Re: Web Identity specification and Social Web

On 3/6/14 2:52 PM, Mike Macgirvin wrote:
> On 3/7/2014 12:13 AM, Melvin Carvalho wrote:
>> IMHO, we dont need to touch the cert ontology, if that's going to be 
>> a barrier.  But defining identity well is important, something where 
>> other groups have not done well.  e.g. Persona dont use URIs, 
>> OpenID/OAuth didnt use URIs for a long time (ie XRI dependencies) but 
>> now are more aligned to mailto: and http: URIs.
> My problem with URIs - and I've brought this up before, is the way 
> they are mapped onto the DNS system. They have no mobility if for 
> instance you tire of juicebook.com and decide to go with griggle.com. 

Yes, an HTTP URI has the issues you describe. That doesn't mean you 
can't have canonical URIs using a more durable scheme e.g., an UUID or 
some urn: based identifier. You can use other relations to associate 
your canonical URI with a variety of URIs based on other schemes e.g., 
asserting co-reference via <http://www.w3.org/2002/07/owl#sameAs> 
relations.

HTTP URIs, as the denotation mechanism used by Linked Data is all about 
an identifier that provides denotation and lookup, just as terms do in 
the real-world. In a sense, this ultimately enables dynamic personas 
where identity verification can be switched on or off.

Delete you identity card, and you are off the grid. Shutdown your local 
computer or cloud virtual machine, and you are off the grid.

> Or you've got a decentralised service using sporepod and your server 
> admins shut down because they can't pay the bills. DNS is fine for 
> systems and internet connected devices, but systems and internet 
> connected device do not map  perfectly to people (or in this case 
> "identity" since I see identity as a superset of "people". What we did 
> in zot was separate DNS from the identity. They work fine as a pair. 
> But you can take the identity and attach it to a different URI and the 
> identity still works.

You can do all of that with URIs as is, via entity relations and their 
respective semantics, as I've stated above.
>
> There *could exist* a URI scheme where these are separate URI 
> components which combine to make an "addressable identity" and where 
> the identity component isn't tied to a DNS name (and in fact we do 
> this today in red, though there is currently no scheme attached to the 
> identity bits).

> However I reject solutions which lock me into a particular vendor or 
> DNS domain - as the solutions currently being bantered about tend to 
> do.  The solution do jour for this mobility problem is to be able to 
> take your identity and export/import to another service or DNS site. 
> But we've got a bigger problem on our hands with this method, because 
> you are no longer the same identity if your identity is tied to the 
> DNS name. 

There is no such thing as one identity. It's convenient, but utterly 
broken. As broken as DNS and any other centralized system.

> Any information on the web which refers to your old identity has to be 
> corrected; and this could be replicated in millions of places - 
> account lists, access control lists, tagged photos, etc.

Not in a realm where you can make generate new identifiers, relations 
etc.. that are packed into certificates (identity cards) that are 
generated with ease.

We don't live in a world were you have a single identity card that 
covers identity verification across all scenarios. You can't get past 
immigration with your drivers license or social security card, for 
instance.


The issue here is that relations and relation semantics, as integral 
parts of the Internet and Web, are the key to the solution -- none of 
that really means "always on" i.e., your identity card doesn't always 
have to be available :-)


Links:

[1] http://twitter.com/kidehen/status/441699159230664704 -- tweet about 
an Identity Card for my G+ persona (that demonstrates my claims about 
what's possible)

[2] http://twitter.com/kidehen/status/441698167554572288 -- tweet about 
the use of the WebID+TLS protocol to authenticate the claims in the 
Identity card (note: the private parts of these identity claims reside 
on my personal computing device)

[3] http://bit.ly/1cG0VKe -- entity relation semantics coherence test 
and verification (leveraging Semantic Web of Linked Data delivered via 
HTML+Microdata based document content)

[4] http://bit.ly/1f3hh4c -- ditto via JSON-LD document

[5] http://bit.ly/1fKn8N0 -- ditto via Turtle document

[6] http://youid.openlinksw.com -- the iOS app (an Android version will 
soon be available too)  that I use to generate my public and private 
identity oriented claims .

-- 

Regards,

Kingsley Idehen 
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter Profile: https://twitter.com/kidehen
Google+ Profile: https://plus.google.com/+KingsleyIdehen/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen