- From: Ashok Malhotra <ashok.malhotra@oracle.com>
- Date: Wed, 28 Nov 2012 14:11:34 -0800
- To: www-tag@w3.org
- Message-ID: <50B68C16.8080904@oracle.com>
VERIFIABLE IDENTITY One of the basic tenets on the Web is that you can read and now write without revealing your true identity See New Yorker Cartoon: On the Internet No One Knows Your Are A Dog: http://en.wikipedia.org/wiki/On_the_Internet,_nobody_knows_you're_a_dog This has its benefits but it also causes problems such as anonymous cyberbullying and obnoxious, racist or homophobic comments by folks secure in the knowledge that the comments could not be traced back to them -- comments they would never make in public. In response to such behaviour Google+ http://support.google.com/plus/bin/answer.py?hl=en&answer=1228271 and YouTube (which is owned by Google) request that people use their real names: http://www.huffingtonpost.com/2012/07/24/youtube-real-names-users-comments_n_1699749.html The article says: "Due to user anonymity, it's practically impossible to find a video not beset upon by angry conspiracy theorists and grammar-challenged, sexist, racist, or homophobic trolls." But this is only a request and does not require compliance. My suggestion is a voluntary facility that would allow a person's identity to be verified. Here is how it might work: you get an email from someone asking for a date. You can check out their Facebook page, you can look at their tweets and if you are still not satisfied, you could ask the person to send some proof of identity. You send them your public key and the person sends whatever documents they think would help you verify their identity (These could be faked, but that's another problem.) Now, the problem is that you don't want the documents to be transmitted further and so we need some DRM technology to ensure that 1. the documents cannot be transmitted further and 2. they self-destruct after being examined. I believe technologies exist to ensure this but I am not expert in that area. Since identity verification is voluntary, you don't need to abide by it, but folks would be free to reject postings by people whose identity cannot be verified. Clearly, the solution needs more work, but can we agree on the problem? All the best, Ashok On 11/28/2012 12:47 PM, Larry Masinter wrote: > I'm not sure how "technical" all of these topics are, but here's my draft of some topics of some concern. I'm mainly just dredging up things in my "to think about" list > > 1. Governance effects on web architecture - need to take a general approach > > The TAG has been discussing areas where governance - the desire of legal, regulatory, administrative, or contractual relationships to regulate communication - affects web architecture. While W3C has ongoing efforts in privacy, security, accessibility and internationalization are oriented toward insuring that standards specified by W3C specifications can accommodate at least some of the governance requirements, there is a need to do more. For example, the "publishing and linking" FPWD from the TAG addresses some of the issues of linking vs. copying vs. embedding that have been at the center of some controversies with regard to the application of governance around copyright, censorship of unwanted material, identity, logging, and many other issues. While the TAG discussed a more general framework (http://www.w3.org/2001/tag/doc/governanceFramework.html) the larger topics seem outside the scope of what the TAG can take on alone. > > 2. Security is an arms race, and the bad guys are winning. > > There are a wide range of security topics, exploits, and an increasing importance to the proper functioning of the web. Many of the exploits cross the layers of network infrastructure between W3C and IETF. Both groups need to do more. We in the standards community is doing a poor job of insuring specifications are implementable securely. We can't define standards and leave it up to the implementations to define security. > > 3. Boundary between "Web" and "Internet Applications" evolving > > As web capabilities expand, the boundary between "Web" and "not web" continues to blur, and the overlap between W3C and IETF also becomes more problematic. The definition of what the "Web" is compared to other internet applications requires a more principled discussion and coordination. This applies in general to a wide variety of areas (WebRTC RTCWeb) but specifically for two technologies fundamental to the web but work in the IETF without significant W3C involvement: > > 4. HTTP 2.0 performance and conformance. > W3C can and should put resources into development of HTTP 2.0 as an IETF spec, including gathering benchmarks, help with analysis, workshops, developer outreach. Make HTTP part of the platform. Much disagreement about what "faster" means (Discuss with W3C AC, and also at HTTP meeting at IETF) > > 5. URLs: > The coordination between IETF and W3C work on URI specs is fumbling; the relationship between the specs troublesome and the plan forward unclear. There are significant technical issues that are clouded by the political ones. > > > A few more ideas to discuss: > > 6. Cloud > Quite a bit of standards activities around cloud not addressed in W3C > > 7. Identity > Identity management, biometrics > > 8. Internet of Things > Move to make light switches, power sources, 100s to 1000s of internet devices at home > > 9. Mobile networking, performance, security, privacy > > > >
Received on Wednesday, 28 November 2012 22:12:10 UTC