On Oct 4, 2012, at 4:49 PM, Melvin Carvalho wrote:
I think the aim is to have an
identity system that is universal. The web is
predicated on the principle that an identifier in one
system (eg a browser) will be portable to any other
system (eg a search engine) and vice versa. The same
principle applied to identity would allow things to
scale globally. This has, for example, the benefit of
allowing users to take their data, or reputation
footprint when them across the web. I think there is
a focus on WebID because it is the only identity
system to date (although yadis/openid 1.0 came close)
that easily allows this. I think many would be happy
to use another system if it was global like WebID,
rather than another limited context silo.
I think there is a lot of confusion about the difference
between identifier and identity. You also seem to
Here is the difference:
$ Identifier: A data object that represents a
specific identity of
a protocol entity or individual. See [RFC4949].
Example: a NAI is an identifier
$ Identity: Any subset of an individual's attributes
identifies the individual within a given context.
usually have multiple identities for use in
Example: the stuff you have at your Facebook account
This is a well know distinction in philosopohy. You
can refer to things in two ways:
- with names ( identifiers )
- with existential variables ( anonymous names if
you want ), and attaching a description to that
thing that identifies it uniquely among all other
So for example Bertrand Russell considered that "The
Present King of France" in "The Present King of France
is Bald" was
not acting like a proper name, but as an existential
variable with a definite description. That is in
mathematical logic he translated that phrase to:
∃x[PKoF(x) & ∀y[PKoF(y) → y=x] & B(x)]
Harry Halpin goes into this in this Philosophy of the
So yes we know this, and understand this very well.
The Semantic Web is an outgrowth of
Fregean logic, tied to the Web through URIs, and with
some of the best logicians
in the world having worked on its design. This is
our bread and butter.
In fact in WebID we are using this to our advantage.
What we do is we use
a URI - a universal identifier - to identify a
person, in such a way that it is
tied to a definite description as "the agent ID that
knows the private key of public
[ image available at:
<#hjs> foaf:name "Henry Story";
cert:key [ a cert:RsaPublicKey;
cert:modulus ... ; cert:exponent ... ]
(me) which you can recognise as the knower of the
To illustrate the impact for protocols let me try to
explain this with OpenID Connect.
OpenID Connect currently uses SWD (Simple Web Discovery)
to use a number of identifiers to discover the identity
provider, see http://openid.net/specs/openid-connect-discovery-1_0.html
The identifier will also have a role when the resource
owner authenticates to the identity provider. The
identifier may also be shared with the relying party for
Then, there is the question of how you extract
attributes from the identity provider and to make them
available to the relying party.
In WebID that is easy for public info: you use HTTP
Otherwise you put protected info into protected
resources, link to them from the WebID profile,
and apply WebID recursively to the people requesting
information about that resource. Ie: you
protect the resources containing information that
This makes it possible to describe people and their
relations extremely richly,
and it allows one to be very fine grained in who one
allows access to information.
There, very few standards exist
(this is the step that follows OAuth). The reason for
the lack of standards is not that it isn't possible to
standardize these protocols but there are just too many
applications. A social network is different from a
system that uploads data from a smart meter. Facebook,
for example, uses their social graph and other services
use their own proprietary "APIs" as well.
Yes, I know people keep saying its impossible, and then we
have trouble showing them -
since the impossible cannot be seen.
Btw in WebID we use
The one well know api: HTTP.
A semantic/logic model: RDF and mappings from syntax
to that model - which
is based on Relations which I think Bertrand Russel
showed to be pretty much all you needed.
Then it is a question of working together and
developing vocabularies that metastabilise.
(More on that in a future video).
This is the identity issue.
You are mixing all these topics together. This makes it
quite difficult to figure out what currently deployed
systems do not provide.