- From: peter williams <home_pw@msn.com>
- Date: Wed, 27 Apr 2011 19:12:49 -0700
- CC: <public-xg-webid@w3.org>
So what is our 2 year goal for grouping, to be characterized in the Berlin meeting? One option is to say: the kind of world github runs today registering ssh keys, binding them to a profile, and running a social grouping/relating concept for collaborative programmers .... can evolve. Github or the next github can simply buy a virtuoso instance/service, and offload the whole profiling process (including the key of the channels, now using https rather than ssh). It will come with a friending/relating apparatus, easily tuned up to the git hub type culture. This is the "community of interest" hub, all n of them. If github wanted to store metadata about repos in the same triple store, even better. Or, we can say that the goal of webid is to support a national id program, in which a webid can be seen to enabling any hospital in two years to grant you access to your health records - and that's because the trust model has the assurance required to satisfy that level of privacy expectation of the public. I think we are focused on the github type community, from what I read. Perhaps I need to backoff the IA story, which focuses on such as the health records, or the access to e-Gov services, or tax filing...or filing a petition on process X. its much harsher set of policy needs, than merely allowing folks to relate and find commonalities that bind them to each other. We could have a schema for IA, all expressed in RDF descriptive frameworks and OWL, but this seems premature. First, we simply show github how to adopt webid, much as sourceforge adopted openid. Increasingly, we are going to be asked for compared webid with websso. I think we are going to have to find a story there, and it feels like it's going to be around the "social be-friending" aspects of webid, where the characteristics of semweb technology easily allows the likes of a github to super-impose their particular be-friending concept - that generates the unique grouping concept. When aligned with semantic pingback, I can see this being distinctive from websso, now mature and relatively unlikely to change in concept, that much -----Original Message----- From: public-xg-webid-request@w3.org [mailto:public-xg-webid-request@w3.org] On Behalf Of Henry Story Sent: Wednesday, April 27, 2011 4:01 PM To: peter williams Cc: public-xg-webid@w3.org Subject: Re: Position Paper for W3C Workshop on Identity On 28 Apr 2011, at 00:23, peter williams wrote: > So, all it comes down to is, as relying party, pick your favorite go club? > Is all we offer: just form up your own link graph? If go had no rules of quality then their ranking would have no meaning. Try going to a go club and pretending you are a higer or lower rank than you really are. You will see it will be evident very soon. > Then, on that basis, there are a n million parties claiming to be > authorities, People can claim to be authorities, but that does not make them so. > all with nothing to substantiate their claims. It's all just a mouth > off - including the infamous Oxford School of Auto Engineering (a > technical school teaching motor mechanics, leeching off the Oxford > name, apparently). Perhaps you prefer the Polish national CA, because > at least is Polish (vs American). Perhaps one has a pretty rainbow > flag. Pick something that fits with your sense of identity? Who said that anything that anybody says goes? I said universities were good at giving information about the degrees someone has, and go clubs good at telling the ranking of players. And that you are good at telling who your friends are. Why do you try to distort what I am saying? Henry > > Is that it? Is this what we now offer as a global trust model: pick an > interest group, where the tone feels right? > > What is semweb offering that I cannot do, right now, with a facebook > friends list (which already largely does the above)? > > There is nothing in technology that makes the slightest difference to > the interest-group association model, we have to be able to admit that > to ourselves, at this point, I hope. One can build links of certs, > cross certs (in the Entrust world view), links of facebook groups, or > links of websites (in the webid view). All of them are a mere > representation of a linked space. > > (a definitive breakthrough we have made is to make public key crypto a > fundamentum of semweb, which was not true before provenance and webid. > There was a bit of PGP in university land, but that was as far as the > thinking had > gone.) > > If we truly are denying that there can be any notion of authority, > then Im not sure what we are replacing it with. It all seems very tribal. > > The only thing Ive ever heard you argue in the authority asix is that > you want the US government in charge of server certs and the > underlying naming authorities - since that underlying assurance (a bit > like the broken US > dollar) is nonetheless better than any other option. It's the least > worst option. > > I cannot wait to see the Berlin paper, I have to admit. There, we see > the trust model outlined, in which Im hoping that the raw technology > written up in the identity paper reasons why the additional theorems > added by the semweb technologies - suppressed in that paper for an US > audience concerned with today and next week - define an entirely new > class of trust model that can (and should) exist. Then, we have to > ensure we state why a tweak of SSL and X.509 ( as awful as it is) > cannot implement the same once its defined (since fixes to the > commodity is a constant threat to our "advanced" work, and consistent with how American infrastructure typically capitalizes). > > Im not sure what I can add to that Berlin paper, except to do what we > have been doing today - which is to frame that *against which* we > collectively lay a *contrasting* position. We have to be seen to > understand the reality of today (as it was supposed to be by its > designers, and as it actually is > 15 years later as represented by "domain-certs"), and then offer a solution. > > Im not sure anyone cares about creating a tribal planet, though, full > of virtual tribes. Attacking the trust in the nation state and its > public institutions is going to be a hard sell. We may be a 100 years > too early, on that one. > > Anyways, off to watch a pomp and circumstance parade. > > -----Original Message----- > From: public-xg-webid-request@w3.org > [mailto:public-xg-webid-request@w3.org] > On Behalf Of Henry Story > Sent: Wednesday, April 27, 2011 2:15 PM > To: Peter Williams > Cc: <public-xg-webid@w3.org> > Subject: Re: Position Paper for W3C Workshop on Identity > > > On 27 Apr 2011, at 19:52, Peter Williams wrote: > >> If the uni has a business school specializing in accounting, an MBA >> will > make the person not bad at accounting assurance. It's a lot better > than me, with my science degrees. >> >> If the uni is royal holloway (London) and you do the specialized >> master on > information security, again a masters or diploma (higher) is not bad - > for information assurance. >> >> But an accounting/security audit performed by either person does not >> meet > public policy. neither use prescribed methods, so the result from any > audit firm us equivalent. > > That's because the uni does not audit the work of those accountants, > it audits their education. > I audit my friends. > You audit yours. > The go club audits people's ability to play go. > ... > >> >> If the uni-qualified person gets a cissp certification (should be >> easy for > royal holloway folks). You are now fit to be trusted in a ca firm - to > cooperate with an FBI order say (assuming personality and politics > fits). A wikileaks activist would qualify but be rejected on politics > (assume the covert part would be compromised). If the person shows > lack of political disclosure, hiding wikileaks association say, again > this is a reason for elimination (from a ia trust job, specifically). >> >> If the auditor performs tests, the certified ia engineer can be >> assumed > familiar and can assist get to the facts desired. If the facts depend > on records, in an periodic audit, one can be assumed to know how not > to fail the audit due to missing procedural steps ( numbered pages are missing... > Etc). >> >> If one offers a compensating control (all our employees are born and > raised citizens with current disa clearances) we don't need to rely on > those evil foreign university transcripts (full of assumed malice and > unreliability - being from foreign sources, Assumed inherently > untrustworthy by us govt processes). Thus one show by design and > operations the risk of foreign influence is controlled by assumption > (reasonable), so that the auditor does not need to now go sample the > foreign transcript process (which doesnt exist, being made irrelevant by the citizen test). >> >> The ca audit I passed was carefully structured to play the ia game. >> One of > the hardest criteria sets to pass concerns networking (just choc full > of gotchas, and expense). So, for a root ca (and it's audit) don't > network the computer. Really. >> >> Another gotcha set concerns correctness , of key management. Software > crypto is hard to test and audit. F0r root ca, one had to show fips > 140-1 level 3 compliance - which essentially denies any software > claims, and tests the entire lifecycle of keys (distinguishing the > semantics of key erasure from key destruction say), with an > accountability trail for each and every cloned key (for dr purposes, > since all devices fail). All is subject to realtime sampling, testing, and comparison with the stated handling rules. > One test wheter junior staff know the rules, and what happens when > both senior folks are on trips (during the 2am emergency). > > yes, and after all those audits the CA's just check people's e-mail > addresses and send them the CA! > >> >> Etc etc >> >> It gies on for 100 more pages, like this. No. Its A 1000 pages. It's > endless. >> >> This is information assurance. >> >> NSA has a nice website on the topic, being the ia lead in the us. >> Getting > anyone to do it , given the cost and hassle factor, is hard - > especially when revenues just don't support the overhead (eg realty > mls business). Its easy to do if your a defense contractor on billion > dollar contracts (being an aspect of general quality management). If > consumers pay per person $50 a year for cloud office, with sufficient > numbers and a standard set of software perhaps it's economic. For > small mainstreet firms hosting web apps , it's prohibitively > expensive. The mere fact Henry installed the 59 router from the > supermarket dooms the audit to fail (or be prohibitively expensive, more likely). >> >> So reason by analogy. What test does the ministry of education >> perform on > the test centers for public school exams done in high schools , to > assure the public that the proctoring is doing what the (non deceived) > public expect of proctoring and national education certificates? > > yes, something like that. If you want to look at it through auditing > glasses, that's how it works. Not everything has to be fail proof to work. > You know a lot of things around you, as I pointed out before, even > though you don't and cannot know you are not a brain in a vat on alpha > centauri being made to think you are typing these e-mails. > >> >> My cissp is something I cite (since I struggled to pass, even after >> all my > years of security experience). My ccna is something I failed (despite > 20 years of doing certain but not all packet switching defile) but I > cite too (being reassurance I'm not a fraud, in basic data switching) > I don't cite my ccsp or much as the course runners gave me what I now > judge to be 90% the actual exams to practice, beforehand. This makes > them pointless American it certifications (for assurance purposes, as > any science major can cheat, having great exam technique by that > point). Not totally useless (I did 12 months self study in 2 weeks, > and could really understand the curriculum, allowing a year of further > very focussed self teaching). But not something I'd cite to get a job actually fixing high end cisco or Microsoft systems. > I'd be a fraud, offering false assurances. >> >> Make sense now? >> >> Nothing to do with cert technology. Applies to 15th century ciphers too. > Just more important for certs, as the damage is so much greater > (worldwide public confidence). >> >> >> On Apr 27, 2011, at d8:39 AM, Henry s <henry.story@bblfish.net> wrote: >> >>> >>> On 27 Apr 2011, at 17:21, peter williams wrote: >>> >>>> You might want to browse it - being all about the technology topics >>>> you often struggle with. ON the other hand, when looking at life >>>> anew, sometimes ignorance helps - so you is not drawn into the >>>> older > mental models. >>>> >>>> Anyways, there are three terms of art: >>>> >>>> Identity verification >>>> User authentication >>>> Information assurance >>> >>> Ok, so when you go to a university, the Uni educates you, then tests >>> you, then gives you a degree. That is information assurance! What is >>> the > information? >>> >>> Uni assures { X has Degree; >>> field :medicine >>> course </2011/Med/Liver> .. } >>> >>> Presumably that means that he knows a certain amount about the >>> subject. But nothing is absolutely final of course as you point out. >>> His thesis may have been plagiarised, as recently happened in >>> Germany when the Minister of Defence was found to have employed >>> someone else to > write his thesis. >>> >>> http://online.wsj.com/article/SB100014240527487045060045761739707650 >>> 2 >>> 0528.html >>> >>> If the university had given Karl-Theodor zu Guttenberg a WebID, they >>> would not remove their claim from his doctoral certificate page. >>> >>> So it is easy to do assurance using WebID, and to remove assurance too. >>> >>> Henry >>> >>>> >>>> A term of art is rarely discussed in Wikipedia or a common dictionary. >>>> >>>> Identity verification is that act which a notary performs when >>>> he/she authenticated an individual through personal knowledge or, >>>> more likely, checking your passport or drivers license as evidence >>>> of id. The notary attests to having done that act, while then >>>> making a statement. Early in certs, for use by early Apple Mac >>>> users, one got a X.509 cert by first going to a notary, obtaining >>>> the affidavit mentioned, and then sending that as evidence of >>>> (notary-based) id > verification to the CA . >>>> >>>> User authenication is the presentation of the cert to a relying >>>> party, along with a signature showing control over the private key. >>>> >>>> Information assurance has nothing to do with any of the above, >>>> except when computers are used in the processes above. If you want >>>> a birth cert from the state of Hawaii, there is information >>>> assurance practices - that support the status of a bit of paper as a "record". >>>> Long form records may be valid legally, for the purposes of id >>>> verification; or may not. Because assurance rules change, only >>>> shoft form record may not be valid, legally. Assurance rules may >>>> require "originals", and not copies, and may distintuish certified >>>> copies (from copies, and from originals). A certified copy may have >>>> to be emboseed, by a particular seal (acting as a unique signing >>>> device.) >>>> >>>> In the computer world, IA often comes down to the security audit, >>>> for the data center. If you are Comodo selling cert, and your >>>> resellers apply computers to access the minting services, and that >>>> channel is protected poorly, one can have the ridiculous situation >>>> in which the auditor performed investigations and tests that >>>> qualified the information assurance legvel as "sufficient", but non >>>> the less the channel is insecure. That's because, IA is about >>>> rules, not security. Its similar to an accounting audit that says >>>> the firm is not crooked, but it goes bust anyways. What matters is >>>> that the tests shew it was not crooked, to "assure" the public, >>>> using the > services of public certified accountants. >>>> >>>> Yes apple assure the public their phone is safe. Doesn't mean the >>>> fine print of the contract is not set to allow them and their >>>> friends to spy on you, in a manner you find offense - since you >>>> didn't KNOW you agreed to it!? Its deceptive, despite the assurance. >>>> The US government assures the public that new citizens are suitable >>>> citizens. Doesn't mean they are not ex-SS officers, having spent >>>> years designed terror weapons, having run factorys making them and >>>> having actually killed 20k civilians...(in London) in attempt to >>>> terrorise an entire population. Assurance means they now fit >>>> American > rules, which change with the times. >>>> >>>> In the CA world, the government generally seeks assurance that the >>>> firms will "do the right thing" - when asked. (This means spy, when >>>> served a covert order.) Its an important assurance, that the firm >>>> has CEO and staff that are "oriented" - and trustworthy, and can be >>>> trusted (to maintain the secrecy of the covert surveillance order, >>>> and scope the interception to the named individual, not the >>>> operators > ex-spouse...). >>>> >>>> Put a key in the RDFa of the document. See what happens... its not >>>> logical, but then neither is a non-deterministic search that guesses. >>>> >>>> >>>> -----Original Message----- >>>> From: public-xg-webid-request@w3.org >>>> [mailto:public-xg-webid-request@w3.org] >>>> On Behalf Of Henry Story >>>> Sent: Tuesday, April 26, 2011 11:44 AM >>>> To: peter williams >>>> Cc: 'Dominik Tomaszuk'; public-xg-webid@w3.org >>>> Subject: Re: Position Paper for W3C Workshop on Identity >>>> >>>> >>>> On 26 Apr 2011, at 20:34, peter williams wrote: >>>> >>>>> Please remove the link to >>>>> http://agendabuilder.gartner.com/IAM4/WebPages/SessionList.aspx?Sp >>>>> e >>>>> ake >>>>> r=7019 >>>>> 95 for my name. Or just remove my name all together (whichever is >>>> easiest). >>>>> I do not want an association with Rapattoni to be inferred by readers. >>>>> >>>>> Im mostly making a point, tuned to webid, that individuals are in >>>>> charge - and do NOT need an organizational affiliation. They also >>>>> do NOT need evidence of standing (such as garner though me worth >>>>> inviting to talk about the needs of realty, to others deploying > websso). >>>>> >>>>> I know, it's a hard habit to break, since individuals have no >>>>> standing in academia; only having any authority when introduced as > "faculty" >>>>> (which then governs one's credentials and one's reputations). >>>> >>>> But I thought many of your points on this list was on the >>>> importance of Information Assurance. >>>> Are universities, companies posting profiles about people not well >>>> establish ways of doing information assurance? >>>> >>>> Henry >>>> >>>> >>>>> >>>>> >>>>> >>>>> -----Original Message----- >>>>> From: public-xg-webid-request@w3.org >>>>> [mailto:public-xg-webid-request@w3.org] >>>>> On Behalf Of Dominik Tomaszuk >>>>> Sent: Tuesday, April 26, 2011 7:43 AM >>>>> To: public-xg-webid@w3.org; Henry Story >>>>> Subject: Re: Position Paper for W3C Workshop on Identity >>>>> >>>>> On 26.04.2011 12:09, Dominik Tomaszuk wrote: >>>>>> On 26.04.2011 10:36, Henry Story wrote: >>>>>>> Ok, the paper is ready for xhtml export. Any further changes can >>>>>>> then be edited in the xhtml. >>>>>> OK. In a few hours XHTML+RDFa version will be ready. >>>>> Alpha version without CSS, valid XHTML+RDFa: >>>>> >>>>> http://ii.uwb.edu.pl/~dtomaszuk/webid.html >>>>> >>>>> Regards, >>>>> >>>>> Dominik Tomaszuk >>>>> >>>> >>>> Social Web Architect >>>> http://bblfish.net/ >>>> >>>> >>>> >>> >>> Social Web Architect >>> http://bblfish.net/ >>> >>> > > Social Web Architect > http://bblfish.net/ > > > Social Web Architect http://bblfish.net/
Received on Thursday, 28 April 2011 02:13:18 UTC