W3C home > Mailing lists > Public > public-webid@w3.org > May 2014

Re: Resumé - Re: Should WebIDs denote people or accounts?

From: Tim Holborn <timothy.holborn@gmail.com>
Date: Wed, 28 May 2014 16:37:49 +1000
Cc: Andrei Sambra <andrei.sambra@gmail.com>, Sandro Hawke <sandro@w3.org>, Seth Russell <russell.seth@gmail.com>, "Kingsley (Uyi) Idehen" <kidehen@openlinksw.com>, "public-webid@w3.org" <public-webid@w3.org>
Message-Id: <3BEC5CDA-DBD1-4D95-9E90-917D608CE20D@gmail.com>
To: henry.story@bblfish.net

On 26 May 2014, at 10:09 pm, henry.story@bblfish.net wrote:

> 
> On 21 May 2014, at 02:06, Andrei Sambra <andrei.sambra@gmail.com> wrote:
> 
>> It looks like we're making progress. In that light, I suggest we set the date for a formal call, to try to summarize this pretty long thread and come up with real actions/solutions and maybe things we can work on next.
>> 
>> Should we try something this Friday (usual 4pm CET / 10am EST), or maybe next Friday?
> 
> Some points I remember are:
>   1- we may want to talk in terms of actors instead of agents - but perhaps we can get foaf to add the notion of actor to or into their ontology
>     ( minor, as I don't think it change the semantics of the ontology )

FOAF seems for the large-part consider the identifier notions of a natural person; probably focus on providing ontological meaning to FOAF:PERSON and related roles (FOAF:AGENT), perhaps the need is for a predicate that states FOAF is being used as a description of a ROLE (AGENT) of a PERSON (AGENT:PERSON, AGENT:ORGANISATION, AGENT:Group).  

WebID could support PERSONS, ORGANISATIONS and THINGS.  This would be best done by providing a WebID ontology IMO.  Example of an organisational ontology http://www.cs.umd.edu/projects/plus/SHOE/onts/org1.0.html - which presents an array of identifiers or ‘facets’ outside of the FOAF Scope. (i’m not sure which is the best organisational ontology?)

>   2- examples in the WebID spec should cover examples of Agents, and not just foaf:Person, and perhaps even some examples with roles, and how that ties  or not to linked identities.
>   3- btw, I noticed that the main page http://www.w3.org/2005/Incubator/webid/spec/ is missing some text . It says " Following up on an earlier paper by”
+1
> There was meant to be a pointer to a paper there by TimBL, which has been lost.
> 
> Other issues?
> 

Perhaps the WebID Charter: —> 

Overtime, i’ve come to consider that WebID is a vehicle for W3 that seeks to Webize Identity.  Perhaps this is mistaken?  The spec starts by describing the SocialWeb, but is then applied to roles a person plays and the different communities people have, different social-web’s, most notably the application of WebID with RWW ACL’d Cloud Storage, and decentralised applications that support it.   

In reading the spec - it starts by focusing on a global distributed social-web.  It then goes onto describe: “This specification outlines a simple universal identification mechanism that is distributed, openly extensible, enabling each person to control their identity, and to build a decentralised web of trust, which can be used to allow fine grained access control.” 

- ‘actor’ or actively interacting? -- meaning, anything from a smart light globe to a 3 year old on an iPAD to a consultant working with several different organisations, all of whom have the consultant working with an array of different customers? 

Person
- Child
- Partner
- Owner of Property
- Author of work
- Parent
- Employee
- Consultant to
- Authority to act for other entities for specified purpose
- Authority to associate with Specified entities for Authorised purpose
- Authority to access specified accounts

etc. 

Depending on the definition, Social-Web becomes only one potential application for the Specification. Web-Payments (as an example) has critical identity requirements, and is only one example of potential interoperability opportunities.   Defining a library of different foaf profiles, when only one foaf.rdf is connected to the CERT seems problematic, especially when organisations have an array of different policies which may unbeknownst to the employee, result in an individual connecting to their private & personal online resources using a credential that denotes that individual as an agent of an organisation, for the purposes of that cert.

IMO
When FOAF is specifically used to describe, notate or denote identity in relation to a Natural Person (exclusively); the ontology becomes far less ambiguous, and starts to make (or provide) more 'sense'.  In my re-reading of FOAF, when ontologically applied to people specifically, in the role of an ontological document denoted as an agent; the format becomes free from ambiguity.  

The current description of Foaf:agent class seems to create ambiguity when applied to a service deploying WebID-TLS Certs. 

FOAF URI’s; and the entity relationship isn’t clear to me, unless i own and operate the account services platform - the server-side platform is then using to store data in relation to the WebID Credential.  However, when i select to subscribe to a service that provides and supports the server-side platform on my behalf (perhaps i just don’t have time or knowledge to manage the colo’d runtime); the distinction of whether i’m an agent of the platform or using the platform for purposes on behalf of myself, becomes less clear ontologically.  It is extremely free from ambiguity that it describes me, but doesn’t seem to clarify sufficiently whether i’m contributing on my own behalf or ‘gifting’ for 3rd party purposes. 

I consider a ‘person’ to be a predicate to the notion of a ‘person’ acting as an ‘agent’. Foaf uses AGENT as the predicate to PERSON, implying perhaps that the document is the agent for the person? So, perhaps when applying FOAF to WebID-TLS a higher-ontological facet needs to state clearly who the TLS relationship (and related ACL’d resources) belongs to, as the TLS Cert becomes the ‘door key’ or tangible bit of code / title, asserting access ACL’s to resources and identity structures for decentralised app’s that support such functions.   

Therefore becoming a description of ‘persona’ (or similar english concept regardless of the transmutations for what is likely staggered fiduciary responsibility).  Perhaps the implicit rational is that the FOAF document itself is the agent for the person, which has been supplemented in some fashion post authentication - but then the specification says, 'eg person, group, software or physical artefact” whilst continuing to support properties generally pertaining to a person, in addition to supporting subclasses of ‘group, person and organisation” where the primary key is ‘agent’.  

As a method of description, perhaps these definitions have different conceptual inference to when it is used as an identity statement (being the primary).  Organisations don’t have a gender, or educational URL’s, and arguably many of the other facets relating to FOAF could better be described in relation to someone who works for an organisation, or is involved with a project governed by an organisation, but then how a document could describe to be AN agent for BOTH a person and an organisation, starts to become confusing to me, less linear perhaps.  

Additionally with regard to ‘groups’; the concept of ‘centralised’ vs. ‘peered’ groups (that is, when someone in particular controls the group, vs. an organic group) .  I can understand how that may be used to create an address book section, in relation to a primary FOAF (perhaps with ACL’d access), but also a foaf could be created that is decentralised, to denote the group - which would then be a fictitious concept or label for the group, rather than an entity beyond the realm of the document.

The FOAF text states;

It is important to understand that the FOAF vocabulary as specified in this document is not a standard in the sense of ISO Standardisation, or that associated with W3C Process. [1]

The Person class represents people. Something is a Person if it is a person. We don't nitpic about whether they're alive, dead, real, or imaginary. The Person class is a sub-class of the Agent class, since all people are considered 'agents' in FOAF. [1]

SO: IF FOAF IS USED FOR PERSON or in direct relation to a Natural Legal Entity EXCLUSIVELY…

LifeShare [2] / Google+ Circles - seemed to consider the ability to draw different FOAF profiles (inclusive of WAC/ACL's) that in-turn may represent different ‘persona’ - or circles.  In relation to a WebID, i’d prefer to have one TLS CERT that signifies I have / own it, perhaps as an ACTOR which is then specified (for my personal purposes) as FOAF:PERSON - however theoretically, i’d imagine if a FOAF file exists, someone can tie a WebID-TLS Cert to it. 

If the Term ‘Actor’ were specified a WebID ontology (could be in the certificate ontology); then actor could define the device, or a company, or a person: or perhaps Actor refers to a person which then needs a FOAF file, and other terms are used to signify a device that is used or administered by a person; and/or an incorporated entity for which a person is denoted in supporting a role, perhaps reflected back through a FOAF:AGENT:organisation reference. 

Equally; when considering BYOD [3] A company may issue me a CERT for the purposes of FOAF:AGENT, however this would have separate ACL’s to my own graph; which i imagine, benefits from TLS cert separation. Equally,  perhaps a single TLS Cert may be provided access to an array of different ‘agent’ (persona) data - which brings about an issue of how to separate the streams, perhaps server side (given data is stored in ‘cloud’ orientated instances (i.e.: data.fm), rather than end-points / UI (browser on iPAD)). I imagine a default, and a secondary authentication mechanism to separate persona, using the same CERT? 

EXAMPLES
- If i had a ‘public foaf’ connected to my WebID (when i’m acting on my own behalf); i might have one ‘persona’ relating to my 'W3 profile’ which linked to contributions, communities, address book, etc. 
- when working for a company, like a telco.  The WebID on the machine may state that I am acting on behalf of the company, for which i am an authorised agent.  I might then share some of my data which creates a knowledge transaction between my work ‘on behalf of myself’ and my gainful employment ‘on behalf of a company’, as an agent rel: person. Perhaps for support, the RWW Location for storing and supporting that location could be at rww.w3.org/community (or some such thing. Like the existing communities profile), and provide the ability for me to link my WebID. I guess, therein an interesting concept comes about where the views expressed in the community, can be differentiated by the entity relationship for which the contribution is made. Are comments on W3 as a representative to a company (with a specified commerce agenda) or. those doing so acting as an individual without company (or contract) law governing their actions as a representative. Perhaps a W3 contributor may have two separate profiles, one where their views as an agent for an incorporated entity differ from those they have as an individual; and whilst denoting the specific difference of any particular view, being capable of denoting which ‘persona’ or ‘role’ the contributor contributes, is in itself an important distinction. 

In other formats of potential use-cases for a WebID; I may also have an Account that represents my House[4] (a property or ‘thing’ with or without a legal title / notated purchase / proof of ownership document) - so i can control my internet fridge, light-globes and other smart-devices - but then i’d like to provide access to an array of people, on different terms - i might rent the place out for a week whilst on holiday - and want to assert those visitors have ACL’s to turn on/off the devices in the home (only for the period of their stay); and perhaps, the WebID for the house gets sold with the house, and the new-owners can remove my access to it once possession has been transferred.  Perhaps someone likes my TV so much they decide to borrow it, so my RDF can tell me where it turns up and let me agree to the displacement, or send someone to go retrieve it.

Perhaps the question becomes - is a WebID designed exclusively for the SocialWeb or is it designed as a WWW universal HTTP Identity mechanism, supported by W3 communities, etc. 

http://trustengine.org/ comes to mind, inherent issues of achieving such a thing therein; the need for open-standards towards such hopes, supports; but binding WebID-TLS to FOAF just seems too narrow.  My initial criticisms were around the ontological distinctions of FOAF and different interpretations, reading the spec again - i think the authorship of the documentation itself is a bit mixed with views..  ATM, i’m thinking FOAF = PERSON or ROLE OF PERSON - not company, organisation, TV, LightGlobe, NFC Smart Milk carton, etc.  The latter of course, would have some form of ID, and perhaps Rel:foaf, however attempting to describe that in FOAF doesn’t really support the identity.

I think also many people see the examples with a single FOAF document and think everything FOAF needs to be accessible within that one document (rather than separating FOAF’s and having separate ACL’d / protected resource FOAF Documents).
 
I believe the best possible answer - is to make a WebID ontology so that the intention of WebID can be autonomously developed without undue dependancies put upon the FOAF development community.  Of course, the WebID ontology should support FOAF but not exclusively.

[1] http://xmlns.com/foaf/spec/#term_Person
[2] http://bblfish.net/blog/2011/11/11/
[3] http://en.wikipedia.org/wiki/Bring_your_own_device
[4] http://lists.w3.org/Archives/Public/public-webid/2014May/0232.html

> 
> 
>> 
>> -- Andrei
>> 
>> 
>> On Tue, May 20, 2014 at 6:27 PM, Timothy Holborn <timothy.holborn@gmail.com> wrote:
>> 
>> Given many services are currently "free" it is arguable, who is providing the service to who. Are you the advertiser - or the customer...??
>> 
>> In ontological syntax, it has been my concern that the lang. Focuses on the needs of a service operator, rather than that of the user.  The difference is that of a provider having "duty of care" over an accounts data; as that data is purported to be the property of the actor who established the account (meaning the end-user); vs. accounts facilitating growth of a platform, where actors are more so orientated towards becoming almost like "hive" members, in a honey farm.
>> 
>> Perhaps poor explanation.  My view is that we shouldn't pick which side, but provide the functionality for both.  Therefore persona is important to me.  As somewhere on that cloud, I'll want a person document, and a bunch of persona documents.
>>  
>> My arguments for persona (in jan) are http://lists.w3.org/Archives/Public/public-rww/2014Jan/0007.html
>> 
>> Sent from my iPad
>> 
>> On 21 May 2014, at 6:08 am, "henry.story@bblfish.net" <henry.story@bblfish.net> wrote:
>> 
>>> 
>>> On 20 May 2014, at 21:57, Sandro Hawke <sandro@w3.org> wrote:
>>> 
>>>> On 05/20/2014 03:45 PM, Seth Russell wrote:
>>>>> 
>>>>> On Tue, May 20, 2014 at 12:30 PM, Kingsley Idehen <kidehen@openlinksw.com> wrote:
>>>>> Alternative Name
>>>>> 
>>>>> Ok.  except a Persona name is not an "*Alternative* Name".   If i go on the web as Seth or I choose to go on the web as Patty, "Seth" is not a alternative name for "Patty".   Were that to become true in the linked data world, then i would have been outed by the CyberMonster :(
>>>>> 
>>>> 
>>>> FWIW, my sense is the problem manifests even without thinking about certs -- it's there as soon as the user says "that's me!" about a WebID, and systems understand that WebID to denote a human being, instead of a persona.
>>>> 
>>>> Today my wild idea for the easiest fix would be to make two subclasses of foaf:Person, perhaps named foaf:Persona and foaf:Human.  Then the WebID can still denote a Person, and it's clear that might be a Persona or it might be a Human.  
>>>> 
>>>> It's a bit odd, but consider http://en.wikipedia.org/wiki/Corporate_personhood .  (They use the term "natural person" where I say "human".)   Given this idea that the class Person and the class Human are not the same, maybe a more specific class is needed when talking about instances of Homo Sapiens.  And if we're going to do that change, we can take advantage of it to solve this whole WebID issue.    Convenient, eh?
>>> 
Human is a good distinction from the legal inference that a company is a person in the eyes of the law (at least in some countries, haven’t checked all spaces / places);  Problem is of course, that it has humans who act on its behalf and we don’t goal / jail corporate entities, only those humans who we believe behaved in a manner that wronged society in someway (including in relation to non-human people.).  Perhaps the bigger problem is that when someone signs-up to a website, they generally don’t read the T’s & C’s, so, do they know what their signing-up for? and what the terms of the persona are explicitly?  most assume, ‘it’s for them’ - ‘and it’s free’...

>>> yes, or since WebID is defined in terms of foaf:Agent not foaf:Person you could have a subclass of foaf:Agent named foaf:Persona .
>> 
>> Persona = a role or realm of a natural legal entity.
+1 
>> 
>>>> 
>>>> The problem with this solution is that non-lawyers laugh (and often get angry) at the idea of Corporations being People.
>>> 
>>> But I don't think they'd have problems with Corporations being Agents ( in the philosophical sense of "that which acts with intention" ),
>>> or with the notions of Actors, which may be a better term. ( I wonder if actor-network theory, which I know little of, would help here )
>> 
>> The term "actor" seems to be rather clear, in that it refers to a legal entity.  Someone that has the capacity / authority to act.
>> 

Differentiates from ‘agent’ as defined by FOAF.  WebID Should have its own ontology that simply denotes whether the WebID-TLS Cert denotes someone acting on who’s behalf; or alternatively perhaps - the ability to relate ‘something that speaks internet’ to a person / legal entity, for ACL purposes.

>>> 
>>>> 
>>>>        -- Sandro
>>>> 
>>> 
>>> Social Web Architect
>>> http://bblfish.net/
>>> 
>> 
> 
> Social Web Architect
> http://bblfish.net/
> 


Received on Wednesday, 28 May 2014 06:40:40 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:05:55 UTC