Re: Agentic Linked Data

Hi Mark,

 

Many domains in GRC outside the specific privacy requirements need to be considered—for example, the European CRA (which impacts suppliers and likely impacts the architecture of products). If a POD is in healthcare, financial, or public administration, it now goes into “critical class” assessments (which, as far as I can see from Eclipse’s mailing list, is making a lot of people nervous).

 

 

___________________________________

Joshua Cornejo

marketdata

smart authorisation management for the AI-era

 

From: Smart Species Ltd <mark@smartspecies.com>
Date: Tuesday 14 January 2025 at 05:23
To: Joshua Cornejo <josh@marketdata.md>
Cc: Knut-Olav Hoven <knutolav@gmail.com>, "Harshvardhan J. Pandit" <me@harshp.com>, public-solid <public-solid@w3.org>
Subject: Re: Agentic Linked Data

 

HI Solidites, 

 

(Very interesting thread) 

 

As way of introduction, I have been lurking for quite awhile and working with and following others here in one way or another for a long time as well.  It is great to see this topic arise, but also to see such great discussion around it. Also,  I do like the diagram, as I think this is a good way to look at the layers, 

 

More to the point, I think Harsh may be referring to legal authority, and a key element referential to what is legally ’sovereign’ or legally authoritative, in this context.   The use of terminology is a critical topic, a lot of words that are important, like trust and identity, have been technically co-opted, so it can be difficult to share a common understanding in a technical context without mapping them, 

 

For Agents, does infer the use of consent as the lawful basis to delegate  authority to a Personal Information Agent, to act on ones behalf. In linked data terms, this could be referred to as the data guardian for access to ones own secure personal data space. 

 

To this point,  I was recently reviewing recently implemented privacy legislation in Quebec, Canada which is surprisingly innovative in a couple of ways.    One innovation is the Articles referring to Personal Information Agents in Law 25, that indicate that ’sovereignty’ transparency over legitimacy and authority is very important to the Quebec Commission, as they are required to be notified if this status of Personal information Agent has changed.   (Seems a bit strange) 

 

My two cents, in all cases, it is not just the Commissioner that requires notice of changes to Personal Information Agents, but also agents should be required to provide identification, as well as notify people of required information, when acting on their behalf.   Or else operational trust is not possible.  Hence a comprehensive data security and privacy legal vocabulary like the DPV, with ORDL, is a critical path forward. 

 

Kind Regards,

 

Mark Lizar

 

From Law 25

 

DIVISION VI PERSONAL INFORMATION AGENTS

Every personal information agent carrying on an enterprise in Québec must be registered with the Commission. Any person who, on a commercial basis, personally or through a representative, establishes files on other persons and prepares and communicates to third parties credit reports bearing on the character, reputation or solvency of the persons to whom the information contained in such files relates is a personal information agent.
72. “Every personal information agent must inform the Commission of any change in the information referred to in the first paragraph no later than 30 days following the change. If applicable, the agent must also promptly inform the Commission of the expected termination of the agent’s activities.”

 

 

 



On 13 Jan 2025, at 03:02, Joshua Cornejo <josh@marketdata.md> wrote:

 

Hi,

 

Knut-Olav: the word “validate” sounds like a combination of “authentication” and “authorisation” somehow. if I am ingesting “finished” data = I need to validate the source and if they can do what they claim … which is: can you perform this function?.

 

Harsh: your use of “agent”, “agency”, “dpv:Representative”  = all examples of entities that can be modelled as functions in a Policy. In ODRL the odrl:function property allows for different parties to collaborate (“loosely used word”) within a rule (the most common being odrl:assigner and odrl:assignee).

 

Think of examples like “Can you come to my house, enter my room and get to my diary” (are you a member of my family?) or “Can you deliver post from my bank to my house?” (are you from the post office in the UK?) – any scenario that ‘avoids’ these clauses is either a thief or a scammer.

 

During my December presentation, I showed this diagram below – a simplified security model – with the simplest layers: “are you who you claim to be?” and “can you do what you claim you can do?”. 

 

If you have a use case that follows a different path, it would be interesting to understand how you got there.

 

<image001.png>

 

Harsh: - To your “odrl:isA is defined as "A set-based operator indicating that a given value is an instance of the right operand of the Constraint." - I wouldn't use just this relation to have the desired interpretation for asserting something is an 'agent' in this context.”, I was simplifying the onion ring above and as you say “I wouldn’t use just this relation” – agents needs to be authenticated and authorised, at execution time you might need to determine “human” vs “non-human” – for example in use cases that require “final” decision making during a delegated situation signed by a human. 

 

My interest in agents so far (of any type) is to determine the most common properties that might require operations for refinements (e.g. LEI, address, VC’s attributes, current location, delegations) and what are the taxonomies that most commonly will be used. 

 

Regards,

 

___________________________________

Joshua Cornejo

marketdata

smart authorisation management for the AI-era

 

From: Knut-Olav Hoven <knutolav@gmail.com>
Date: Sunday 12 January 2025 at 22:18
To: Josh Cornejo <josh@marketdata.md>
Subject: Re: Agentic Linked Data

 

No, at least I don't think so...

 

rights/authorization is something I would use up-front in cases where I want someone or something to act on behalf of me.

 

When it comes to AI agents, I want mechanisms to validate the outcome before making it my own.

I like to think about these solutions as helpful assistants, and not as extensions of myself.

 

--

Knut-Olav Hoven

 

søn. 12. jan. 2025, 22:55 skrev Josh Cornejo <josh@marketdata.md>:

“I would then use some vocabulary to express my trust in the statements/documents it creates”

 

You mean: rights management/authorisation.

 

___________________________________

Joshua Cornejo

marketdata

smart authorisation management for the AI-era

 

From: Knut-Olav Hoven <knutolav@gmail.com>
Sent: Sunday, January 12, 2025 9:23 pm
To: Joshua Cornejo <josh@marketdata.md>
Cc: frederick@graphmetrix.com <frederick@graphmetrix.com>; Melvin Carvalho <melvincarvalho@gmail.com>; Jesse Wright <jesse.wright@jesus.ox.ac.uk>; public-solid <public-solid@w3.org>
Subject: Re: Agentic Linked Data

 

How about this:

_:mybot a foaf:Agent .
_:me foaf:made _:mybot .

It doesn't say I created the technology behind "mybot", but I made this resource/thing/configuration and thus inherently control it. Doesn't mean I have to trust everything this agent does...

And I wouldn't let it write directly into my documents.

I would then use some vocabulary to express my trust in the statements/documents it creates. And probably copy selected statements into my own documents.

--
Knut-Olav Hoven

 

søn. 12. jan. 2025, 20:28 skrev Joshua Cornejo <josh@marketdata.md>:

IMHO, ontologists would argue that the definitions for linked data should use the FOAF ontology for the definition of most “general” classes and stick to corresponding definitions …

 

http://xmlns.com/foaf/spec/#term_Agent

http://xmlns.com/foaf/spec/#term_Person

 

The Person class is a sub-class of the Agent class, since all people are considered 'agents' in FOAF.

 

FOAF also defines Organisation as a type of agent. Other ontologies extend into Automatons/etc. 

 

Others like DCAT bind Dublin Core and FOAF:

 

dcat:resource has a property dcmi:creator with a range of foaf:Agent.

 

___________ ________________________

Joshua Cornejo

marketdata

smart authorisation management for the AI-era

 

From: Frederick Gibson <frederick@graphmetrix.com>
Reply-To: <frederick@graphmetrix.com>
Date: Sunday 12 January 2025 at 18:27
To: Josh Cornejo <josh@marketdata.md>
Cc: Melvin Carvalho <melvincarvalho@gmail.com>, Jesse Wright <jesse.wright@jesus.ox.ac.uk>, public-solid <public-solid@w3.org>
Subject: Re: Agentic Linked Data

 

“Though Tim noted he’d be wary of something calling itself both a Person and an Agent!”

 

If we look at the OED definition of agent:

 

"A person who or thing which acts upon someone or something; one who or that which exerts power; the doer of an action. Sometimes contrasted with the patient (instrument, etc.) undergoing the action."

 

"A person who acts as a substitute for another; one who undertakes negotiations or transactions on behalf of a superior, employer, or principal; a deputy, steward, representative; (in early use) an ambassador, emissary. Also figurative. Now chiefly in legal contexts."

 

By definition, a person can be both type person and type agent, just as a person can have countless types depending on the state of a person at a given time.  And given that "thing which..that which" is included in the first definition, it would be consistent that any system could be an agent acting on behalf of another system (whether artificial or organic), not just people as agents.

 

Fred Gibson

Founder & CEO

mobile: 415.335.8232

 

1255 Treat Blvd, Suite 300
PMB#4611

Walnut Creek, CA  94597

office: 925.940.0741

 

 

 

 

 

---- On Sun, 12 Jan 2025 09:25:59 -0800 Josh Cornejo <josh@marketdata.md> wrote ---

 

 

“Though Tim noted he’d be wary of something calling itself both a Person and an Agent!”

 

 ODRL has a :isA operator to work around these type of validation/specialisation semantics. (Equivalent to typecasting in programming)

 

 

 

___________________________________

Joshua Cornejo

marketdata

smart authorisation management for the AI-era

 

From: Melvin Carvalho <melvincarvalho@gmail.com>
Sent: Sunday, January 12, 2025 4:26 pm
To: Jesse Wright <jesse.wright@jesus.ox.ac.uk>
Cc: public-solid <public-solid@w3.org>
Subject: Re: Agentic Linked Data

 

 

 

so 28. 12. 2024 v 12:34 odesílatel Jesse Wright <jesse.wright@jesus.ox.ac.uk> napsal:

Hi Melvin,

 

Have you come across the Web Agents CG https://www.w3.org/community/webagents/ - there are several people working in that direction there.

 

Hi Jesse,

Thanks for pointing out the Web Agents CG. Yes, I’ve been a member since its inception—an excellent group!

Quick note, as not all responses made it to the mailing list over the holidays. I used an LLM to summarize some key points:

Summary of the Discussion on Agentic Linked Data

Participants
Melvin Carvalho: Initiated the discussion.
Joshua Cornejo: Experienced in ODRL and authorization architecture.
Eric Jahn: Interested in agent roles and permissions.
Aad Versteden: Integrates AI and Linked Data in semantic.works.
Sindhu Raju: Focuses on personal data management and consumer use cases.
Matt Taylor: Consultant in ethical tech, cautious about broad agentic access.
Ram Mukund Kripa: Developed privacy agents for consent management.
Jesse Wright: Highlighted the Web Agents CG.
Jacob Beauchamp: Exploring agentic learning and entity data.
There’s clear interest in moving this forward. I also mentioned Agentic Linked Data on the SolidOS call, where the idea (of agents) was well received. For context, TimBL’s “timblbot” illustrates prior work:
https://timblbot.inrupt.net/profile/card#me
Classes include:
schema:Person, schema:SoftwareApplication, foaf:Agent, foaf:Person, prov:SoftwareAgent.
(Though Tim noted he’d be wary of something calling itself both a Person and an Agent!)

Next steps: We’re probably too small for a standalone Community Group. A practical option might be to work within the Solid CG for now, with a dedicated chat area for agentic topics. Initial work items could include adapting Agent entities to existing Solid tooling, libraries, pods, servers, and apps.

Looking forward to further discussion and collaboration!

Best,
Melvin

 

 

Best,

Jesse 

 

Get Outlook for Android

From: Melvin Carvalho <melvincarvalho@gmail.com>
Sent: Saturday, December 28, 2024 11:11:09 AM
To: public-solid <public-solid@w3.org>
Subject: Agentic Linked Data

 

Hi All,

When I started this group, it was with the idea that Solid = Social Linked Data. Solid's foundation on WebID ties it to the concept of "Agent," based on FOAF's Agent class (parent of FOAF Person).

With "agentic AI" really taking off right now, I wonder—would anyone be interested in exploring "Agentic Linked Data"? It feels like a natural direction.

Best,

Melvin

 

___________________________________

Joshua Cornejo

marketdata

smart authorisation management for the AI-era

 

 

 

___________________________________

Joshua Cornejo

marketdata

smart authorisation management for the AI-era