- From: Kingsley Idehen <kidehen@openlinksw.com>
- Date: Sun, 24 Jul 2011 20:23:26 +0200
- To: public-xg-webid@w3.org
On 7/24/11 7:34 PM, Francisco Corella wrote: > This not a theoretical issue, it is a very practical one. If WebID > were used as a general purpose WebID, a malicious medical insurance > company in the US could set up a health information Web site with > discussion groups. If a user signed up with a WebID and joined a > discussion group on cancer, the insurance company could later deny > insurance to the user on suspicion that the user had cancer or a > dependent who has cancer. This issue can be avoided by using instead > a "login certificate" issued by the relying party itself, as we > propose in section 4.6 of our white paper. But, nothing about WebID implies that a personal is 'You'. Let's take the Spiderman and Peter Parker scenario. You can have WebIDs for both, and only the real identity behind either knows about the owl:sameAs relation. I am saying WebID == Who You Really Are. It just enables identifiers to be verified. It basically caters for alter egos etc.. -- Regards, Kingsley Idehen President& CEO OpenLink Software Web: http://www.openlinksw.com Weblog: http://www.openlinksw.com/blog/~kidehen Twitter/Identi.ca: kidehen
Received on Sunday, 24 July 2011 18:24:06 UTC