Re: Should WebIDs denote people or accounts?

On 5/20/14 1:59 PM, Seth Russell wrote:
> I think an Account is an Agent operated by some Entity (like Facebook, 
> Google, Bank, etc)  in service to some Persona.  The Persona agent 
> must authenticate or identify itself to the Account agent.  So it 
> would would be confusing, should be accept that ontology, to confuse 
> "Account" with "Persona" ... er at least confusing to me.
Seth,

At this juncture, Sandro's concern boils down to the cert:key [1] relation.
Today, in WebID-TLS you have:

[[
WebID Claim or Claimed WebID
A WebID Certificate can be thought of as a set of statements made and 
signed by a Certificate Authority. If the Certificate Authority is not 
known to be one whose every statement can be trusted, then the 
statements in the certificate must be thought of by a suspicious guard, 
as claimed statements only, that is as statements which have not been 
verified. In particular, statements about the Subject Alternative Names 
of the agent that knows the private key should not be assumed to be true 
until verified. A WebID Claim then is the statement of Identity between 
the Subject Alternative Name and the public key in the certificate. In 
Turtle this can be written as

EXAMPLE 1
:bob cert:key [ a cert:RSAPublicKey;
                 cert:modulus "00cb24ed85d64d794b..."^^xsd:hexBinary;
                 cert:exponent 65537 ] .

]]

I think, Sandro would like other claims to be used in regards to 
identity verification (as opposed to one) e.g., a :holdsAccount relation.

Turtle Example

## Turtle Start ##
<#bob> <#holdsAccount> [ a <#Account> ;
                                  <#accountName>"bob" ;
                                  <#accountHolderWebPage> 
<http://bob.example.com/index.html> ] .

## additional relations to flesh out the :holdsAccount relation .

## Turtle End ##

In our implementation, which isn't the norm, you have full control over 
the relations that determine Identity verification. Thus, cert:key is 
just a compatibility option for WebID-TLS. Naturally, this also extends 
to ACLs, since only authenticated identities are tested against ACL 
based rules.

Hope this clarifies the issue that I believe is troubling Sandro, which 
also concerned others (like Melvin) in the past too.

Links:

[1] 
http://kingsley.idehen.net/describe/?url=http%3A%2F%2Fwww.w3.org%2Fns%2Fauth%2Fcert%23key&graph=http%3A%2F%2Fwww.w3.org%2Fns%2Fauth%2Fcert.n3


Kingsley
> seth
>
> the #toothlessfoodie <https://plus.google.com/s/%23toothlessfoodie>
> Facebook: facebook.com/russell.seth <http://facebook.com/russell.seth>
> Blog: fastblogit.com/seth/ <http://fastblogit.com/seth/>
> Talking products: www.speaktomecatalog.com 
> <http://www.speaktomecatalog.com>
>
>
> On Mon, May 19, 2014 at 5:14 AM, Sandro Hawke <sandro@w3.org 
> <mailto:sandro@w3.org>> wrote:
>
>     (replying to messages from myself, Andrei, and Melvin)
>     Andrei, you're making me see I jumped to a conclusion about personas.
>
>     We started this thread with the distinction between Person and
>     Account, and then when TimBL's email about personas was brought in
>     I just assumed personas and accounts were the same thing.   But of
>     course they don't have to be, and computers treating them as the
>     same thing is a little clumsy.   It might be nicer if computers
>     had a separate notion of Persona....    Maybe that's that's too
>     complicated, though.
>
>     I don't think it works to equate Person=Persona, as you've done
>     above, though.  That would mean that a human being could only ever
>     have one persona, and the whole point of the persona concept is to
>     allow someone to have several of them.
>
>     I'll try to just stick with "account".
>


-- 

Regards,

Kingsley Idehen 
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter Profile: https://twitter.com/kidehen
Google+ Profile: https://plus.google.com/+KingsleyIdehen/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen