- From: Kingsley Idehen <kidehen@openlinksw.com>
- Date: Thu, 18 Oct 2012 12:52:19 -0400
- To: Ben Laurie <benl@google.com>
- CC: Henry Story <henry.story@bblfish.net>, "Klaas Wierenga (kwiereng)" <kwiereng@cisco.com>, "public-identity@w3.org" <public-identity@w3.org>, "public-philoweb@w3.org" <public-philoweb@w3.org>, "saag@ietf.org" <saag@ietf.org>, "public-webid@w3.org" <public-webid@w3.org>, "public-privacy@w3.org" <public-privacy@w3.org>
- Message-ID: <508033C3.1010205@openlinksw.com>
On 10/18/12 12:06 PM, Ben Laurie wrote: > On 18 October 2012 16:41, Kingsley Idehen <kidehen@openlinksw.com> wrote: >> On 10/18/12 11:34 AM, Ben Laurie wrote: >>> On 9 October 2012 14:19, Henry Story <henry.story@bblfish.net> wrote: >>>> Still in my conversations I have found that many people in security >>>> spaces >>>> just don't seem to be able to put the issues in context, and can get >>>> sidetracked >>>> into not wanting any linkability at all. Not sure how to fix that. >>> You persist in missing the point, which is why you can't fix it. The >>> point is that we want unlinkability to be possible. Protocols that do >>> not permit it or make it difficult are problematic. I have certainly >>> never said that you should always be unlinked, that would be stupid >>> (in fact, I once wrote a paper about how unpleasant it would be). >>> >>> As I once wrote, anonymity should be the substrate. Once you have >>> that, you can the build on it to be linked when you choose to be, and >>> not linked when you choose not to be. If it is not the substrate, then >>> you do not have this choice. >>> >>> >>> >>> >> Do you have example of what you describe? By that question I mean: implicit >> anonymity as a functional substrate of some realm that we experience today? > That's what selective disclosure systems like U-Prove and the PRIME > project are all about. > > > Ben, How is the following incongruent with the fundamental points we've been trying to make about the combined effects of URIs, Linked Data, and Logic en route to controlling privacy at Web-scale? Excerpt from Microsoft page [1]: A U-Prove token is a new type of credential similar to a PKI certificate that can encode attributes of any type, but with two important differences: 1) The issuance and presentation of a token is unlinkable due to the special type of public key and signature encoded in the token; the cryptographic “wrapping” of the attributes contain no correlation handles. This prevents unwanted tracking of users when they use their U-Prove tokens, even by colluding insiders. 2) Users can minimally disclose information about what attributes are encoded in a token in response to dynamic verifier policies. As an example, a user may choose to only disclose a subset of the encoded attributes, prove that her undisclosed name does not appear on a blacklist, or prove that she is of age without disclosing her actual birthdate. Why are you assuming that a hyperlink based pointer (de-referencable URI) placed in the SAN of minimalist X.509 certificate (i.e., one that has now personally identifiable information) can't deliver the above and more? Please note, WebID is a piece of the picture. Linked Data, Entity Relationship Semantics and Logic are other critical parts. That's why there isn't a golden ontology for resource access policies, the resource publisher can construct a plethora of resource access policies en route to leveraging the power of machine discernible entity relationship semantics and first-order logic. In a most basic super paranoid scenario, if I want to constrain access to a resource to nebulous entity "You" I would share a PKCS#12 document with that entity. I would also have an access policy in place based on the data in said document. I would also call "You" by phone to give you the password of that PKCS#12 document. Once that's all sorted, you can open the document, get your crytpo data installed in your local keystore and then visit the resource I've published :-) Links: 1. http://research.microsoft.com/en-us/projects/u-prove/ 2. http://en.wikipedia.org/wiki/Zero-knowledge_proof -- I don't see anything about that being incompatible with what the combined use of de-referencable URIs based names, Linked Data, Entity Relationship Semantics, Reasoning, and existing PKI deliver. -- Regards, Kingsley Idehen Founder & CEO OpenLink Software Company Web: http://www.openlinksw.com Personal Weblog: http://www.openlinksw.com/blog/~kidehen Twitter/Identi.ca handle: @kidehen Google+ Profile: https://plus.google.com/112399767740508618350/about LinkedIn Profile: http://www.linkedin.com/in/kidehen
Attachments
- application/pkcs7-signature attachment: S/MIME Cryptographic Signature
Received on Thursday, 18 October 2012 16:52:47 UTC