- From: Henry Story <henry.story@bblfish.net>
- Date: Thu, 4 Oct 2012 13:12:51 +0200
- To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
- Cc: "public-webid@w3.org" <public-webid@w3.org>, public-identity@w3.org, "public-philoweb@w3.org" <public-philoweb@w3.org>, Ben Laurie <benl@google.com>
- Message-Id: <42CCDFEF-8DA8-47B9-B4C0-D28E1E5051B9@bblfish.net>
On 4 Oct 2012, at 12:12, Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote: > Hi Henry, > > I am not sure I am able to put your mail and your contribution into the right context. > > Are you suggesting some terminology for privacy? If so, where is it? > > Ciao > Hannes > > PS: You may want to have a look at the privacy terminology in > http://tools.ietf.org/html/draft-iab-privacy-considerations-03 > > It took us some time to find the right level for engineers. Thanks that is very useful. We were not trying to come up with a privacy vocabulary. (sorry for the misnamed pdfs) Just having a minimal working definition did make things a lot easier :-) Thinking of it now I'd say our discussion started in the reverse logical order from where it should have. So if I'd do it again I'd now start from where we have clear agreement, and then move on to the more counterintuitive arguments. Let me try to summarise and rephrase using IETF privacy language, starting in logical order now. 1) Basic Principle: The _Identity_ used by the _Individual_ _Initiator_ of a web transaction should at all times be transparent to him, whether the _Identity_ be _Anonymous_ (level 0), Cookie based, _Pseudonymous_, or other. It should also be within the _User's control_ to change it. This should be put together with Dr Ian Walden's remarks on EU law [3]. ( see misnamed privacy-definitions-1Oct.pdf ) 2) Practical applications in browser ( see misnamed privacy-definition-final.pdf ) a) It is difficult to associate interesting human information with cookie based identity. The browser can at most tell the user that he is connected by cookie or anonymous. b) With Certificate based identity, more information can be placed in the certificate to identify the user to the site he wishes to connect to whilst also making it easy for the browser to show him under what identity he is connected as. But one has to distinguish two ways of using certificates: + traditional usage of certificates Usually this is done by placing Personal Data inside the certificate. The disadvantage of this is that it makes this personal data available to any web site the user connects to with that certificate, and it makes it difficult to change the _Personal_Data (since it requires changing the certificate). So here there is a clash between Data Minimization and user friendliness. + webid usage: With WebID ( http://webid.info/spec/ ) the only extra information placed in the certificate is a dereferenceable URI - which can be https based or a Tor .onion URI,... The information available in the profile document, or linked to from that document can be access controlled. Resulting in increasing _User Control_ of whome he shares his information with. For example the browser since it has the private key could access all information, and use that to show the as much information as it can or needs. A web site the user logs into for the first time may just be able to deduce the pseudonymous webid of the user and his public key, that is all. A friend of the user authenticating to the web site could see more information. So User Control is enabled by WebID, though it requires more work at the Access control layer http://www.w3.org/wiki/WebAccessControl 3) The importance of Linekability to privacy. This is what is unintuitive. and which I develop in http://lists.w3.org/Archives/Public/public-webid/2012Oct/att-0022/privacy-def-1.pdf The ability to have global identifiers is what allows me to put information on my web server and share it with only a limited number of people. This is not the same useage of unlinkeability as you defined it. So one has to be careful. I think one needs linkeable identities to create a social web that is not centralised. One just does not want them to be KNOWN by people who have no business knowning them. So I'd suggest thinking more carefully about the linkeable vocabulary. It can be used to hide some very important ideas, that we really need if we want privacy to succeed. Henry > > On 10/04/2012 12:54 PM, Henry Story wrote: >> The identity groups are currently split up between public-webid, public-xg-webid >> (which will now receive all mails from public-webid) and the public-identity >> mailing list. >> >> On the public-webid mailing lists we recently had a very lengthy >> and detailed discussion with Ben Laurie [1], which I think is of interest >> to members of these other groups. The archives are quite difficult to read [2] >> so I am sending here a resume of some of the highlights. I also attached >> the pdf as printed from my e-mail client as it gives color syntax highlighting, >> making it much easier to follow. >> >> First we spent quite a lot of time I think beating around the bush of >> misunderstandings. The first e-mail where things started clearing up >> was when I proposed a simple working definition of privacy after a >> philosopher friend of mine suggested that our misunderstandings might be >> related to an ambiguous and vague use of the terms. The working definition >> I proposed was: >> >> "A communication between two people is private if the only people who >> have access to the communication are the two people in question. One >> can easily generalise to groups: a conversation between groups of people >> is private (to the group) if the only people who can participate/read the >> information are members of that group..." >> >> http://lists.w3.org/Archives/Public/public-webid/2012Oct/att-0022/privacy-def-1.pdf > >> >> >> >> We then made big strides by working out where we agreed. We agree that >> transparency of identity is important at all times (which seems >> to be a potentially EU legal requirement [3]) I discover some new information >> about how Google Chrome works, and argue that it still does not satisfy the >> original transparency principles we agreed to. >> >> >> http://lists.w3.org/Archives/Public/public-webid/2012Oct/att-0022/privacy-definitions-1Oct.pdf > >> >> >> After a few more exchanges I show using WebID certificates could >> lead to enhanced transparency in identity usage for browsers in the future >> >> >> http://lists.w3.org/Archives/Public/public-webid/2012Oct/att-0022/privacy-definition-final.pdf > >> >> >> I hope this helps. Btw. The WebID Incubator group will be meeting at TPAC [4], >> so see you there for further detailed discussions. >> >> Henry >> >> >> [1] http://en.wikipedia.org/wiki/Ben_Laurie >> [2] http://lists.w3.org/Archives/Public/public-webid/2012Sep/thread.html >> [3] http://lists.w3.org/Archives/Public/public-webid/2012Oct/0021.html >> [4] http://www.w3.org/2012/10/TPAC/ >> [5] >> > Social Web Architect http://bblfish.net/
Attachments
- application/pkcs7-signature attachment: smime.p7s
Received on Thursday, 4 October 2012 11:13:29 UTC