Re: Browser UI & privacy - a discussion with Ben Laurie

On 5 October 2012 16:20, Harry Halpin <hhalpin@w3.org> wrote:

>  On 10/05/2012 04:02 PM, Melvin Carvalho wrote:
>
>
>
> On 5 October 2012 15:14, Harry Halpin <hhalpin@w3.org> wrote:
>
>>  Thanks for bringing my thesis up.
>>
>> However, I might add that the inability to support any degree of
>> privacy/anonymity/multiple identities/unlink-ability due to a dogmatic idea
>> over "linking" re URIs re server-to-server connections (See BrowserID for a
>> nice solution to this) and lack of a user-interface is one of the reasons
>> why I doubt WebID in its current form can succeed in the market. I think
>> lots of people have expressed this problem  and the WebID community has
>> never modified their spec to enable these use-cases, and thus WebID is only
>> appropriate to people who want to use RDF, don't mind the "self-signed
>> cert" user interface, and want their public info on a web-page to link all
>> their "identities" together. That is some group of people, I agree, but
>> it's far from a magic bullet solution to identity.
>>
>
> Harry could you expand on what you feel are dogmatic ideas over linking,
> it seemed unclear.
>
> I do agree that BrowserID has a first class UI and WebID has a second
> class one.
>
> However, as I've stated WebID is the *only* identity system that uses a
> URI to define a user, so is architecturally scalable.  BrowserID does *not*
> use URIs.
>
>
> Every system that has asked a user to self-identify with a URI has failed,
> see earlier versions of OpenID. URIs can be reduced to email addresses as
> well - i.e. WHOIS the URI's hostname. Indeed, systems today ask users to
> identify with e-mail addresses (most HTML+cookie+username/password is
> usually reducible to "please email me a password reminder") and Personae
> and OpenID now are building on this through experience. Given WebID's
> deployment, I suggest WebID is probably suffering from the set of issues.
>

There is a common misconception here.  The advantage of using a URI to
identify a user is that is will be consistent across different frameworks.
There is no logical requisite for a user to type that in anywhere, just as
in a wordpress install the user is not expected to know the primary key in
the SQL users table.  However, the fact that the users table *has* a
primary key means it can talk to other tables -- interop.

The user experience could be to enter an email, to enter a nickname, full
name or whatever.  Facebook does this quite well especially with auto
complete.  And the back end is keyed of HTTP URIs.  So claiming that doesnt
scale is false.

At the risk of sounding like a heretic, I will point out that there is a
known precedent of someone typing a URL into an input box.  And that's the
browser address bar.


> Also, why are URIs so architecturally scalable? There are based on a
> centralized registry of domain names. Thus, URIs are not decentralized,
> which one would imagine might actually be a problem as regards scalability
> if one does not possess a domain name. As email addresses rely on domain
> names, they would have the same scalability properties.
>

Tim often points out that there are 2 areas of centralization on web, which
amounts to its achilles heel.  One is DNS the other is specs.  I think it's
fair to say DNS is a compromise we're mostly willing to accept, and we cant
really change that much anytime soon.  We can make good specs tho.  Using a
URI will allow interop with any other system that does the same, and vice
versa.


>
> Again, privacy concerns are usually concerns about "linkability" of
> identifiers,  you do not want to be identifiers between systems linked,
> much less have your information publically available from a URI. Please
> read the previously mentioned IETF draft. There is a large literature and
> base of experience here.
>
>
> Regardless, I'd recommend reading up on the literature and paying
> attention to the last ten years of (failures) in Web-based identity schemes
> before attempting to convert others. There are definitely some good ideas
> in WebID (bounding cryptographic credentials to a device and user is better
> than symmetric shared secrets - and origin-bound certificates capture many
> of these properties as well and so should be looked at). However,
> redefining privacy to get rid of unlinkability requirements is not going to
> help anyone be interested. Revising the specs to take on board serious
> feedback will help.
>

Thank you for the pointers and feedback.  Please be aware that it is not
falling on deaf ears.  There's a lot of people willing to go the extra mile
to address concerns.  Again, the goal we are trying to reach is not to
promote an individual system, but to promote interoperability.


>
>
>
>
>
>
> I dont use WebID for the UI, I use it because every other identity system
> has turned into walled gardens, and I dislike lockin.
>
>
>>
>>  I highly doubt bringing up philosophy will actually help here unless you
>> can clarify what you mean re privacy, anonymity, multiple identities. There
>> was some work by the IETF in this direction that seemed going in the right
>> directions:
>>
>
> Philosophy may be a distraction here.  We'd like to communicate the core
> key facts.  And that is we want to deliver interoperable solutions.
>
>
>>
>> https://tools.ietf.org/html/draft-hansen-privacy-terminology-03
>>
>> I also think this discussion should be confined to its proper mailing
>> list.  For example, if it simply becomes FOAF+SSL folks championing the
>> wonders of RDF, then perhaps the discussion should remove other mailing
>> lists than WebID. If its a philosophical discussion, then I'd keep it on
>> philoweb. Or an identity discussion that's not dogmatic, keep on
>> public-identity. This is basic etiquette.
>>
>
> Personally I am agnostic to the serialization.  It could be RDF, salmon,
> XML or JSON.  I dont even care if auth is done via PKI or not.  In this
> case it's simply associating a public key with a user in a machine readable
> way.  The serialization is unimportant.
>
> The common problem that identity is trying to solve, is to authenticate a
> user in a way that does not create a walled garden.  And that requires:
>
> - Identifying a user in a standards compliant and scalable way
> - Making your auth system interoperable with others
>
> This is what we are trying to promote.  WebID is committed to be an
> interoperable scalable identity solution.  I think people would be happy to
> promote any other system that will commit to interop.  Isnt that the common
> goal?
>
>
>>
>>    cheers,
>>        harry
>>
>>
>>
>> On 10/04/2012 09:24 PM, Henry Story wrote:
>>
>> [resent as the image was too big and so stripped from the mailing
>>  list, making one part of the text incomprehensible ]
>>
>>  On 4 Oct 2012, at 17:10, Hannes Tschofenig <hannes.tschofenig@gmx.net>
>> wrote:
>>
>> Hi Melvin,
>>
>> On Oct 4, 2012, at 4:49 PM, Melvin Carvalho wrote:
>>
>> I think the aim is to have an identity system that is universal.  The web
>> is predicated on the principle that an identifier in one system (eg a
>> browser) will be portable to any other system (eg a search engine) and vice
>> versa.  The same principle applied to identity would allow things to scale
>> globally.  This has, for example, the benefit of allowing users to take
>> their data, or reputation footprint when them across the web.  I think
>> there is a focus on WebID because it is the only identity system to date
>> (although yadis/openid 1.0 came close) that easily allows this.  I think
>> many would be happy to use another system if it was global like WebID,
>> rather than another limited context silo.
>>
>>
>> I think there is a lot of confusion about the difference between
>> identifier and identity. You also seem to confuse them.
>>
>>
>> Here is the difference:
>>
>>   $ Identifier:   A data object that represents a specific identity of
>>      a protocol entity or individual.  See [RFC4949].
>>
>> Example: a NAI is an identifier
>>
>>   $ Identity:   Any subset of an individual's attributes that
>>      identifies the individual within a given context.  Individuals
>>      usually have multiple identities for use in different contexts.
>>
>> Example: the stuff you have at your Facebook account
>>
>>
>>  This is a well know distinction in philosopohy. You can refer to things
>> in two ways:
>>  - with names ( identifiers )
>>  - with existential variables ( anonymous names if you want ), and
>> attaching a description to that
>>    thing that identifies it uniquely among all other things
>>
>>  So for example Bertrand Russell considered that "The Present King of
>> France" in "The Present King of France is Bald" was
>> not acting like a proper name, but as an existential variable with a
>> definite description. That is in
>> mathematical logic he translated that phrase to:
>>
>>     ∃x[PKoF(x) & ∀y[PKoF(y) → y=x] & B(x)]
>>
>>  See http://en.wikipedia.org/wiki/Definite_description
>> Harry Halpin goes into this in this Philosophy of the Web Thesis
>>   http://journal.webscience.org/324/
>> http://www.ibiblio.org/hhalpin/homepage/thesis/
>>
>>  So yes we know this, and understand this very well. The Semantic Web is
>> an outgrowth of
>> Fregean logic, tied to the Web through URIs, and with some of the best
>> logicians
>> in the world  having worked on its design. This is our bread and butter.
>>
>>  In fact in WebID we are using this to our advantage. What we do is we
>> use
>> a URI - a universal identifier - to identify a person, in such a way that
>> it is
>> tied to a definite description as "the agent ID that knows the private
>> key of public
>> key Key".
>>
>>  [ image available at:
>>   http://www.w3.org/wiki/images/4/49/X509-Sense-and-Reference.jpg ]
>>
>>
>>  The text in the document named "http://bblfish.net/" says:
>>
>>  <#hjs> foaf:name "Henry Story";
>>             cert:key [ a cert:RsaPublicKey; cert:modulus ... ;
>> cert:exponent ... ]
>>
>>
>>  So in the above the Identifier is "http://bblfish.net/#hjs" which
>> referes to <http://bblfish.net/#hjs>
>> (me) which you can recognise as the knower of the private key
>> published on the http://bblfish.net/ web page (in RDFa, in this case)
>>
>>
>> To illustrate the impact for protocols let me try to explain this with
>> OpenID Connect.
>>
>> OpenID Connect currently uses SWD (Simple Web Discovery) to use a number
>> of identifiers to discover the identity provider, see
>> http://openid.net/specs/openid-connect-discovery-1_0.html
>>
>> The identifier will also have a role when the resource owner
>> authenticates to the identity provider. The identifier may also be shared
>> with the relying party for authorization decisions.
>>
>> Then, there is the question of how you extract attributes from the
>> identity provider and to make them available to the relying party.
>>
>>
>>  In WebID that is easy for public info: you use HTTP GET.
>> Otherwise you put protected info into protected resources, link to them
>> from the WebID profile,
>> and apply WebID recursively to the people requesting information about
>> that resource. Ie: you
>> protect the resources containing information that needs protecting.
>>
>>  This makes it possible to describe people and their relations extremely
>> richly,
>> and it allows one to be very fine grained in who one allows access to
>> information.
>>
>>
>> There, very few standards exist (this is the step that follows OAuth).
>> The reason for the lack of standards is not that it isn't possible to
>> standardize these protocols but there are just too many applications. A
>> social network is different from a system that uploads data from a smart
>> meter. Facebook, for example, uses their social graph and other services
>> use their own proprietary "APIs" as well.
>>
>>
>>  Yes, I know people keep saying its impossible, and then we have trouble
>> showing them -
>> since the impossible cannot be seen.
>>
>>  Btw in WebID we use
>>
>>  The one well know api: HTTP.
>> A semantic/logic model: RDF and mappings from syntax to that model - which
>> is based on Relations which I think Bertrand Russel showed to be pretty
>> much all you needed.
>>
>>  Then it is a question of working together and developing vocabularies
>> that metastabilise.
>> (More on that in a future video).
>>
>>
>> This is the identity issue.
>>
>> You are mixing all these topics together. This makes it quite difficult
>> to figure out what currently deployed systems do not provide.
>>
>> Ciao
>> Hannes
>>
>>
>> Social Web Architect
>> http://bblfish.net/
>>
>>
>>
>
>