Re: Should WebIDs denote people or accounts?

On 17 May 2014 17:57, Sandro Hawke <sandro@w3.org> wrote:

> Summary: Most people will be unwilling to give up the idea of having
> multiple separate accounts.  This calls into question the whole idea of
> WebID.
>
> First off, as an aside, hello everyone.   I was in the CG for its first
> few weeks to help get things started, but then left when it looked like
> things were well in hand, and I had many other W3C duties.   Since then,
> nearly all of my Working Groups (SPARQL, RDF, GLD, etc) have wrapped up,
> and I'm mostly doing R&D, working with TimBL and Andrei Sambra.   The work
> we're doing needs something like WebID.
>
> That said, I have to raise a difficult issue.   Maybe there's a simple
> solution I'm just missing, but I fear there is not.
>
> The examples in the spec, and what I saw from Henry when he first
> presented foaf+ssl, show the WebID denoting a person.   In the examples,
> it's often an instance of foaf:Person, and occurs in triples as the subject
> where the predicate is foaf:name, foaf:knows, etc.  Also in triples as the
> object of foaf:knows.
>
> So that means that in RDF, my WebID denotes me.   And if I have three
> different WebIDs, they all denote me.    Anything that's said in RDF using
> one of my WebIDs is equally true to say using any of my other WebIDs, and a
> reasoner might well infer it.   That's how it looks like WebIDs are
> supposed to work.
>
> This is in stark contrast to how most online identity systems work. The
> usually model is that a person has an account with a particular service
> provider.   In the old days that might have been a bank, while these days
> it might be some kind of "identity provider" like Google or Facebook.
> There is important flexibility in this model.    I have two Google
> accounts, and my kids have many among themselves, so on the computers
> around the house, there are many possible Google accounts saved as possible
> logins.    Behind the scenes, Google may or may not be correctly inferring
> which humans are attached to each of these accounts, but as long it doesn't
> get wrong which accounts can see adult content, or use my credit card, or
> see/edit particular documents, that's okay. Those important features are
> attached to accounts, not people, in systems today.
>
> FOAF makes this distinction quite clear, with classes foaf:Person and
> foaf:OnlineAccount.   FOAF, quite reasonably, puts relationships like
> foaf:name and foaf:knows on foaf:Person.   It's interesting to know my name
> and who I know.   It might also be interesting to see which of my accounts
> are linked with other accounts, I suppose, although that's more complicated.
>
> I'm not sure exactly why people might have multiple accounts. Sometimes an
> account is provided by an employer or school and goes along with lots of
> resources, but also includes restrictions on use or limitations on privacy.
>  Sometimes an account is obtained with a particular service provider, and
> then one no longer wants to do business with them. Sometimes security on an
> account is compromised and a backup is needed.   Sometimes one just wants
> to separate parts of life, like work-vs-nonwork.   I've asked a few friends
> if they'd be willing to have exactly one computer account, and gotten an
> emphatic "No!".
>
> So the my question might be, can WebID allow that separation?   If access
> control is granted by WebID (as I've always seen it done), and WebID
> denotes a person (as I've always seen it), and the computer figures out
> that multiple WebIDs denote the same person (as it's likely to do
> eventually), then isn't it likely to grant the same access to me no matter
> which of my WebIDs I'm using?   Wouldn't that be the technically correct
> thing for it to do?
>
> In summary: WebID is doing something quite radical in the identity space
> by identifying humans instead of accounts.   Are we sure that's a good
> thing?    It seems like in practice, humans interacting with service
> providers want to have multiple distinguishable identities with separate
> authentication.  One might try to clean this up with some kind of
> role-based access control [1], but that might not solve the issue that by
> having WebIDs denote people, they prevent people from authenticating
> differently to get different access/behavior.
>
> (It's true some identity providers, like Facebook, forbid a human from
> having multiple accounts.  But I think in response we see humans get their
> additional accounts by using other providers.)
>
> The conclusion I'm tentatively coming to is that WebIDs should be 1-1
> associated with accounts, not people.  As such, they'll be associated with
> authentication, authorization, and profiles, as they are now.   But the RDF
> modelling will have to be different, with things like { <webid1> foaf:knows
> <webid2> } being disallowed.
>
> If we're going to make a change like that, making the WebID one hop away
> from Person, I'd suggest actually making it denote the account's profile
> page, so that it can be a normal URL, denoting an Information Resource.
>

Neither, it denotes an Agent (being a person or machine)

I think what you are referring to is AWW Indirect Identifiers?

http://www.w3.org/TR/webarch/#indirect-identification

[[
To say that the URI "mailto:nadia@example.com" identifies both an Internet
mailbox and Nadia, the person, introduces a URI collision. However, we can
use the URI to indirectly identify Nadia. Identifiers are commonly used in
this way.

Listening to a news broadcast, one might hear a report on Britain that
begins, "Today, 10 Downing Street announced a series of new economic
measures." Generally, "10 Downing Street" identifies the official residence
of Britain's Prime Minister. In this context, the news reporter is using it
(as English rhetoric allows) to indirectly identify the British government.
Similarly, URIs identify resources, but they can also be used in many
constructs to indirectly identify other resources. Globally adopted
assignment policies make some URIs appealing as general-purpose
identifiers. Local policy establishes what they indirectly identify.

Suppose that nadia@example.com is Nadia's email address. The organizers of
a conference Nadia attends might use "mailto:nadia@example.com" to refer
indirectly to her (e.g., by using the URI as a database key in their
database of conference participants). This does not introduce a URI
collision.
]]

Why not just link an agent to an account, perhaps as an IFP?

Timbl in his WebID has also a very interesting predicate, preferredURI ...

http://www.w3.org/2000/10/swap/pim/contact#preferredURI → "
http://www.w3.org/People/Berners-Lee/card#i"

Does this solve the mulitple identity issue?

It strikes me that an Agent and an Account are very different things, but
I'm open to persuasion.

Note: also that webfinger tried to open this can of works and ended up
minting a acct: URI scheme ... seems like fragmentation is undesirable ...


>
>        -- Sandro
>
> [1] http://en.wikipedia.org/wiki/Role-based_access_control
>
>