- From: peter williams <home_pw@msn.com>
- Date: Wed, 27 Apr 2011 08:21:38 -0700
- To: "'Henry Story'" <henry.story@bblfish.net>
- CC: <public-xg-webid@w3.org>
You might want to browse it - being all about the technology topics you often struggle with. ON the other hand, when looking at life anew, sometimes ignorance helps - so you is not drawn into the older mental models. Anyways, there are three terms of art: Identity verification User authentication Information assurance A term of art is rarely discussed in Wikipedia or a common dictionary. Identity verification is that act which a notary performs when he/she authenticated an individual through personal knowledge or, more likely, checking your passport or drivers license as evidence of id. The notary attests to having done that act, while then making a statement. Early in certs, for use by early Apple Mac users, one got a X.509 cert by first going to a notary, obtaining the affidavit mentioned, and then sending that as evidence of (notary-based) id verification to the CA . User authenication is the presentation of the cert to a relying party, along with a signature showing control over the private key. Information assurance has nothing to do with any of the above, except when computers are used in the processes above. If you want a birth cert from the state of Hawaii, there is information assurance practices - that support the status of a bit of paper as a "record". Long form records may be valid legally, for the purposes of id verification; or may not. Because assurance rules change, only shoft form record may not be valid, legally. Assurance rules may require "originals", and not copies, and may distintuish certified copies (from copies, and from originals). A certified copy may have to be emboseed, by a particular seal (acting as a unique signing device.) In the computer world, IA often comes down to the security audit, for the data center. If you are Comodo selling cert, and your resellers apply computers to access the minting services, and that channel is protected poorly, one can have the ridiculous situation in which the auditor performed investigations and tests that qualified the information assurance legvel as "sufficient", but non the less the channel is insecure. That's because, IA is about rules, not security. Its similar to an accounting audit that says the firm is not crooked, but it goes bust anyways. What matters is that the tests shew it was not crooked, to "assure" the public, using the services of public certified accountants. Yes apple assure the public their phone is safe. Doesn't mean the fine print of the contract is not set to allow them and their friends to spy on you, in a manner you find offense - since you didn't KNOW you agreed to it!? Its deceptive, despite the assurance. The US government assures the public that new citizens are suitable citizens. Doesn't mean they are not ex-SS officers, having spent years designed terror weapons, having run factorys making them and having actually killed 20k civilians...(in London) in attempt to terrorise an entire population. Assurance means they now fit American rules, which change with the times. In the CA world, the government generally seeks assurance that the firms will "do the right thing" - when asked. (This means spy, when served a covert order.) Its an important assurance, that the firm has CEO and staff that are "oriented" - and trustworthy, and can be trusted (to maintain the secrecy of the covert surveillance order, and scope the interception to the named individual, not the operators ex-spouse...). Put a key in the RDFa of the document. See what happens... its not logical, but then neither is a non-deterministic search that guesses. -----Original Message----- From: public-xg-webid-request@w3.org [mailto:public-xg-webid-request@w3.org] On Behalf Of Henry Story Sent: Tuesday, April 26, 2011 11:44 AM To: peter williams Cc: 'Dominik Tomaszuk'; public-xg-webid@w3.org Subject: Re: Position Paper for W3C Workshop on Identity On 26 Apr 2011, at 20:34, peter williams wrote: > Please remove the link to > http://agendabuilder.gartner.com/IAM4/WebPages/SessionList.aspx?Speake > r=7019 > 95 for my name. Or just remove my name all together (whichever is easiest). > I do not want an association with Rapattoni to be inferred by readers. > > Im mostly making a point, tuned to webid, that individuals are in > charge - and do NOT need an organizational affiliation. They also do > NOT need evidence of standing (such as garner though me worth inviting > to talk about the needs of realty, to others deploying websso). > > I know, it's a hard habit to break, since individuals have no standing > in academia; only having any authority when introduced as "faculty" > (which then governs one's credentials and one's reputations). But I thought many of your points on this list was on the importance of Information Assurance. Are universities, companies posting profiles about people not well establish ways of doing information assurance? Henry > > > > -----Original Message----- > From: public-xg-webid-request@w3.org > [mailto:public-xg-webid-request@w3.org] > On Behalf Of Dominik Tomaszuk > Sent: Tuesday, April 26, 2011 7:43 AM > To: public-xg-webid@w3.org; Henry Story > Subject: Re: Position Paper for W3C Workshop on Identity > > On 26.04.2011 12:09, Dominik Tomaszuk wrote: >> On 26.04.2011 10:36, Henry Story wrote: >>> Ok, the paper is ready for xhtml export. Any further changes can >>> then be edited in the xhtml. >> OK. In a few hours XHTML+RDFa version will be ready. > Alpha version without CSS, valid XHTML+RDFa: > > http://ii.uwb.edu.pl/~dtomaszuk/webid.html > > Regards, > > Dominik Tomaszuk > Social Web Architect http://bblfish.net/
Received on Wednesday, 27 April 2011 15:22:12 UTC