Re: Browser UI & privacy - a discussion with Ben Laurie from Kingsley Idehen on 2012-10-04 (public-webid@w3.org from October 2012)

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Thu, 04 Oct 2012 11:58:34 -0400
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
CC: Melvin Carvalho <melvincarvalho@gmail.com>, Henry Story <henry.story@bblfish.net>, "public-webid@w3.org" <public-webid@w3.org>, public-identity@w3.org, "public-philoweb@w3.org" <public-philoweb@w3.org>, Ben Laurie <benl@google.com>
Message-ID: <506DB22A.4000000@openlinksw.com>

On 10/4/12 11:10 AM, Hannes Tschofenig wrote:
> Hi Melvin,
>
> On Oct 4, 2012, at 4:49 PM, Melvin Carvalho wrote:
>
>> I think the aim is to have an identity system that is universal.  The web is predicated on the principle that an identifier in one system (eg a browser) will be portable to any other system (eg a search engine) and vice versa.  The same principle applied to identity would allow things to scale globally.  This has, for example, the benefit of allowing users to take their data, or reputation footprint when them across the web.  I think there is a focus on WebID because it is the only identity system to date (although yadis/openid 1.0 came close) that easily allows this.  I think many would be happy to use another system if it was global like WebID, rather than another limited context silo.
> I think there is a lot of confusion about the difference between identifier and identity. You also seem to confuse them.
>
> Here is the difference:
>
>     $ Identifier:   A data object that represents a specific identity of
>        a protocol entity or individual.  See [RFC4949].
>
>   Example: a NAI is an identifier

A data object is denoted by an identifier. The representation of a data 
object is a graph. An data object identifier can resolve to said data 
objects representation.

A Web accessible profile document is an example of a data object.

On the Web a profile document can be denoted by an HTTP URI/URL. In 
addition, the subject (which can be *anything*) of a profile document 
can also be denoted by an HTTP URI. Basically, this is what the Linked 
Data meme [1]  by TimBL is all about. Note, WebID is fundamentally an 
application of Linked Data principles specifically aimed at solving the 
problem of Web-scale verifiable identity for people, organizations, 
software, and other conceivable entities.

>
>     $ Identity:   Any subset of an individual's attributes that
>        identifies the individual within a given context.  Individuals
>        usually have multiple identities for use in different contexts.
>
>   Example: the stuff you have at your Facebook account
>
> To illustrate the impact for protocols let me try to explain this with OpenID Connect.
>
> OpenID Connect currently uses SWD (Simple Web Discovery) to use a number of identifiers to discover the identity provider, see http://openid.net/specs/openid-connect-discovery-1_0.html
>
> The identifier will also have a role when the resource owner authenticates to the identity provider. The identifier may also be shared with the relying party for authorization decisions.
>
> Then, there is the question of how you extract attributes from the identity provider and to make them available to the relying party. There, very few standards exist (this is the step that follows OAuth). The reason for the lack of standards is not that it isn't possible to standardize these protocols but there are just too many applications. A social network is different from a system that uploads data from a smart meter. Facebook, for example, uses their social graph and other services use their own proprietary "APIs" as well.
>
> This is the identity issue.
>
> You are mixing all these topics together. This makes it quite difficult to figure out what currently deployed systems do not provide.

Henry isn't mixing up the issues. What might be somewhat unclear to you 
is the critical role played by Linked Data, and the fact that a WebID is 
just a cryptographically verifiable denotation mechanism (an identifier) 
for people, organizations, software agents, and other real world 
entities that aren't Web realm data objects (or documents).

Linked Data introduces a power nuance that enables you leverage 
*indirection* via the use of HTTP URIs to unambiguously denote a Web 
realm data object (e.g., a profile document) and a real world entity 
(that's the subject of the profile document) described by said data 
object. Net effect, either denotation resolves to the same document 
content (actual data or Web resource). The documents in this context are 
comprised of RDF data model based structured content i.e., an 
entity-attribute-value or subject-predicate-object graph.

Also note that WebID and OpenID bridges already exist in the wild that 
work, and these serve as powerful demonstrations of the value that WebID 
brings to bear.

Links:

1. http://www.w3.org/DesignIssues/LinkedData.html -- Linked Data meme
2. http://bit.ly/OcbR8w -- WebID+OpenID proxy service showing how 
password authentication is eliminated from the OpenID flow via WebID
3. http://bit.ly/PcQg38 -- screenscast showcasing the combined prowess 
of OpenID and WebID.

Kingsley

>
> Ciao
> Hannes
>
>
>
>

-- 

Regards,

Kingsley Idehen	
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen

Attachments

application/pkcs7-signature attachment: S/MIME Cryptographic Signature

Received on Thursday, 4 October 2012 15:59:08 UTC