- From: Nathan <nathan@webr3.org>
- Date: Sun, 21 Oct 2012 11:22:07 +0100
- To: Ben Laurie <benl@google.com>
- CC: Henry Story <henry.story@bblfish.net>, Ben Laurie <ben@links.org>, "public-philoweb@w3.org" <public-philoweb@w3.org>, "public-identity@w3.org" <public-identity@w3.org>, "public-privacy@w3.org" <public-privacy@w3.org>, Sam Hartman <hartmans-ietf@mit.edu>, "public-webid@w3.org" <public-webid@w3.org>, "saag@ietf.org" <saag@ietf.org>
Ben Laurie wrote: > I'm getting quite tired of this: the point is, you cannot achieve > unlinkability with WebID except by using a different WebIDs. You made > the claim that ACLs on resources achieve unlinkability. This is > incorrect. You're 100% correct here Ben, and I'm unsure why it's so hard to convey!? If you use the same identifier for more than one request, subsequent requests can be associated with the first request. An identifier here is any identifying, stable, information - key parts and URIs. If the issue is only unlinkability across sites, then you just have a keypair+uri per site. Or better, key-pair only, and that's associated with an identifier for the agent behind the interface. You're correct that ACLs won't cut it.
Received on Sunday, 21 October 2012 10:22:56 UTC