W3C home > Mailing lists > Public > public-credentials@w3.org > August 2016

Re: How the father of the World Wide Web plans to reclaim it from Facebook and Google

From: Timothy Holborn <timothy.holborn@gmail.com>
Date: Sat, 20 Aug 2016 04:39:28 +0000
Message-ID: <CAM1Sok0y_vLmuH2LbebS_O5AS2akwyRpNRwLe1TNfFp7pLgMmg@mail.gmail.com>
To: Kingsley Idehen <kidehen@openlinksw.com>, public-webid@w3.org
Cc: Credentials Community Group <public-credentials@w3.org>, "public-rww@w3.org" <public-rww@w3.org>, business-of-linked-data-bold <business-of-linked-data-bold@googlegroups.com>
On Sat, 20 Aug 2016 at 14:12 Kingsley Idehen <kidehen@openlinksw.com> wrote:

> On 8/19/16 8:09 PM, Timothy Holborn wrote:
> I saw some use-cases, couldn't help myself - i had to respond...
> On Fri, 19 Aug 2016 at 23:00 Kingsley Idehen <kidehen@openlinksw.com>
> wrote:
>> On 8/19/16 6:20 AM, Adrian Hope-Bailie wrote:
>> Kingsley,
>> I am playing devil's advocate here but I don't think you have answered my
>> question.
>> Gaining agility is not a business case.
>> Enabling, enhancing,  and achieving agility via data access, integration,
>> and management is a fundamental business case. If that weren't the case,
>> why would markets for Analytics, Recommendation Systems, AI-driven Bots,
>> Big Data etc., exists?
>> It is always about data-driven agility.
>> I am all for open standards, I spend the majority of my time working to
>> promote them but I am still trying to understand what the economic
>> incentive is for any service provider to adopt SoLiD as opposed to
>> controlling their user's data.
>> The economic benefit of open standards are as follows, always:
>> 1. Flexibility -- when choosing platform components i.e, you can mix and
>> match a combination components in line with needs
>> 2. Vendor lock-in prevention
>> 3. Technology longevity -- you can always go back to a full spec for a
>> specific platform component.
>> SoLiD isn't a standard, it is a combination of open standards and best
>> practices. Thus, its benefit is an open standards based approach for a
>> read-write web that benefits end-users and vendors.
>> Google, Apple and  Microsoft control the end-user experience for the
>> majority of users on the Web by giving them free browsers, email, social
>> etc. In return they make money from controlling the data those products and
>> services generate.
>> Correct! And history shows, companies don't adopt standards just because
>> they exists. They adopt standards as part of an "opportunity cost"
>> prevention or control mechanism, first.
>> Are you surprised that the browser vendors all actively block initiatives
>> at W3C that would promote an open identity system that would unlock their
>> user data silos?
>> I am not convinced they are blocking initiatives per se. From my vantage
>> point, there is a general communication problems between all the parties
>> involved. For instance, there has been a lot of fanfare about how browsers
>> implement TLS and its impact on the something like WebID+TLS protocol. That
>> situation is rectified by WebID+TLS+Delegation, but folks don't generally
>> see or promote that, on the pro WebID side of the argument.
>> Bottom line, you can't declare standards adoption. You have demonstrate
>> the virtues of standards via applications that are adopted by end-users and
>> technology vendors.
>> There are always politically astute excuses but let's be honest, if the
>> browsers wanted to they could have made adopting WebID an easy user
>> friendly experience and the world would be full of people who all have
>> their own WebID that is used to log into all the services they use on the
>> Web.
>> They don't need to. That's the problem. Here's a breakdown of the issue,
>> as I've come to understand it after hours of study and experimentation:
>> You have a digital highway provided by the Internet. That highway (like
>> in the real-world) enables movement of data from one point to another where
>> security is scoped to the agents (software) transporting said data i.e.,
>> just like cars and car registration numbers.
>> The Web is an Internet abstraction that introduces the ability to
>> identify the user of an agent (like a car driver) distinct from an agent
>> (the software). Thus, you can demand reworking the highway just because car
>> drivers are now identifiable using their driver's licenses. That will never
>> wash in the real-world, so why would it work in cyberspace.
> Ok.
> So, identifiers for the 'senario' of 'driving' (or being driven) down a
> highway.
> HWY Identifier Ontology (may include who fixed what, sensor data, GIS
> data, payments data, etc.)
> CAR ontology (make, model, functionality, who's in it, sensor info,
> ability to communicate with surrounding environment, ability to present
> media to occupants, etc.)
> NOTE: A part within the vehicle may have it's own agent / ontology.  IE:
> the communications platform may be managed by a different vendor to the
> power-plant / drive-train of a vehicle, who may in-turn have access to each
> element as a counterpart of their role?) \
> If owner of vehicle is subject to court order (ie: not allowed within x
> distance of x place, or cannot drive whilst intoxicated, etc.) then some
> other rule may apply...
> Occupants (whether self-driving car or simply the old-school method).
> - Occupants may have authority to direct the vehicle.
> - Occupants may have authority to drive the vehicle
> - Occupants may have authority to sell the vehicle.
> Multiple occupants may be in the vehicle; who may have multiple
> authorities at one time.
> In this example, multiple occupants are the point. A car has a single
> driver. Of course, it may have many passengers where each person has their
> own identity card (license, passport, or something else).
> My simple example:
> A Car is like your Browser (a Software Agent). It has a registration
> number.
> You are identified by your Driver's License.
> I've you skip toll payment, authorities triangulate back to you via your
> car registration. Even if they have a photo of you, the toll matter boils
> down to triangulation from the vehicle to its driver.
> When you reach you destination, other forms of identity become relevant
> e.g., use of your Driver's License as proof of age in a pub. Basically, the
> critical credential in this context.

Another use-case that may provide additional 'human centric' support via
inferencing; might be along the lines of,

- A Friend / Family Member / Employee has use of your vehicle at some
- The Vehicle is caught speeding.
- A lawEnforcementFine is issued that may incur driversLicenseDemitPoints
which in-turn may lead to lossOfLicense
- Your mobilePhone has GPS records + calendar information (et.al) shows
that you were elsewhere at the time.

resulting in the ability to produce something like:

> ie: if the owner of the vehicle is intoxicated; then another person may be
> able to drive the vehicle on their behalf, whether or not they've
> previously been authorised to drive the vehicle - so long as the owner is
> in the car (and not in the boot) for instance...
>> Example:
>> I want to transport some goods from Boston to New York.
>> The scenario above includes toll booths and a final destination.
>> On the highway, my car registration is the identity focal point, with
>> regards to toll payments. When I reach my destination, my personal identity
>> card (license or something else) is how I prove I am the delivery person
>> expected at the final destination.
> isn't it simply your face? some sensor identifies something about you, and
> it's all very low-friction.  Question is - where do you store your
> permissions for how those systems work - or are they your permissions?  or
> something else's permissions about you?
> In my example I trying to illustrate how a simple highway toll booth
> system works. One that's oriented towards vehicles driven (or controlled
> by) a driver .
> In my example, Car registration is the credential of relevance i.e., what
> the system is built around.
>> Another example: I drive my car to a pub. At the pub my personal ID is
>> what's important. En route to the pub, my Car registration is what's
>> important. There are two distinct scenarios requiring different kinds of
>> identity.
>> WebID+TLS doesn't have the fidelity required for traversing the existing
>> highway without asking its current maintainers (Certificate Authorities and
>> Browser Vendors) to change infrastructure and practices.
>> WebID+TLS+Delegation simply adds the "On-Behalf-Of" relationship type to
>> the mix (i.e., in the data) which distinguishes the user from the software
>> they use (drive) thereby enabling one toggle WebIDs without browser
>> restarts (due to TLS requirements) [1].
> IMHO: Credentials add's via HTTP Signed documents containing RDF; the
> ability to produce another important counterpart to the identity lifecycle
> mix, but only if humans are active actors in the creation and management
> process of credentials use.
> You are an active participant in the creation of your Driver's License :)

Yes. However many RDBMS systems are developed in a manner that can have
unintended consequences; and more-often than not, it is the vulnerable who
are most impacted by what is often knownIssues, considered to have
lowerPriority mostOften dueTo a lackOfStructuredData



> --
> Regards,
> Kingsley Idehen	
> Founder & CEO
> OpenLink Software   (Home Page: http://www.openlinksw.com)
> Medium Blog: https://medium.com/@kidehen
> Blogspot Blog: http://kidehen.blogspot.com
> Twitter Profile: https://twitter.com/kidehen
> Google+ Profile: https://plus.google.com/+KingsleyIdehen/about
> LinkedIn Profile: http://www.linkedin.com/in/kidehen
> Personal WebID: http://kingsley.idehen.net/dataspace/person/kidehen#this
Received on Saturday, 20 August 2016 04:40:16 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:24:42 UTC