are you surprised that the browser vendors all actively block initiatives >> at W3C that would promote an open identity system that would unlock their >> user data silos? >> >> >> I am not convinced they are blocking initiatives per se. From my vantage >> point, there is a general communication problems between all the parties >> involved. For instance, there has been a lot of fanfare about how browsers >> implement TLS and its impact on the something like WebID+TLS protocol. That >> situation is rectified by WebID+TLS+Delegation, but folks don't generally >> see or promote that, on the pro WebID side of the argument. >> >> Bottom line, you can't declare standards adoption. You have demonstrate >> the virtues of standards via applications that are adopted by end-users and >> technology vendors. >> >> There are always politically astute excuses but let's be honest, if the >> browsers wanted to they could have made adopting WebID an easy user >> friendly experience and the world would be full of people who all have >> their own WebID that is used to log into all the services they use on the >> Web. >> >> >> They don't need to. That's the problem. Here's a breakdown of the issue, >> as I've come to understand it after hours of study and experimentation: >> >> You have a digital highway provided by the Internet. That highway (like >> in the real-world) enables movement of data from one point to another where >> security is scoped to the agents (software) transporting said data i.e., >> just like cars and car registration numbers. >> >> The Web is an Internet abstraction that introduces the ability to >> identify the user of an agent (like a car driver) distinct from an agent >> (the software). Thus, you can demand reworking the highway just because car >> drivers are now identifiable using their driver's licenses. That will never >> wash in the real-world, so why would it work in cyberspace. >> > Ok. > > So, identifiers for the 'senario' of 'driving' (or being driven) down a > highway. > > HWY Identifier Ontology (may include who fixed what, sensor data, GIS > data, payments data, etc.) > > CAR ontology (make, model, functionality, who's in it, sensor info, > ability to communicate with surrounding environment, ability to present > media to occupants, etc.) > > NOTE: A part within the vehicle may have it's own agent / ontology. IE: > the communications platform may be managed by a different vendor to the > power-plant / drive-train of a vehicle, who may in-turn have access to each > element as a counterpart of their role?) \ > > > If owner of vehicle is subject to court order (ie: not allowed within x > distance of x place, or cannot drive whilst intoxicated, etc.) then some > other rule may apply... > > Occupants (whether self-driving car or simply the old-school method). > > - Occupants may have authority to direct the vehicle. > - Occupants may have authority to drive the vehicle > - Occupants may have authority to sell the vehicle. > > Multiple occupants may be in the vehicle; who may have multiple > authorities at one time. > > > In this example, multiple occupants are the point. A car has a single > driver. Of course, it may have many passengers where each person has their > own identity card (license, passport, or something else). > > My simple example: > > A Car is like your Browser (a Software Agent). It has a registration > number. > > You are identified by your Driver's License. > > I've you skip toll payment, authorities triangulate back to you via your > car registration. Even if they have a photo of you, the toll matter boils > down to triangulation from the vehicle to its driver. > > When you reach you destination, other forms of identity become relevant > e.g., use of your Driver's License as proof of age in a pub. Basically, the > critical credential in this context. > Another use-case that may provide additional 'human centric' support via inferencing; might be along the lines of, - A Friend / Family Member / Employee has use of your vehicle at some dateTime. - The Vehicle is caught speeding. - A lawEnforcementFine is issued that may incur driversLicenseDemitPoints which in-turn may lead to lossOfLicense - Your mobilePhone has GPS records + calendar information (et.al) shows that you were elsewhere at the time. resulting in the ability to produce something like: https://www.theguardian.com/technology/2016/aug/11/chatbot-lawyer-beat-parking-fines-helping-homeless-do-not-pay > > ie: if the owner of the vehicle is intoxicated; then another person may be > able to drive the vehicle on their behalf, whether or not they've > previously been authorised to drive the vehicle - so long as the owner is > in the car (and not in the boot) for instance... > > > > >> Example: >> I want to transport some goods from Boston to New York. >> The scenario above includes toll booths and a final destination. >> >> On the highway, my car registration is the identity focal point, with >> regards to toll payments. When I reach my destination, my personal identity >> card (license or something else) is how I prove I am the delivery person >> expected at the final destination. >> > > isn't it simply your face? some sensor identifies something about you, and > it's all very low-friction. Question is - where do you store your > permissions for how those systems work - or are they your permissions? or > something else's permissions about you? > > > In my example I trying to illustrate how a simple highway toll booth > system works. One that's oriented towards vehicles driven (or controlled > by) a driver . > > In my example, Car registration is the credential of relevance i.e., what > the system is built around. > > >> Another example: I drive my car to a pub. At the pub my personal ID is >> what's important. En route to the pub, my Car registration is what's >> important. There are two distinct scenarios requiring different kinds of >> identity. >> >> WebID+TLS doesn't have the fidelity required for traversing the existing >> highway without asking its current maintainers (Certificate Authorities and >> Browser Vendors) to change infrastructure and practices. >> >> WebID+TLS+Delegation simply adds the "On-Behalf-Of" relationship type to >> the mix (i.e., in the data) which distinguishes the user from the software >> they use (drive) thereby enabling one toggle WebIDs without browser >> restarts (due to TLS requirements) [1]. >> > > IMHO: Credentials add's via HTTP Signed documents containing RDF; the > ability to produce another important counterpart to the identity lifecycle > mix, but only if humans are active actors in the creation and management > process of credentials use. > > > You are an active participant in the creation of your Driver's License :) > Yes. However many RDBMS systems are developed in a manner that can have unintended consequences; and more-often than not, it is the vulnerable who are most impacted by what is often knownIssues, considered to have lowerPriority mostOften dueTo a lackOfStructuredData :) Tim.H. > > -- > Regards, > > Kingsley Idehen > Founder & CEO > OpenLink Software (Home Page: http://www.openlinksw.com) > > Medium Blog: https://medium.com/@kidehen > Blogspot Blog: http://kidehen.blogspot.com > Twitter Profile: https://twitter.com/kidehen > Google+ Profile: https://plus.google.com/+KingsleyIdehen/about > LinkedIn Profile: http://www.linkedin.com/in/kidehen > Personal WebID: http://kingsley.idehen.net/dataspace/person/kidehen#this > >
Received on Saturday, 20 August 2016 04:40:16 UTC