W3C home > Mailing lists > Public > public-webid@w3.org > May 2014

Re: Should WebIDs denote people or accounts?

From: Sandro Hawke <sandro@w3.org>
Date: Sun, 18 May 2014 16:31:37 -0400
Message-ID: <537918A9.2090703@w3.org>
To: Nathan Rixham <nathan@webr3.org>
CC: public-webid@w3.org
On 05/18/2014 01:59 PM, Nathan Rixham wrote:
> I'd suggest that this is not a technical problem and cannot be 
> addressed this way.
>
> When you add reasoners in to the mix they can quickly determine that 
> typographically different (personas/agents/uris) refer to the same 
> thing, whatever approach is used.

Not true.   They might quickly determine that two personas are managed 
by the same person, but that is not the same as determining that the two 
personas are the same thing.

Computers are perfectly capable of keeping track of my having multiple 
distinct mailing addresses, multiple distinct phone computers, multiple 
distinct phone numbers, etc.   They know they belong to the same person, 
without getting confused and thinking actually each of my mailing 
addresses is the same or each of my android devices is the same.   If 
they did, I couldn't exactly label one as being home and one as being 
office, or install some apps on one android device and not on another.

This is not hard to solve - we just have to be clear that what's being 
authenticated and authorized is a persona/account, not a human.

Unfortunately, this doesn't match WebID's self-conception, so far.

       -- Sandro


>
> Perhaps then the only way to combat this is to create the reasoning 
> programs which do this, and release them freely to people so they can 
> check their own data / persona's and quickly address any slip ups 
> which reveal identity over persona's before it's published.
>
>
> On Sun, May 18, 2014 at 6:16 PM, Sandro Hawke <sandro@w3.org 
> <mailto:sandro@w3.org>> wrote:
>
>     On 05/18/2014 12:26 PM, Kingsley Idehen wrote:
>
>         On 5/18/14 11:13 AM, Sandro Hawke wrote:
>
>             On May 18, 2014 11:01:38 AM EDT, Kingsley Idehen
>             <kidehen@openlinksw.com <mailto:kidehen@openlinksw.com>>
>             wrote:
>
>                 On 5/17/14 8:05 PM, Sandro Hawke wrote:
>
>                     Oh, very interesting.   I haven't found an
>                     opportunity to talk to
>
>                 TimBL about this specifically, but it sounds like he's
>                 thinking in the
>                 same direction.   In that email he's very clearly
>                 showing a WebID
>                 denoting a persona, not a person.
>                 Sandro,
>
>                 A WebID denoting an Agent isn't disjoint with the
>                 notion of personae.
>
>             I'm fairly sure it is, Kingsley.
>
>             If my WebIDs all denote me, then you can't grant access to
>             one without granting it to all, by RDF semantics.
>
>
>         Why are you assuming that any of my profile documents have an
>         owl:sameAs relation, connection the identities denoted by the
>         HTTP URI based Identifiers? Likewise, if there's no relation
>         facilitated by an IFP how do you arrive at such, via semantics
>         expressed in RDF based relations?
>
>
>     That assumption is not required.
>
>     By the RDF Semantics, if two RDF IRIs denote the same thing, then
>     all RDF triples that are true using one are also true using the other.
>
>     What you're talking about is whether a machine might be able to
>     figure out that truth.
>
>     If I have two different WebIDs that denote me, and you grant
>     access to one of them, it's true a machine might not immediately
>     figure out that that other one also denotes me and should be
>     granted equal access.  But if it ever did, it would be correct in
>     doing so.  And I'm betting, with machines getting access to more
>     and more data all the time, and doing more and more reasoning with
>     it, it would figure that out pretty soon.
>
>     It sounds like you're proposing building an authorization
>     infrastructure that relies on machines not doing exactly what
>     we're trying to get them to do everywhere else.  Sounds a bit like
>     trying to hold back a river with your hands.
>
>
>
>             To avoid that undesired fate, I think you need WebIDs to
>             denote personas.
>
>
>         No, a persona is derived from the claims that coalesce around
>         an identifier. A persona is a form of identification. A
>         collection of RDF claims give you a persona.
>
>                As I mentioned, those personas might be software
>             agents, but they are clearly not people.
>
>
>         WebIDs denote Agents. An Agent could be a Person,
>         Organization, or Machine (soft or hard). You can make
>         identification oriented claims in a Profile Document using RDF
>         based on a WebID.
>
>
>     The question is, what kind of triples are being written with
>     WebIDs, and what happens when machines figure out all my WebIDs
>     denote me? Are you really being careful with every triple you
>     write using WebIDs to make sure it will still be exactly what you
>     want to say when a reasoner adds more triples just like it using
>     my other WebIDs?
>
>     It sounds to me like you are not.   It sounds to me like you're
>     just assuming that certain valid inferences will never be made.
>
>
>
>         We don't have a problem have a problem here at all.
>
>
>     I'm suggesting that perhaps you haven't yet noticed the oncoming
>     train, Inference.
>
>          -- Sandro
>
>
>
>         Kingsley
>
>
>                  - Sandro
>
>                 When I demonstrate WebIDs across Facebook, LinkedIn
>                 Twitter, G+, and
>                 many other social media spaces [2][3], I actually
>                 refer to the whole
>                 things as being about a given persona.  None of that
>                 negates the fact
>                 that a WebID denotes an Agent.
>
>                 We have to loosely couple:
>
>                 1. identity
>                 2. identifiers
>                 3. identification
>                 4. identity verification (e.g., when authenticating
>                 identification)
>                 5. trust.
>
>                 Claims represented as RDF statements handle 1-5,
>                 naturally. We don't
>                 have a problem here, really.
>
>
>                 [1] http://www.merriam-webster.com/dictionary/persona
>                 [2] https://twitter.com/kidehen/status/419578364551499776
>                 [3]
>                 https://plus.google.com/+KingsleyIdehen/posts/1pmt4gWWae2
>
>
>
>
>
>
>
>
>
Received on Sunday, 18 May 2014 20:31:45 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:05:55 UTC