- From: Kingsley Idehen <kidehen@openlinksw.com>
- Date: Thu, 04 Oct 2012 08:40:24 -0400
- To: Henry Story <henry.story@bblfish.net>
- CC: Hannes Tschofenig <hannes.tschofenig@gmx.net>, "public-webid@w3.org" <public-webid@w3.org>, public-identity@w3.org, "public-philoweb@w3.org" <public-philoweb@w3.org>, Ben Laurie <benl@google.com>
- Message-ID: <506D83B8.4010208@openlinksw.com>
On 10/4/12 7:12 AM, Henry Story wrote: > On 4 Oct 2012, at 12:12, Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote: > >> Hi Henry, >> >> I am not sure I am able to put your mail and your contribution into the right context. >> >> Are you suggesting some terminology for privacy? If so, where is it? >> >> Ciao >> Hannes >> >> PS: You may want to have a look at the privacy terminology in >> http://tools.ietf.org/html/draft-iab-privacy-considerations-03 >> >> It took us some time to find the right level for engineers. > Thanks that is very useful. > > We were not trying to come up with a privacy vocabulary. (sorry for the misnamed > pdfs) Just having a minimal working definition did make things a lot easier :-) > > Thinking of it now I'd say our discussion started in the reverse logical > order from where it should have. So if I'd do it again I'd now start from > where we have clear agreement, and then move on to the more counterintuitive > arguments. > > Let me try to summarise and rephrase using IETF privacy language, starting in > logical order now. > > 1) Basic Principle: > The _Identity_ used by the _Individual_ _Initiator_ of a web transaction should at > all times be transparent to him, whether the _Identity_ be _Anonymous_ (level 0), > Cookie based, _Pseudonymous_, or other. It should also be within the > _User's control_ to change it. This should be put together with Dr Ian Walden's > remarks on EU law [3]. ( see misnamed privacy-definitions-1Oct.pdf ) > > 2) Practical applications in browser ( see misnamed privacy-definition-final.pdf ) > > a) It is difficult to associate interesting human information with cookie based > identity. The browser can at most tell the user that he is connected by > cookie or anonymous. > > b) With Certificate based identity, more information can be placed in the > certificate to identify the user to the site he wishes to connect to whilst > also making it easy for the browser to show him under what identity he is > connected as. But one has to distinguish two ways of using certificates: > > + traditional usage of certificates > Usually this is done by placing Personal Data inside the certificate. The > disadvantage of this is that it makes this personal data available to any web > site the user connects to with that certificate, and it makes it difficult to > change the _Personal_Data (since it requires changing the certificate). So here > there is a clash between Data Minimization and user friendliness. > > + webid usage: > With WebID ( http://webid.info/spec/ ) the only extra information placed in the > certificate is a dereferenceable URI - which can be https based or a Tor .onion > URI,... The information available in the profile document, or linked to from that > document can be access controlled. Resulting in increasing _User Control_ of whome > he shares his information with. For example the browser since it has the private key > could access all information, and use that to show the as much information as it > can or needs. A web site the user logs into for the first time may just be able > to deduce the pseudonymous webid of the user and his public key, that is all. A > friend of the user authenticating to the web site could see more information. > So User Control is enabled by WebID, though it requires more work at the > Access control layer http://www.w3.org/wiki/WebAccessControl > > 3) The importance of Linekability to privacy. > > This is what is unintuitive. and which I develop in > http://lists.w3.org/Archives/Public/public-webid/2012Oct/att-0022/privacy-def-1.pdf > > The ability to have global identifiers is what allows me to put information on my > web server and share it with only a limited number of people. This is not the same > useage of unlinkeability as you defined it. So one has to be careful. I think one > needs linkeable identities to create a social web that is not centralised. One just > does not want them to be KNOWN by people who have no business knowning them. > > So I'd suggest thinking more carefully about the linkeable vocabulary. It > can be used to hide some very important ideas, that we really need if we want > privacy to succeed. > > Henry For the record: +1 Kingsley > > >> On 10/04/2012 12:54 PM, Henry Story wrote: >>> The identity groups are currently split up between public-webid, public-xg-webid >>> (which will now receive all mails from public-webid) and the public-identity >>> mailing list. >>> >>> On the public-webid mailing lists we recently had a very lengthy >>> and detailed discussion with Ben Laurie [1], which I think is of interest >>> to members of these other groups. The archives are quite difficult to read [2] >>> so I am sending here a resume of some of the highlights. I also attached >>> the pdf as printed from my e-mail client as it gives color syntax highlighting, >>> making it much easier to follow. >>> >>> First we spent quite a lot of time I think beating around the bush of >>> misunderstandings. The first e-mail where things started clearing up >>> was when I proposed a simple working definition of privacy after a >>> philosopher friend of mine suggested that our misunderstandings might be >>> related to an ambiguous and vague use of the terms. The working definition >>> I proposed was: >>> >>> "A communication between two people is private if the only people who >>> have access to the communication are the two people in question. One >>> can easily generalise to groups: a conversation between groups of people >>> is private (to the group) if the only people who can participate/read the >>> information are members of that group..." >>> >>> > http://lists.w3.org/Archives/Public/public-webid/2012Oct/att-0022/privacy-def-1.pdf >>> >>> >>> We then made big strides by working out where we agreed. We agree that >>> transparency of identity is important at all times (which seems >>> to be a potentially EU legal requirement [3]) I discover some new information >>> about how Google Chrome works, and argue that it still does not satisfy the >>> original transparency principles we agreed to. >>> >>> >>> > http://lists.w3.org/Archives/Public/public-webid/2012Oct/att-0022/privacy-definitions-1Oct.pdf >>> >>> After a few more exchanges I show using WebID certificates could >>> lead to enhanced transparency in identity usage for browsers in the future >>> >>> >>> > http://lists.w3.org/Archives/Public/public-webid/2012Oct/att-0022/privacy-definition-final.pdf >>> >>> I hope this helps. Btw. The WebID Incubator group will be meeting at TPAC [4], >>> so see you there for further detailed discussions. >>> >>> Henry >>> >>> >>> [1] http://en.wikipedia.org/wiki/Ben_Laurie >>> [2] http://lists.w3.org/Archives/Public/public-webid/2012Sep/thread.html >>> [3] http://lists.w3.org/Archives/Public/public-webid/2012Oct/0021.html >>> [4] http://www.w3.org/2012/10/TPAC/ >>> [5] >>> > Social Web Architect > http://bblfish.net/ > -- Regards, Kingsley Idehen Founder & CEO OpenLink Software Company Web: http://www.openlinksw.com Personal Weblog: http://www.openlinksw.com/blog/~kidehen Twitter/Identi.ca handle: @kidehen Google+ Profile: https://plus.google.com/112399767740508618350/about LinkedIn Profile: http://www.linkedin.com/in/kidehen
Attachments
- application/pkcs7-signature attachment: S/MIME Cryptographic Signature
Received on Thursday, 4 October 2012 12:40:49 UTC