- From: Nathan <nathan@webr3.org>
- Date: Mon, 08 Oct 2012 13:18:57 +0100
- To: Melvin Carvalho <melvincarvalho@gmail.com>
- CC: Ben Laurie <benl@google.com>, Henry Story <henry.story@bblfish.net>, "public-webid@w3.org" <public-webid@w3.org>
Melvin Carvalho wrote: > So there was 3 concepts mentioned in the IETF doc we looked at. > > 1. Linkability -- you can use webid for this > > 2. Unlinkability (A) anonymity -- you dont need to use a cert for this > > 2. Unlinkabiity (B) Pseudo Anonymity > > I think it's the pseudo anonymity that seems to be raising concerns. Perhaps this is of no concern to WebID, the protocol, or the abstract protocol - and more to do with people's mental model. I can set up a service which is only accessible if you use a cert&identifier issued by it, anonymously on request. I can email that new cert and identifier to this group (perhaps encrypted with a shared key), and one of you can use it once to WebID auth with aforementioned service and pass on some information / post a message / whatever. WebID works fine for that, and it's anonymous. The point is, that WebID doesn't require that any identifier used is traceable back to a real world agent. It just requires that a URI+associated keypair are used, that a the service being auth*d with "trusts". Make sense?
Received on Monday, 8 October 2012 12:19:52 UTC