Re: [saag] Liking Linkability from Henry Story on 2012-10-23 (public-identity@w3.org from October 2012)

From: Henry Story <henry.story@bblfish.net>
Date: Tue, 23 Oct 2012 13:52:49 +0200
To: Ben Laurie <benl@google.com>
Cc: nathan@webr3.org, Ben Laurie <ben@links.org>, Halpin Harry <H.halplin@ed.ac.uk>, public-identity@w3.org, saag@ietf.org, public-webid@w3.org, "public-privacy@w3.org list" <public-privacy@w3.org>
Message-Id: <212677E1-8F0E-4005-8015-B4CD1233D67F@bblfish.net>

On 23 Oct 2012, at 12:50, Ben Laurie <benl@google.com> wrote:

> On 23 October 2012 10:56, Nathan <nathan@webr3.org> wrote:
>> Ben Laurie wrote:
>>> 
>>> b) Linkability it not, as you say, inherently bad. The problem occurs
>>> when you have (effectively) no choice about linkability.
>> 
>> 
>> .. and when people convey or infer that there is no choice about
>> linkability, when there really is scope to be as unlinkable as one likes
>> within WebID.
> 
> I have never disputed that - my point is that if I am as unlinkable as
> I like I then have a fairly horrific problem managing a large number
> of certificates and remembering which one I used where.

Yes, so browsers should in my view remember what selection you make when
you go to a web site, and resend the same certificate the next time you go
there. Mind you - they should also show you that they have done this and
allow you to change your previous choice - even if needed back to anonymous.
We argued this in a different thread on Transparency of Identity in the 
browser - and there I pointed to work by Aza Raskin as a good example of
what I meant
  http://www.azarask.in/blog/post/identity-in-the-browser-firefox/

This then leaves the issue of how to do this across browsers, and I think
there are a number of synchronisation "protocols" that could be developed there.
In my view  the only protocol needed is HTTP here + an ontology for bookmarks, 
cookies, personas, etc... You give your browser your trusted home site where
you can POST, PUT, and GET all of these ids. A good protocol for this would be
the Atom protocol or better the in development linked data protocol
  http://dvcs.w3.org/hg/ldpwg/raw-file/a3be44430b37/ldp.html

 You probably don't need here to even  save the  certificates for each site, you 
just need to know if you authenticated  there using a global id, a local certificate, 
or a password, and you could re-generate the identifiers. Well you have a more 
difficult  time it  is true for certificates bound to one site. And even saving cookies
is difficult because they may encode device type and screen size...

So that's a lot of work to get done right. I don't have anything against it being
done. It could even be helpful for WebID... But as my priority is building a 
RESTful distributed social web, and as I am not employed by browser vendors to work 
on  such a protocol, .... (I'll use it when its deployed)

In short these issues seem to be orthogonal, and can be developed in parallel.

   Henry

Social Web Architect
http://bblfish.net/

Attachments

application/pkcs7-signature attachment: smime.p7s

Received on Tuesday, 23 October 2012 11:53:31 UTC