Re: Web Identity specification and Social Web

On 24 February 2014 15:46, Manu Sporny <msporny@digitalbazaar.com> wrote:

> On 02/24/2014 08:25 AM, Kingsley Idehen wrote:
> > The attributes you've outlined above constitute Identification,
> > based on verifiable Identity. Thus, you are referring to a Web
> > Identification spec whereby a collection of Identity Claims (as
> > you've listed above) are used as the basis for verifiable
> > Identification of an entity denoted by an Identifier.
>
> I don't disagree with the statement above. :)
>
> I also think that "Web Identification" is going to be a very confusing
> term for most developers. It's not immediately obvious how "WebID", "Web
> Identifiers" and "Web Identification" are different. I'm sure the OpenID
> Connect folks have had loads of discussions about this. We should see if
> we can re-use the terminology they ended up using (unless it's equally
> awful). :)
>

We talked this through at length with Tim at TPAC just over a year ago.

After much debate we came up with two proposals for a WebID.

1. A hash based HTTP URI that denotes an agent

2. An HTTP URI that denoted an agent.

Tim's preferred formulation was (1) which I've actually come to like more
and more.  But (2) was voted the definition, I think (1) should be noted
carefully.

Kingley's excellent work on YouID actually takes it a step further and
incorporates almost any system you can imagine.


>
> > Note, the following are loosely coupled:
> >
> > 1. Web Identity spec -- this is just about entity denotation e.g., a
> >  WebID (which is just an HTTP URI used to denote entities of type:
> > foaf:Agent)
>
> +1, although I don't think we need a spec to say: "An identity is
> denoted via a URL".
>

I think it's essential to define terms clearly.  Why would we not want to
use this definition, or do you have a better one?


>
> > 2. Web Identification -- this covers identity claims associated with
> > a WebID (for instance) or other Identifiers (e.g., those supported
> > by OAuth)
>
> +1
>
> > 3. Web Identification Verification -- this would be about protocols
> > for verifying identity claims.
>
> I don't see much point in decoupling #2 and #3 other than design purity.
>

I think these elements need to be logically decoupled in a modular way.
This way different mechanisms can be built together for identity,
verification and access control.  Defining a one size fits all solution for
identity is the road to hell, imho

How about reusing this work and building on it?

https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/index.html

I think it would only need to be tweaked here and there.


>
> How you make a claim about an entity should probably be verifiable to be
> useful to the Web platform. Having the former without the latter is not
> very useful from a Web Payments perspective (and this is why the badly
> named "Web Identity" spec includes both the expression and protocol for
> modification of claims).
>

Claims and the web are logically separate things.  Most claims historically
as signed on paper.  There does not need to be a tight coupling.  For
example bitcoin distributed ledger does not rely on the web but the web
could support it ...


>
> -- manu
>
> --
> Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
> Founder/CEO - Digital Bazaar, Inc.
> blog: The Worlds First Web Payments Workshop
> http://www.w3.org/2013/10/payments/
>
>

Received on Monday, 24 February 2014 14:58:27 UTC