Re: Web Identity specification and Social Web from Melvin Carvalho on 2014-03-07 (public-fedsocweb@w3.org from March 2014)

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Fri, 7 Mar 2014 14:23:08 +0100
To: Kingsley Idehen <kidehen@openlinksw.com>
Cc: "public-fedsocweb@w3.org" <public-fedsocweb@w3.org>
Message-ID: <CAKaEYhJcNU2LVzcdHTc7ptW49rdAOwN-5zagC4YysMU3gC-OUw@mail.gmail.com>
On 6 March 2014 23:37, Kingsley Idehen <kidehen@openlinksw.com> wrote:

> On 3/6/14 2:52 PM, Mike Macgirvin wrote:
>
>> On 3/7/2014 12:13 AM, Melvin Carvalho wrote:
>>
>>> IMHO, we dont need to touch the cert ontology, if that's going to be a
>>> barrier.  But defining identity well is important, something where other
>>> groups have not done well.  e.g. Persona dont use URIs, OpenID/OAuth didnt
>>> use URIs for a long time (ie XRI dependencies) but now are more aligned to
>>> mailto: and http: URIs.
>>>
>> My problem with URIs - and I've brought this up before, is the way they
>> are mapped onto the DNS system. They have no mobility if for instance you
>> tire of juicebook.com and decide to go with griggle.com.
>>
>
> Yes, an HTTP URI has the issues you describe. That doesn't mean you can't
> have canonical URIs using a more durable scheme e.g., an UUID or some urn:
> based identifier. You can use other relations to associate your canonical
> URI with a variety of URIs based on other schemes e.g., asserting
> co-reference via <http://www.w3.org/2002/07/owl#sameAs> relations.
>
> HTTP URIs, as the denotation mechanism used by Linked Data is all about an
> identifier that provides denotation and lookup, just as terms do in the
> real-world. In a sense, this ultimately enables dynamic personas where
> identity verification can be switched on or off.
>
> Delete you identity card, and you are off the grid. Shutdown your local
> computer or cloud virtual machine, and you are off the grid.
>
>
>  Or you've got a decentralised service using sporepod and your server
>> admins shut down because they can't pay the bills. DNS is fine for systems
>> and internet connected devices, but systems and internet connected device
>> do not map  perfectly to people (or in this case "identity" since I see
>> identity as a superset of "people". What we did in zot was separate DNS
>> from the identity. They work fine as a pair. But you can take the identity
>> and attach it to a different URI and the identity still works.
>>
>
> You can do all of that with URIs as is, via entity relations and their
> respective semantics, as I've stated above.
>
>
>> There *could exist* a URI scheme where these are separate URI components
>> which combine to make an "addressable identity" and where the identity
>> component isn't tied to a DNS name (and in fact we do this today in red,
>> though there is currently no scheme attached to the identity bits).
>>
>
>  However I reject solutions which lock me into a particular vendor or DNS
>> domain - as the solutions currently being bantered about tend to do.  The
>> solution do jour for this mobility problem is to be able to take your
>> identity and export/import to another service or DNS site. But we've got a
>> bigger problem on our hands with this method, because you are no longer the
>> same identity if your identity is tied to the DNS name.
>>
>
> There is no such thing as one identity. It's convenient, but utterly
> broken. As broken as DNS and any other centralized system.
>
>
>  Any information on the web which refers to your old identity has to be
>> corrected; and this could be replicated in millions of places - account
>> lists, access control lists, tagged photos, etc.
>>
>
> Not in a realm where you can make generate new identifiers, relations
> etc.. that are packed into certificates (identity cards) that are generated
> with ease.
>
> We don't live in a world were you have a single identity card that covers
> identity verification across all scenarios. You can't get past immigration
> with your drivers license or social security card, for instance.
>
>
> The issue here is that relations and relation semantics, as integral parts
> of the Internet and Web, are the key to the solution -- none of that really
> means "always on" i.e., your identity card doesn't always have to be
> available :-)
>

+1000

Tim invented both the Web and the URI.  The URI is by far the greater
invention!


>
>
> Links:
>
> [1] http://twitter.com/kidehen/status/441699159230664704 -- tweet about
> an Identity Card for my G+ persona (that demonstrates my claims about
> what's possible)
>
> [2] http://twitter.com/kidehen/status/441698167554572288 -- tweet about
> the use of the WebID+TLS protocol to authenticate the claims in the
> Identity card (note: the private parts of these identity claims reside on
> my personal computing device)
>
> [3] http://bit.ly/1cG0VKe -- entity relation semantics coherence test and
> verification (leveraging Semantic Web of Linked Data delivered via
> HTML+Microdata based document content)
>
> [4] http://bit.ly/1f3hh4c -- ditto via JSON-LD document
>
> [5] http://bit.ly/1fKn8N0 -- ditto via Turtle document
>
> [6] http://youid.openlinksw.com -- the iOS app (an Android version will
> soon be available too)  that I use to generate my public and private
> identity oriented claims .
>
>
> --
>
> Regards,
>
> Kingsley Idehen
> Founder & CEO
> OpenLink Software
> Company Web: http://www.openlinksw.com
> Personal Weblog: http://www.openlinksw.com/blog/~kidehen
> Twitter Profile: https://twitter.com/kidehen
> Google+ Profile: https://plus.google.com/+KingsleyIdehen/about
> LinkedIn Profile: http://www.linkedin.com/in/kidehen
>
>
>
>
>
>
Received on Friday, 7 March 2014 13:23:36 UTC