W3C home > Mailing lists > Public > public-webid@w3.org > May 2014

Re: Should WebIDs denote people or accounts?

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Sun, 18 May 2014 19:47:57 -0400
Message-ID: <537946AD.2020704@openlinksw.com>
To: public-webid@w3.org
On 5/18/14 1:16 PM, Sandro Hawke wrote:
> On 05/18/2014 12:26 PM, Kingsley Idehen wrote:
>> On 5/18/14 11:13 AM, Sandro Hawke wrote:
>>> On May 18, 2014 11:01:38 AM EDT, Kingsley Idehen 
>>> <kidehen@openlinksw.com> wrote:
>>>> On 5/17/14 8:05 PM, Sandro Hawke wrote:
>>>>> Oh, very interesting.   I haven't found an opportunity to talk to
>>>> TimBL about this specifically, but it sounds like he's thinking in the
>>>> same direction.   In that email he's very clearly showing a WebID
>>>> denoting a persona, not a person.
>>>> Sandro,
>>>> A WebID denoting an Agent isn't disjoint with the notion of personae.
>>> I'm fairly sure it is, Kingsley.
>>> If my WebIDs all denote me, then you can't grant access to one 
>>> without granting it to all, by RDF semantics.
>> Why are you assuming that any of my profile documents have an 
>> owl:sameAs relation, connection the identities denoted by the HTTP 
>> URI based Identifiers? Likewise, if there's no relation facilitated 
>> by an IFP how do you arrive at such, via semantics expressed in RDF 
>> based relations?
> That assumption is not required.
> By the RDF Semantics, if two RDF IRIs denote the same thing, then all 
> RDF triples that are true using one are also true using the other.

How do you know that two IRIs denote the same thing without an 
owl:sameAs relation? Or without participation in an IFP based relation? 
How do you arrive a such conclusions?

If a WebID doesn't resolve to an Identity Card (or Profile Document) 
comprised of owl:sameAs or IFP based relations, how can you claim 
coreference? You only know that two or more IRIs denote the same thing 
by way of discernible and comprehensible relations.
> What you're talking about is whether a machine might be able to figure 
> out that truth.

No, I am saying that you determine the truth from the relations that 
represent the claim.

> If I have two different WebIDs that denote me, and you grant access to 
> one of them, it's true a machine might not immediately figure out that 
> that other one also denotes me and should be granted equal access.  
> But if it ever did, it would be correct in doing so. 

Only if it applied inference and reasoning to specific kinds of 
relations. It can't just jump to such conclusions. You don't do that in 
the real-world so what does it somehow have to be the case in the 
digital realm?

> And I'm betting, with machines getting access to more and more data 
> all the time, and doing more and more reasoning with it, it would 
> figure that out pretty soon.

Email Address are ample for reconciling coreferences. Thus, if an email 
address in the object of an appropriate relation, then coreference can 
be discerned and applied where relevant etc..
> It sounds like you're proposing building an authorization 
> infrastructure that relies on machines not doing exactly what we're 
> trying to get them to do everywhere else.  Sounds a bit like trying to 
> hold back a river with your hands.

Quite the contrary, I am saying there is a method to all of this, in the 
context of WebID, WebID-Profile, WebID-TLS, and ACLs etc.. This items 
are loosely coupled and nothing we've discussed so far makes a 
defensible case for now catapulting a WebID from an HTTP URI that 
denotes an Agent to one that denotes an Account. We don't have this kind 
of problem at all.

>>> To avoid that undesired fate, I think you need WebIDs to denote 
>>> personas.
>> No, a persona is derived from the claims that coalesce around an 
>> identifier. A persona is a form of identification. A collection of 
>> RDF claims give you a persona.
>>>    As I mentioned, those personas might be software agents, but they 
>>> are clearly not people.
>> WebIDs denote Agents. An Agent could be a Person, Organization, or 
>> Machine (soft or hard). You can make identification oriented claims 
>> in a Profile Document using RDF based on a WebID.
> The question is, what kind of triples are being written with WebIDs,


A WebID is an HTTP URI that denotes an Agent.


## Turtle Start ##

a <#HttpURI> ;
<#denotes> [ a foaf:Agent ] .

a <#Identifier> .

## Turtle End ##

> and what happens when machines figure out all my WebIDs denote me? 
Now, we have a WebID-Profile document which describes what a WebID 
denotes. That document is comprised of claims which may or may no 
indicate co-reference via owl:sameAs and/or IFP based relations (e.g., 
foaf:mbox). None of this means a WebID denotes an Account.

The fact that tools can figure out that an IFP based relation with a 
mailto: scheme URI as it object is a way to triangulate coreference 
still has no bearing on the case for a WebID denoting an Account.

> Are you really being careful with every triple you write using WebIDs 
> to make sure it will still be exactly what you want to say when a 
> reasoner adds more triples just like it using my other WebIDs?


Even when dealing with owl:sameAs, we implement a verifier that won't 
even invoke an reasoning and inference if those statements are signed by 
the WebID-Profile document author. Or if those claims aren't part of the 
certificate (e.g., multiple WebIDs in SAN or using the Data extension to 
embed Turtle Notation based RDF claims in the certificate).

> It sounds to me like you are not.   It sounds to me like you're just 
> assuming that certain valid inferences will never be made.

Of course not, as per comment above.

>> We don't have a problem have a problem here at all.
> I'm suggesting that perhaps you haven't yet noticed the oncoming 
> train, Inference.

Believe me, it was my first test :-)

>      -- Sandro
>> Kingsley
>>>      - Sandro
>>>> When I demonstrate WebIDs across Facebook, LinkedIn Twitter, G+, and
>>>> many other social media spaces [2][3], I actually refer to the whole
>>>> things as being about a given persona.  None of that negates the fact
>>>> that a WebID denotes an Agent.
>>>> We have to loosely couple:
>>>> 1. identity
>>>> 2. identifiers
>>>> 3. identification
>>>> 4. identity verification (e.g., when authenticating identification)
>>>> 5. trust.
>>>> Claims represented as RDF statements handle 1-5, naturally. We don't
>>>> have a problem here, really.
>>>> [1] http://www.merriam-webster.com/dictionary/persona
>>>> [2] https://twitter.com/kidehen/status/419578364551499776
>>>> [3] https://plus.google.com/+KingsleyIdehen/posts/1pmt4gWWae2



Kingsley Idehen	
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter Profile: https://twitter.com/kidehen
Google+ Profile: https://plus.google.com/+KingsleyIdehen/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen

Received on Sunday, 18 May 2014 23:48:19 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:05:55 UTC