Re: WebID, BrowserID and NSTIC from Kingsley Idehen on 2011-07-26 (public-xg-webid@w3.org from July 2011)

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Tue, 26 Jul 2011 10:59:58 +0100
To: public-xg-webid@w3.org
Message-ID: <4E2E901E.8040208@openlinksw.com>
On 7/26/11 6:14 AM, Francisco Corella wrote:
> > On 7/25/11 7:34 PM, Francisco Corella wrote:
> > > Kingsley,
> > >
> > > > On 7/24/11 8:23 PM, Kingsley Idehen wrote:
> > > > > On 7/24/11 7:34 PM, Francisco Corella wrote:
> > > > >> This not a theoretical issue, it is a very practical one.  If
> > WebID
> > > > >> were used as a general purpose WebID, a malicious medical
> > insurance
> > > > >> company in the US could set up a health information Web site
> > with
> > > > >> discussion groups.  If a user signed up with a WebID and joined
> > a
> > > > >> discussion group on cancer, the insurance company could later
> > deny
> > > > >> insurance to the user on suspicion that the user had cancer or
> > a
> > > > >> dependent who has cancer.  This issue can be avoided by using
> > instead
> > > > >> a "login certificate" issued by the relying party itself, as we
> > > > >> propose in section 4.6 of our white paper.
> > > > > But, nothing about WebID implies that a personal is 'You'.
> > > > >
> > > > > Let's take the Spiderman and Peter Parker scenario. You can have
> > WebIDs for both, and only the real identity behind either knows about
> > the owl:sameAs relation.
> > > > >
> > > > > I am saying WebID == Who You Really Are. It just enables
> > identifiers to be verified. It basically caters for alter egos etc..
> > > >
> > > > Meant to say:
> > > >
> > > > But, nothing about WebID implies that a personal URI refers to
> > 'You', specifically. It just enables verifiable identifiers that are
> > associated with identities :-)
> > >
> > > OK, WebID can be pseudonymous, but each pseudonym needs to backed by
> > a
> > > different web of trust, which gets tricky.
> >
> > No it doesn't, that's the beauty of this whole system :-) We have OWL
> > and RDFS semantics as mechanisms for Trust Logics.
> >
> > I can assert, in my own data space, leveraging my own reasoner the
> > fact that:
> >
> > <PeterParker> owl:sameAs <SpiderMan>.
> >
> > I could be the only one privy to this assertion, and be the only one
> > capable of applying reasoning to this data space specific fact.
>
> My (limited) understanding of WebID is that the relying party decides
> to trust a WebID based on the position of the identity asserted by the
> WebID within a trust network.  What I meant to say is that, if you use
> different WebIDs that assert different pseudonyms for different
> relying parties, each relying party will make its trust decision based
> on the trust relationships of a different pseudonym.  You have to
> build trust relationships for all of those pseudonyms so that each can
> be trusted by the relying parties that you use it for.  That's what I
> think can get tricky.

The relying party should just invoke WebID verification. An IdP can 
resolve co-references, for instance.

As Peter attested to in an earlier comment, there is a dimension that's 
being overlooked, one in which "You" are "Your" IdP. And in this context 
access to semantics for co-reference are controlled by ACLs that drive 
the underlying mechanics of a given IdP.

Example:

Given the claim:
<Spiderman> owl:sameAs <PeterParker> .

There is no rule that states that anyone other than either 'Peter 
Parker' is privy to these claims. Thus, Peter Parker via his data space 
(and its ACLs) determines how and when these claims participate in a 
specific inference context.

The power of OWL is often clouded by RDF confusion, its semantics 
(distinct from any RDF syntax) is critical to all of this. The same 
applies to ACLs which control access to resources that hold critical 
assertions expressed using OWL semantics.

Kingsley
>
> >
> > >
> > > Anyway, independently of what identity technology you use,
> > > pseudonyms
> > > are not always appropriate, because they allow tracking.
> >
> > The whole InterWeb is laden with fingerprinting though, the key is
> > ultimately about integrating anonymity at the appropriate layer. In
> > this case, via WebID we do have anonymity. I can be my own IdP and the
> > location of my data space could be wherever. Of course, there are some
> > fingerprints, but no more than those associated with other URIs such
> > as mailto: scheme URIs.
> >
> > > Colluding
> > > real parties can share information to get a complete picture of all
> > > your activities under a particular pseudonym.
> >
> > Yes, that's always a possibility. But it isn't one sided, I could also
> > make it very hard to decipher "who I am".
> >
> > > You can mitigate the
> > > attack by using many different pseudonyms, and being careful about
> > > which pseudonym you use for which relying party.  But many relying
> > > parties just need to know that you are the same user who visited
> > > them
> > > earlier.
> >
> > A relying party doesn't really need to know all your identities. In
> > short, this is the kicker since you should be the one asserting
> > identifier co-reference(s) not the relying party .
> >
> > > In that case you don't need a pseudonym, or equivalently you
> > > need a pseudonym that's only used for that relying party; that's
> > > what
> > > a "login certificate" is, in our proposal.
> >
> > Yes, but you can achieve that with WebID due to its underlying
> > Semantic richness.
>
> I don't doubt it.  But a login certificate is a lot simpler.
>
> >
> > >
> > > Preventing tracking by colluding relying parties is an explicit goal
> > > of NSTIC, according to Howard Schmidt's post to the White House
> > > blog,
> > > at
> > > 
> http://www.whitehouse.gov/blog/2011/04/26/national-strategy-trusted-identities-cyberspace-and-your-privacy
> > > .
> >
> > Yes, a vital goal. WebID lets you be your own IdP and that's key to
> > addressing this requirement, alongside pseudonyms, anonymity, and the
> > semantic prowess of RDFS and OWL :-)
>
> Francisco
> Francisco Corella, PhD
> Founder & CEO, Pomcor
> Twitter: @fcorella
> Blog: http://pomcor.com/blog/
> Web site: http://pomcor.com
>
>     ------------------------------------------------------------------------
>     *From:* Kingsley Idehen <kidehen@openlinksw.com>
>     *To:* Francisco Corella <fcorella@pomcor.com>
>     *Cc:* "public-xg-webid@w3.org" <public-xg-webid@w3.org>; Karen
>     Lewison <kplewison@pomcor.com>
>     *Sent:* Monday, July 25, 2011 3:38 PM
>     *Subject:* Re: WebID, BrowserID and NSTIC
>
>     On 7/25/11 7:34 PM, Francisco Corella wrote:
>>     Kingsley,
>>
>>     > On 7/24/11 8:23 PM, Kingsley Idehen wrote:
>>     > > On 7/24/11 7:34 PM, Francisco Corella wrote:
>>     > >> This not a theoretical issue, it is a very practical one.  If
>>     WebID
>>     > >> were used as a general purpose WebID, a malicious medical
>>     insurance
>>     > >> company in the US could set up a health information Web site with
>>     > >> discussion groups.  If a user signed up with a WebID and joined a
>>     > >> discussion group on cancer, the insurance company could later
>>     deny
>>     > >> insurance to the user on suspicion that the user had cancer or a
>>     > >> dependent who has cancer.  This issue can be avoided by using
>>     instead
>>     > >> a "login certificate" issued by the relying party itself, as we
>>     > >> propose in section 4.6 of our white paper.
>>     > > But, nothing about WebID implies that a personal is 'You'.
>>     > >
>>     > > Let's take the Spiderman and Peter Parker scenario. You can
>>     have WebIDs for both, and only the real identity behind either
>>     knows about the owl:sameAs relation.
>>     > >
>>     > > I am saying WebID == Who You Really Are. It just enables
>>     identifiers to be verified. It basically caters for alter egos etc..
>>     >
>>     > Meant to say:
>>     >
>>     > But, nothing about WebID implies that a personal URI refers to
>>     'You', specifically. It just enables verifiable identifiers that
>>     are associated with identities :-)
>>
>>     OK, WebID can be pseudonymous, but each pseudonym needs to backed
>>     by a
>>     different web of trust, which gets tricky.
>
>     No it doesn't, that's the beauty of this whole system :-) We have
>     OWL and RDFS semantics as mechanisms for Trust Logics.
>
>     I can assert, in my own data space, leveraging my own reasoner the
>     fact that:
>
>     <PeterParker> owl:sameAs <SpiderMan>.
>
>     I could be the only one privy to this assertion, and be the only
>     one capable of applying reasoning to this data space specific fact.
>
>
>>
>>     Anyway, independently of what identity technology you use, pseudonyms
>>     are not always appropriate, because they allow tracking.
>
>     The whole InterWeb is laden with fingerprinting though, the key is
>     ultimately about integrating anonymity at the appropriate layer.
>     In this case, via WebID we do have anonymity. I can be my own IdP
>     and the location of my data space could be wherever. Of course,
>     there are some fingerprints, but no more than those associated
>     with other URIs such as mailto: scheme URIs.
>
>>     Colluding
>>     real parties can share information to get a complete picture of all
>>     your activities under a particular pseudonym.
>
>     Yes, that's always a possibility. But it isn't one sided, I could
>     also make it very hard to decipher "who I am".
>
>>     You can mitigate the
>>     attack by using many different pseudonyms, and being careful about
>>     which pseudonym you use for which relying party.  But many relying
>>     parties just need to know that you are the same user who visited them
>>     earlier.
>
>     A relying party doesn't really need to know all your identities.
>     In short, this is the kicker since you should be the one asserting
>     identifier co-reference(s) not the relying party .
>
>>     In that case you don't need a pseudonym, or equivalently you
>>     need a pseudonym that's only used for that relying party; that's what
>>     a "login certificate" is, in our proposal.
>
>     Yes, but you can achieve that with WebID due to its underlying
>     Semantic richness.
>
>>
>>     Preventing tracking by colluding relying parties is an explicit goal
>>     of NSTIC, according to Howard Schmidt's post to the White House blog,
>>     at
>>     http://www.whitehouse.gov/blog/2011/04/26/national-strategy-trusted-identities-cyberspace-and-your-privacy
>>     .
>
>     Yes, a vital goal. WebID lets you be your own IdP and that's key
>     to addressing this requirement, alongside pseudonyms, anonymity,
>     and the semantic prowess of RDFS and OWL :-)
>
>
>     Kingsley
>>
>>     Francisco
>>
>>     Francisco Corella, PhD
>>     Founder & CEO, Pomcor
>>     Twitter: @fcorella
>>     Blog: http://pomcor.com/blog/
>>     Email: fcorella@pomcor.com <mailto:fcorella@pomcor.com>
>>     Web site: http://pomcor.com
>>
>>         ------------------------------------------------------------------------
>>         *From:* Kingsley Idehen <kidehen@openlinksw.com>
>>         <mailto:kidehen@openlinksw.com>
>>         *To:* public-xg-webid@w3.org <mailto:public-xg-webid@w3.org>
>>         *Sent:* Sunday, July 24, 2011 2:36 PM
>>         *Subject:* Re: WebID, BrowserID and NSTIC
>>
>>         On 7/24/11 8:23 PM, Kingsley Idehen wrote:
>>         > On 7/24/11 7:34 PM, Francisco Corella wrote:
>>         >> This not a theoretical issue, it is a very practical one. 
>>         If WebID
>>         >> were used as a general purpose WebID, a malicious medical
>>         insurance
>>         >> company in the US could set up a health information Web
>>         site with
>>         >> discussion groups.  If a user signed up with a WebID and
>>         joined a
>>         >> discussion group on cancer, the insurance company could
>>         later deny
>>         >> insurance to the user on suspicion that the user had
>>         cancer or a
>>         >> dependent who has cancer.  This issue can be avoided by
>>         using instead
>>         >> a "login certificate" issued by the relying party itself,
>>         as we
>>         >> propose in section 4.6 of our white paper.
>>         > But, nothing about WebID implies that a personal is 'You'.
>>         >
>>         > Let's take the Spiderman and Peter Parker scenario. You can
>>         have WebIDs for both, and only the real identity behind
>>         either knows about the owl:sameAs relation.
>>         >
>>         > I am saying WebID == Who You Really Are. It just enables
>>         identifiers to be verified. It basically caters for alter
>>         egos etc..
>>
>>         Meant to say:
>>
>>         But, nothing about WebID implies that a personal URI refers
>>         to 'You', specifically. It just enables verifiable
>>         identifiers that are associated with identities :-)
>>
>>         -- 
>>         Regards,
>>
>>         Kingsley Idehen
>>         President&  CEO
>>         OpenLink Software
>>         Web: http://www.openlinksw.com
>>         Weblog: http://www.openlinksw.com/blog/~kidehen
>>         <http://www.openlinksw.com/blog/%7Ekidehen>
>>         Twitter/Identi.ca: kidehen
>>
>>
>>
>>
>>
>>
>>
>>
>
>
>     -- 
>
>     Regards,
>
>     Kingsley Idehen	
>     President&  CEO
>     OpenLink Software
>     Web:http://www.openlinksw.com
>     Weblog:http://www.openlinksw.com/blog/~kidehen  <http://www.openlinksw.com/blog/%7Ekidehen>
>     Twitter/Identi.ca: kidehen
>
>
>
>
>
>
>


-- 

Regards,

Kingsley Idehen	
President&  CEO
OpenLink Software
Web: http://www.openlinksw.com
Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca: kidehen
Received on Tuesday, 26 July 2011 10:00:42 UTC