- From: Melvin Carvalho <melvincarvalho@gmail.com>
- Date: Sat, 7 Jul 2012 10:01:11 +0200
- To: Flemming Bjerke <web@bjerke.dk>
- Cc: public-fedsocweb@w3.org
- Message-ID: <CAKaEYh+SOWK_u-vABStKvMHZAuzkvNfxTD56=AJkyp_n91Da_A@mail.gmail.com>
On 5 July 2012 12:38, Flemming Bjerke <web@bjerke.dk> wrote: > I think I disagree on Step 2: > > Step 2: "Webfinger" - Webfinger is the official way to publish your >> public profile information on the web. It takes a user name and a >> domain name as its parameters, and returns information like full name, >> avatar picture in different sizes, home location, possibly some public >> keys that the user has on the device(s) she often connects from, and >> other contact information. It also links to any other information >> sources about the user, like a foaf profile or an activity stream, and >> possibly non-web contact methods like email addresses and jabber ID's. >> Webfinger makes "users at hosts" into something the web as such can >> understand in a unique and well-defined way. >> > Let me just say that webfinger is not a standard (ie best practice) that has been approved by any recognized body. Nor is it even yet the documentation of an existing process (rfc) that has been officially peer reviewed, by any body. It's taken 3 years to solve a relatively simple problem and is nowhere near finished, imho. During initial WG the review process at the IETF so far, 'poor', 'spectacularly bad' and 'tainted', are some of the adjectives that have been used to refer to elements of the document so far. I've been looking forward for 3 years for the additional information about an email address to be provided, but there's still a long way to go, for this technology. Personally I think it needs a complete rewrite. > > 1. Anonymity: > Wikileak, the Arabian spring, China, etc., etc. must make us conclude: The > point of departure must be anonymity, that is, the identity of an > individual has no bits except an identifier that may re-used by the > individual. It is the individual who decides how anonymous (i.e. which > information about herself should be disclosed by an identity) she likes to > be. But, another individual must also be able to specify the degree of > anonymity he will accept from others under different conditions. > > 2. Multiple identities: > It is trivial that we all have multiple identities (at work, at the café, > in the family, in the party, in the club, with your lawyer, etc., etc.). It > must be possible to have multiple identities and subidentities. > > 3. Traffic-identity > Identity is not defined by a node with associated information, solely. > Identity is also defined by who communicate with whom about what. > Therefore, the individual must be able to control who have (direct) access > to which information exchange you have participated in. Anonymity also > implies control of your information exchange. > > 1., 2. and 3. may be combined: You may have an anonymous subidentity at > the "federated leak-webpage", while your family subidenty is not anonymous > for your family, etc. However, when you are devorcing, you don't want your > husband to have access to a lot of new information about you, e.g. what you > are communicating with your lawyer about. > > I know this is controversial from the point of view of goverments and > content providers who have an interest in being able to survey every > citizen as much as they like. Drug dealers is a good example of this being > reasonable. However, it is more important, that we ensure that those who > protest against state-terrorism (e.g. Saudi-Arabia, Bahrain, White Russia, > etc. etc.) may conceal their identity on the net. Perhaps three principles > is the inverse of TCPM and DRM: Not that TCPM and DRM should be impossible, > but TCPM and DRM should never exclude the possibility of being anonymous > and having multiple identites (which was what Microsoft tried to effectuate > with their TCPM project). > > I hope this is not too much out of touch with the group's intentions. But, > in my opinion, the three points must be addressed and discussed. At least a > future social network protocol must make 1-3 feasible. We already have too > many big companies, like Apple, Google, Facebook, etc., who know much too > much about us. They may swear that they would never ever misuse it, but > they may change their minds whenever they like, say in 10 years. > > I have a Facebook profile (in Danish), but I give no information about > myself except my name, mobile phone, and my mail-address (as well as some > of my social relations). This is of course a good identification of me. > Nevertheless, denying to give information about me is clearly odd on > facebook. For instance, I have received several greetings on my 'birthday' > though it is Jan 1 1913. What provokes me is that it is Facebook, and not > me, that determines what is convenient public information about me. > > I think point 2 to should be rephrased: > > Step 2: "Webfinger" and "WebID" - WebID is the official way have an >> identity on the web. Webfinger takes user credentials as its >> parameters, and may return information like full name, avatar picture >> in different sizes, home location, possibly some public keys that the >> user has on the device(s) she often connects from, and other contact >> information. But, since a WebID may be anonymous, the user control >> which information is to be returned. If the user approves this, the >> webfinger may also link a WebID to any other information sources about >> the user, like a foaf profile or an activity stream, and possibly >> non-web contact methods like email addresses and jabber ID's. WebID >> makes a "user" into an agent which the web as such can understand in a >> unique and well-defined way. Any user may have multiple WebIDs, which >> may be linked as the user like. >> > > > Best > > Flemming Bjerke > > > > >
Received on Saturday, 7 July 2012 08:01:38 UTC