Re: ACTION-402 Summarize JAR's message to HT re HTTP-based naming and put on the agenda

Thanks for your questions, Larry.

On Tue, Mar 23, 2010 at 6:16 PM, Larry Masinter <masinter@adobe.com> wrote:
> I agree that thinking about "trust" is important.
>
> However, I want to point out that it is important to be careful about who trusts whom for what. I was struck by the sentence in Jonathan's writeup:
>
> "In both stories, binding and resolution are orthogonal. Resolution is simply any effective system that is faithful to the binding rule. If I'm interesting in resolution, I can go shopping and find a resolution service that I like, and if one gives the wrong answer (unlikely given that liars can be caught), I can switch to another. Again, verifiability induces honesty and thus trust."
>
> Speaker A at time T1 wishes to utter a name X which has a meaning. Speaker A wants some kind of guarantee that, any listener B, hearing the name X at time T2, will "know" (or be able to find out) the meaning of X.

The usual solution is something akin to LOCKSS (lots of copies keep
stuff safe). That is, you convince a bunch of independent libraries to
take it up. In the future there may be other ways, I don't know.

Papers and books and web pages are published for short term gain, not
posterity. It is librarians and scholars (people who read old books)
who care about the past, and they are the victims when things don't
persist, not the original publisher or author, who have either cashed
out or died long ago. So I think your concern for A at T1, while
admirable, is misplaced.

> The problem is that speaker *A* at time *T1* wants the guarantee.  The sentence "If I'm interested in resolution" -- applies to listener B at time T2. Yes, B can shop around for a resolution service, but how does B at time T2 *know* what A at time T1 meant?

To know what A meant - that is the purpose of resolution. If B knew
what A meant then B wouldn't need to consult a service. But B may have
evidence that allows him/her to *verify* that what any given
resolution service said was correct. Examples:
  - the meaning might be captured in a document, and B might have a
hash of the document (cf. Dataverse)
  - B could check several independent resolvers to see if they agree
  - B could see whether what came from the resolver made sense and
satisfied expectations.

An example of the latter: B orders _Moby Dick_ from a supplier
(resolver) and receives a book on okapis. But from context (other
things said by A leading up to the citation) one can tell this is
wrong. The title, date, etc. are probably a mismatch to what's
expected as well. (And the okapi wasn't known to Europeans until after
Melville died.) The "authority" of the supplier is irrelevant. What
matters to B is what A meant, and that's a matter between A (long dead
of course) and B.

Scholarship is inherently anti-authority, and the web should be too.
In fact I would say that it *is*, since B will consult the Internet
archive, webcitation, and equivalent sources to get to the bottom of
what A meant (i.e. in fact scholars don't take IETF/ICANN/DNS as an
authority). The problem is that such subversive efforts are not
coordinated and legitimized, and have no tools support. Resolving a
URI correctly is hard, artisanal work even when the desired document
is known to be preserved and no other document has displaced it at the
URI. The problem is inherently unsolvable, but there ought to be ways
to reduce the pain.

> This system of auditing may give B some guarantees that B is satisfied with, but not A at time T1.
>
> How is it "Liars can be caught"?

See above (wrong checksum, wrong metadata, disagreement with other
resolvers, inconsistency with expectations or possibility). *If* this
were a security issue, hashes in designators would probably be the way
to go, and they are used in http://thedata.org/ because of the worry
of scientists doctoring data post publication. But they are sort of
inflexible and you might be able to do something less harsh, depending
on what risks you're worried about and what infrastructure you're
willing to assume.

Jonathan

>
> --
> http://larry.masinter.net
>
> -----Original Message-----
> From: www-tag-request@w3.org [mailto:www-tag-request@w3.org] On Behalf Of noah_mendelsohn@us.ibm.com
> Sent: Tuesday, March 23, 2010 8:35 AM
> To: Jonathan Rees
> Cc: www-tag@w3.org
> Subject: Re: ACTION-402 Summarize JAR's message to HT re HTTP-based naming and put on the agenda
>
> Jonathan Rees wrote:
>
>> I've added this to the agenda and marked it "required reading"
>> (knowing that this is probably wishful thinking at this late date)
>
> I didn't see it as of this morning.  It's very possible that I
> inadvertently stepped on it, but in any case I have re-added it at [1,2].
> Sorry for any confusion.
>
> Noah
>
> [1] http://www.w3.org/2001/tag/tag-weekly#persistentNaming
> [2] http://www.w3.org/2001/tag/2010/03/24-agenda#persistentNaming
>
> --------------------------------------
> Noah Mendelsohn
> IBM Corporation
> One Rogers Street
> Cambridge, MA 02142
> 1-617-693-4036
> --------------------------------------
>
> Jonathan Rees <jar@creativecommons.org>
> Sent by: www-tag-request@w3.org
> 03/21/2010 09:30 AM
>
>        To:     www-tag@w3.org
>        cc:     (bcc: Noah Mendelsohn/Cambridge/IBM)
>        Subject:        Re: ACTION-402 Summarize JAR's message to HT re
> HTTP-based naming and   put on the agenda
>
>
> An expanded version of the summary is here:
>
> http://www.w3.org/2001/tag/2010/03/uris-and-trust.html "URIs and trust"
>
> I've added this to the agenda and marked it "required reading"
> (knowing that this is probably wishful thinking at this late date)
>
> Jonathan
>
> On Wed, Mar 17, 2010 at 4:07 PM, Jonathan Rees <jar@creativecommons.org>
> wrote:
>> Per ACTION-402 Summarize JAR's message to HT re HTTP-based naming and
>> put [its topic?] on the agenda
>>
>> Re ISSUE-50 URNsAndRegistries, Henry and I wanted to talk about the
>> issue of trust in URIs. The particular way in which binding and
>> resolution are linked in http: space leads to a certain degree of
>> mistrust because it creates single points of administrative failure
>> ("the frailty of human institutions"). For example, an archivist,
>> librarian, or court would never allow a URI to stand by itself as a
>> reference, but would allow other forms of reference to stand. The
>> residual mistrust and single point of failure have always seemed
>> inevitable (this has been the central argument of the ISSUE-50 draft
>> documents), but the fact that society *has* created conventions of
>> reference that are highly trusted, lack SPFs, and are resolvable
>> (after a fashion) suggests that maybe they are not inevitable. We
>> wanted to present some ideas along these lines and consider how one
>> might create a useable, trustworthy naming system in URI space (maybe
>> even in http: URI space).
>>
>> Jonathan
>>

Received on Wednesday, 31 March 2010 20:00:50 UTC