Re: Should WebIDs denote people or accounts?

On 5/18/14 8:40 PM, Sandro Hawke wrote:
> On 05/18/2014 08:17 PM, Kingsley Idehen wrote:
>> On 5/18/14 4:31 PM, Sandro Hawke wrote:
>>> On 05/18/2014 01:59 PM, Nathan Rixham wrote:
>>>> I'd suggest that this is not a technical problem and cannot be 
>>>> addressed this way.
>>>>
>>>> When you add reasoners in to the mix they can quickly determine 
>>>> that typographically different (personas/agents/uris) refer to the 
>>>> same thing, whatever approach is used.
>>>
>>> Not true.   They might quickly determine that two personas are 
>>> managed by the same person, but that is not the same as determining 
>>> that the two personas are the same thing.
>> Only if you provide the information that makes that feasible.
>>
>>>
>>> Computers are perfectly capable of keeping track of my having 
>>> multiple distinct mailing addresses, multiple distinct phone 
>>> computers, multiple distinct phone numbers, etc.   They know they 
>>> belong to the same person, without getting confused and thinking 
>>> actually each of my mailing addresses is the same or each of my 
>>> android devices is the same.   If they did, I couldn't exactly label 
>>> one as being home and one as being office, or install some apps on 
>>> one android device and not on another.
>>>
>>> This is not hard to solve - we just have to be clear that what's 
>>> being authenticated and authorized is a persona/account, not a human.
>>
>> And why do you believe that:
>>
>> 1. WebID isn't clear about being an Identifier that denotes an Agent?
>>
>> 2. That WebID-Profile Documents aren't RDF documents that describe 
>> the referents of WebIDs (i.e, they are Identity Cards) ?
>>
>> 3. That WebID-TLS isn't about authenticating the claims in the 
>> WebID-Profile document ?
>>
>>>
>>> Unfortunately, this doesn't match WebID's self-conception, so far.
>> Only if you are conflating WebID [1], WebID-Profile [2], and 
>> WebID-TLS [3], which is still a general problem we have with the 
>> term: WebID.
>>
>
> I'm fairly confident I know what those terms mean.  I talked to folks 
> coming out of the meeting where WebID-TLS was split from WebID, in 
> Lyon, and got the story at the time.
>
>> WebID is simply an identifier that denotes an Agent. WebID-Profile is 
>> a profile document that describes what a WebID denotes.
>> WebID-TLS is an authentication protocol that verifies the claims made 
>> in a WebID-Profile document or Identity Card.
>>
>> Could it be that you are indicating to the spec editors that some 
>> organizational issues exists re., layout and overall presentation? if 
>> that's your concern, then I can certainly see where you might be 
>> coming from etc..
>>
>
> That was my hope when I started this threat, but that hope has died.
>
>> Links:
>>
>> [1] 
>> http://www.w3.org/2005/Incubator/webid/spec/identity/#the-webid-http-uri
>
> The diagram is very clear that the WebID denotes the person.
>
> You have also been very clear about that in your emails.
>
> Since the WebID is also what the user authenticates as, and what 
> authorization is granted to, in the systems I've seen, that means the 
> unit of authentication and authorization is the person.

No.

The Identification of the Agent i.e., the claims made about the Agent 
determine accessibility to a protected resource. If it was simply the 
WebID, of course its totally dead and broken, absolutely!!

I think we are getting closer, but its ultimately going to boil down to 
some practical interop demos. I am increasingly confident that our 
concerns are aligning albeit via different routes.

A WebID cannot be the focal point. It is simply the identifier on to 
which claims are pegged, so to speak. Identity claims are what are 
verified and then used to determine Trust.

>
> That's not acceptable to me as a user, and I think many other users 
> will also find it unacceptable.

Yes, they would if it was simply the WebID rather than the claims pegged 
to a WebID.

>
> I don't see how we can expect to build mass-market systems using WebID 
> until this is changed.

We simply need to make the of WebID, WebID-Profile, WebID-TLS, and 
Resource Access Controls cleaner and clearer. To date, our biggest 
problem has been the time it took to decompose WebID into WebID, 
WebID-Profile, and WebID-TLS. The lag time has also had immense adverse 
effect on the subject of ACLs.

We are certainly getting closer :-)
>
>
>


-- 

Regards,

Kingsley Idehen 
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter Profile: https://twitter.com/kidehen
Google+ Profile: https://plus.google.com/+KingsleyIdehen/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen