W3C home > Mailing lists > Public > public-webid@w3.org > October 2012

Re: Browser UI & privacy - a discussion with Ben Laurie

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Thu, 04 Oct 2012 13:40:39 -0400
Message-ID: <506DCA17.8020006@openlinksw.com>
To: bd@thinkmetrics.com
CC: 'Hannes Tschofenig' <hannes.tschofenig@gmx.net>, 'Melvin Carvalho' <melvincarvalho@gmail.com>, 'Henry Story' <henry.story@bblfish.net>, public-webid@w3.org, public-identity@w3.org, public-philoweb@w3.org, 'Ben Laurie' <benl@google.com>
On 10/4/12 12:58 PM, Brandt Dainow wrote:
> Hi - I'm coming into this discussion late, and though I've tried to catch
> up, please forgive me if you think I've missed something in earlier stages
> of the debate.  However, as a philosopher concerned with online ethics (as
> well as a web analyst), I'm disturbed by the tone of this discussion, so I'm
> throwing in my point:
>
> The idea that a person can be treated like a computing resource is
> questionable.

I am not making that claim. Neither am I claiming that your passport == 
you.

I am saying that a digital resource can be used to verify identity via 
proof that leverages cryptography. On the Web, courtesy of WebID, you 
can be the passport office and passport holder en route to verify 
identity claims associated with nebulous entity: You.

>   It sounds like instrumentalism - treating people as things,
> which is the starting point of most human evil.

Quite the contrary, this is about federated verifiable identity that 
leverages logic and Web architecture. All of this is possible because we 
can make fashion structured using a dexterous data model (RDF) and HTTP 
URIs.

>    The principle that an
> identifier in one system is portable to others refers to computing
> resources, not human beings.

An identifier denotes an entity thereby giving it identity. That's the 
fundamental principle in play re. the Web, Linked Data, and WebID.

>   There are no principles in web computing which
> were ever intended to apply to people.

I would say, denotation on the Web via use of HTTP URIs  isn't confined 
to documents.  It extends to any entity that becomes an observation 
subject which includes: people, organization, ideas etc..


> This is why initiatives like WebID
> exist at all - they are trying to compensate for the fact the internet has
> nothing within it pertaining to humans.

Quite the contrary, PKI has existed on the Internet for a long time. It 
has simply been underutilized. PKI has facilitated an ecommerce industry 
that some estimate to be in the trillion dollar range. Unfortunately, 
the model for ecommerce has come to dominate the fundamental essence of PKI.

Simple example:
PKI enables Amazon assure me that I am making a purchase from Amazon (an 
organization). It achieves this via the CA network i.e., third party 
identity verification as part of the system. The same modality for 
Amazon proving itself to me doesn't apply when it comes to me proving 
who I am to Amazon. Basically, a CA isn't required for that. Same thing 
applies to email via S/MIME. You don't need a CA to verify the identity 
of sender of this email, assuming you are using a native email client 
that supports S/MIME, simply click on the certificate used to sign this 
mail, then locate the Subject Alternative Name (SAN), and simply cut and 
paste the HTTP URI into your browser's address bar. Net effect, whoever 
sent this mail was in possession of the following:

1. private key
2. public key
3. access to my LinkedIn profile
4. the audacity to claim my LinkedIn profile, in public.


>
> The concept of a "reputation footprint" is also highly debatable.

Verifiable identity is the critical foundation for building any kind of 
trust.
> Personally, I find the idea that I would have a single online profile,
> uniting all my web activities, and traceable back to the real human me, as
> horrifically totalitarian, and a step backward.

Amen!

Nothing about WebID mandates that you have a single WebID. As I said in 
an earlier reference re. the entity:  "neboulous you" .

WebID handles the 'Peter Parker' and 'Spiderman' identity paradox. There 
are not rules about what you put in an X.509 certificate watermarked 
with a WebID (an HTTP URI) bar the fact that the WebID resolves to a 
graph where explicit relationship semantics associate a WebID with a 
Public Key, the very same Public Key that by virtue of its Private Key 
pair successfully facilitated a TLS handshake. The proof lies in the 
ability to connect the composite comprised of: webid, public key, 
private key. Of course, an ACL rule could add additional identity claims 
factors derived from data in an X.509 certificate.

>    I don't have such a
> limitation in the real world.

Neither do you have it on the Web. But remember, in the real world your 
signature can be forged. Today, folks don't even bother signing the 
backside of their credit cards due to the futility of hand signatures. 
Such isn't the case re. basic PKI let alone the integration of URI 
lookups for what amounts to "mirrored claims" held in at least two 
places: you local key store and your Web accessible profile document.

> I can be anonymous when I walk the city,
> enter shops, and pay by cash.

Yes, and even more anonymous online thanks to the WebID protocol. A 
protocol that makes HTTP URIs that denote real-world entities 
verifiable, via cryptography and logic derived from entity relationship 
semantics.

>   I can conceal my religious or political
> beliefs from my workmates, so as to avoid being judged by them on irrelevant
> criteria, or simply because I want to live privately.

Yes, whatever you are doing offline is achievable, and some, online via 
the WebID protocol.

>    I can decide my life
> has been a mess, then move to a new city, where no one knows me, and start
> afresh, my previous history forgotten.

Exactly!


>   We must have the same level of
> forgetfulness on the web, the same ability to split our activities and
> present only partial views of ourselves to different groups.  These are
> fundamental aspects of human existence which have remained for thousands of
> years.  They enable us to work and socialise with others who we otherwise
> would be in conflict with.

Yes.

>
> Organisations are different.  They are not people.

Correct, and even the United States supreme court got tripped up on 
basic ontological understand re. that issue.

>   Any initiative which
> treats organisations, documents and human beings as the same is denying the
> essential dignity of the individual, and their right to chose how openly or
> privately they wish to live.  I can understand why I might want a system
> which enables me to lock my identity to a resource, but that should be a
> voluntary system, and it should enable me to have multiple WebID's (or
> equivalent), and it should permit me to keep my personal identity totally
> anonymous.

Multiple WebIDs are intrinsic to the system. I have completely lost 
count of how many WebIDs are associated with nebulous entity: Me. But 
non of that matters re. this system. That's the beauty of the kind of 
capabilities that de-referencable URIs (e.g., HTTP URIs) deliver.


>
> WebId is a particularly dangerous concept.

How can it be? Note my responses above. It doesn't contradict a single 
issue for which you've expressed valid concern.

>   It totally depends on the
> unbreakability of the private key.

No it doesn't. Its a composite of: public key, private key, and webid.  
I can make and destroy certificates with alacrity.

>   Does anyone in this group seriously
> believe there's such a thing as unbreakable encryption, or a flawless
> computing system?

No, but is that the goal. Where does such a system exist today be online 
or offline? All you can do is make it harder for bad guys. This is 
exactly what you get when Logic is part of the Web or broader Internet.

>   If people trust WebID's, what chance do you think anyone
> will have of convincing the world their WebID has been faked or hijacked, or
> their certificate stolen, etc?

Trust is broad and dexterous. Luckily, so is the effect of combining 
entity relationship semantics with logic. That's what the WebID protocol 
is about.


>   If WebID was used for government, financial
> or employment purposes, what harm could fall on someone under such
> circumstances?

Nothing more than what happens today. If anything, you will be back to 
parity re. privacy online. Unfortunately, many of the big vendors want 
to peddle identity silos online based on the narrative that privacy 
online is too challenging for the individual to pursue.

> The same is true of any computing system which seeks to lock
> an IT resource to a real person.  The connection between the two will always
> be problematic and untrustworthy.

Of course.

>
> In terms of online privacy, we cannot possibly imagine what use nasty people
> will make of personal data 10, 20, or 50 years from now.  We simply cannot
> know what technology or business models people will invent.

Correct.

>    All we can be
> sure of is that stuff we can't imagine now will dominate the web of the
> future.

Correct.
>   This means we can't argue in terms of trying to achieve specific
> effects, because we can't know what the full range of effects will be.  The
> only solution is to focus on avoiding the potential for harm.

Correct.

>   This means we
> must take a fantastically conservative attitude to online privacy, and
> resist every attempt to reduce it.

Correct.

>   In this light, one has to ask - where
> are the anonymity initiatives?  Where's my IP-rotation plug-in, my user
> agent obfuscation add-on, etc?

Implicit in the WebID protocol.

>
> The web is a fairly good thing as it is.  Before we seek to "improve" it, we
> need to be absolutely certain we are addressing a genuine problem and that
> the solution won't harm more than it helps.

Web-scale verifiable identity is the biggest challenge of the day re. 
the Web.

>   In the larger context, this
> means "Web-scale verifiable identity" should be no more than a minor item of
> optional technology used by a few people for specific purposes.

Yes, but not by a *few* people. It should be for those that seek its use 
as a mechanism for online privacy.

>   It should
> be enacted in a manner which is aware nasty people and governments could
> force it on people as  a means of exploitation and control, which means
> making it hard to manage centrally and avoiding uniform standards.

Amen!

>   The
> emphasis should always be on the avoidance of possible harm, even if this
> means not getting the best technology.

Never compromise on "the best possible" especially when it comes to 
something as important as individual identity and privacy :-)

Note: excuse my typos, I type very fast, and this was an important 
discussion for which I felt obliged to respond to, pronto!

Kingsley
>
>
> Regards,
> Brandt Dainow
> bd@thinkmetrics.com
> www.thinkmetrics.com
> PH (UK): (020) 8123 9521
> PH (USA): (801) 938 6808
> PH (IRELAND): (01) 443 3834
> iMedia Articles: www.imediaconnection.com/profiles/brandt.dainow
>   
> This email and any attachments are confidential and may be the subject of
> legal privilege. Any use, copying or disclosure other than by the intended
> recipient is unauthorised. If you have received this message in error,
> please delete this message and any copies from your computer and network.
>
> Whilst we run anti-virus software on all e-mails the sender does not accept
> any liability for any loss or damage arising in any way from their receipt
> or use. You are advised to run your own anti-virus software in respect of
> this e-mail and any attachments.
>   
>
>
>
> -----Original Message-----
> From: Kingsley Idehen [mailto:kidehen@openlinksw.com]
> Sent: 04 October 2012 16:59
> To: Hannes Tschofenig
> Cc: Melvin Carvalho; Henry Story; public-webid@w3.org;
> public-identity@w3.org; public-philoweb@w3.org; Ben Laurie
> Subject: Re: Browser UI & privacy - a discussion with Ben Laurie
>
> On 10/4/12 11:10 AM, Hannes Tschofenig wrote:
>> Hi Melvin,
>>
>> On Oct 4, 2012, at 4:49 PM, Melvin Carvalho wrote:
>>
>>> I think the aim is to have an identity system that is universal.  The web
> is predicated on the principle that an identifier in one system (eg a
> browser) will be portable to any other system (eg a search engine) and vice
> versa.  The same principle applied to identity would allow things to scale
> globally.  This has, for example, the benefit of allowing users to take
> their data, or reputation footprint when them across the web.  I think there
> is a focus on WebID because it is the only identity system to date (although
> yadis/openid 1.0 came close) that easily allows this.  I think many would be
> happy to use another system if it was global like WebID, rather than another
> limited context silo.
>> I think there is a lot of confusion about the difference between
> identifier and identity. You also seem to confuse them.
>> Here is the difference:
>>
>>      $ Identifier:   A data object that represents a specific identity of
>>         a protocol entity or individual.  See [RFC4949].
>>
>>    Example: a NAI is an identifier
> A data object is denoted by an identifier. The representation of a data
> object is a graph. An data object identifier can resolve to said data
> objects representation.
>
> A Web accessible profile document is an example of a data object.
>
> On the Web a profile document can be denoted by an HTTP URI/URL. In
> addition, the subject (which can be *anything*) of a profile document
> can also be denoted by an HTTP URI. Basically, this is what the Linked
> Data meme [1]  by TimBL is all about. Note, WebID is fundamentally an
> application of Linked Data principles specifically aimed at solving the
> problem of Web-scale verifiable identity for people, organizations,
> software, and other conceivable entities.
>
>>      $ Identity:   Any subset of an individual's attributes that
>>         identifies the individual within a given context.  Individuals
>>         usually have multiple identities for use in different contexts.
>>
>>    Example: the stuff you have at your Facebook account
>>
>> To illustrate the impact for protocols let me try to explain this with
> OpenID Connect.
>> OpenID Connect currently uses SWD (Simple Web Discovery) to use a number
> of identifiers to discover the identity provider, see
> http://openid.net/specs/openid-connect-discovery-1_0.html
>> The identifier will also have a role when the resource owner authenticates
> to the identity provider. The identifier may also be shared with the relying
> party for authorization decisions.
>> Then, there is the question of how you extract attributes from the
> identity provider and to make them available to the relying party. There,
> very few standards exist (this is the step that follows OAuth). The reason
> for the lack of standards is not that it isn't possible to standardize these
> protocols but there are just too many applications. A social network is
> different from a system that uploads data from a smart meter. Facebook, for
> example, uses their social graph and other services use their own
> proprietary "APIs" as well.
>> This is the identity issue.
>>
>> You are mixing all these topics together. This makes it quite difficult to
> figure out what currently deployed systems do not provide.
>
> Henry isn't mixing up the issues. What might be somewhat unclear to you
> is the critical role played by Linked Data, and the fact that a WebID is
> just a cryptographically verifiable denotation mechanism (an identifier)
> for people, organizations, software agents, and other real world
> entities that aren't Web realm data objects (or documents).
>
> Linked Data introduces a power nuance that enables you leverage
> *indirection* via the use of HTTP URIs to unambiguously denote a Web
> realm data object (e.g., a profile document) and a real world entity
> (that's the subject of the profile document) described by said data
> object. Net effect, either denotation resolves to the same document
> content (actual data or Web resource). The documents in this context are
> comprised of RDF data model based structured content i.e., an
> entity-attribute-value or subject-predicate-object graph.
>
> Also note that WebID and OpenID bridges already exist in the wild that
> work, and these serve as powerful demonstrations of the value that WebID
> brings to bear.
>
> Links:
>
> 1. http://www.w3.org/DesignIssues/LinkedData.html -- Linked Data meme
> 2. http://bit.ly/OcbR8w -- WebID+OpenID proxy service showing how
> password authentication is eliminated from the OpenID flow via WebID
> 3. http://bit.ly/PcQg38 -- screenscast showcasing the combined prowess
> of OpenID and WebID.
>
>
> Kingsley
>
>> Ciao
>> Hannes
>>
>>
>>
>>
>


-- 

Regards,

Kingsley Idehen	
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen







Received on Thursday, 4 October 2012 17:41:10 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:54:37 UTC