Re: Principles of Identity in Web Architecture from Kingsley Idehen on 2021-06-07 (www-tag@w3.org from June 2021)

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Mon, 7 Jun 2021 15:20:11 -0400
To: www-tag@w3.org
Cc: "melvincarvalho@gmail.com >> Melvin Carvalho" <melvincarvalho@gmail.com>
Message-ID: <fb0c9921-635f-33db-73bd-1aa1e330fa9d@openlinksw.com>
On 6/6/21 6:00 AM, Melvin Carvalho wrote:
> At TPAC 2012 I proposed to timbl, a modular approach to Identity on
> the Web. 
>
> Back then the majority of systems tightly coupled together, Identity,
> authorization and authentication.  My proposal was that the Identity
> part should stand on its own merits, and be a modular piece of a wider
> architecture
>
> To my surprise and delight, he agreed with this, and persuaded our
> group to take this approach, and rewrite specs into what was to become
> the WebID suite
>
> *Architectural Principles*
>
> I wanted now to propose some further architectural principles, based
> on what we've learnt in the following decade, and align it with web
> architecture.  They are as follows:
>
> 1. Separate identifiers from identity
> 2. Identifiers are a string of characters, a global primary key
> 3. Your identity are keys,values,links tied to your identifer
> 4. Your identity is protocol, medium and transport agnostic
> 5. Separate data and protocol meta data from identity data
>
> Applying these 5 architectural principles, I believe it would be
> possible for every identity system on the web to be largely
> interoperable.  And by web I include other URI schemes that http, and
> the P2P web
>
> A few words on each point
>
> *1. Separate identifiers from Identity*
>
> Identity comes in many shapes and forms.  People tend to talk about
> identity and identifiers interchangeably and we seem not to have a
> common vocabulary that everyone can live with.  I'll use the term
> identifier loosely to be a string of characters to denote a user (or
> agent).  And Identity are attributes associated with that.
>
> *2. Identifiers are a string of characters, a global primary key*
>
> When talking about identifiers in a system, it's important to actually
> get down to what that identifier looks like.  What is the string of
> characters.  In order to interoperate with other systems, this must be
> well defined, and should be a primary key to your system.  Too often
> this is not done and there is more than one primary key, or
> overloading occurs, "your public key is your identity".  Ideally this
> should be a URI, tho not all large systems on the web will use a URI,
> which leads to balkanization.  Many databases work on the principle of
> primary and foreign keys.  Identity needs this.
>
> *3. Your identity are attributes, values, links tied to your identifier*
>
> I'm going to loosely describe your identity as attributes, values and
> links tied to your identifier.  Most identity systems do this under
> the hood.  For a while RDF was recommended by the TAG as the solution
> to this, but different systems will use different solutions such as
> JSON(-LD) or CBOR.  What's important I think is the Entity Attribute
> Value (EAV) model of tying attributes to an identifier.  Also
> important that links are allowed in that structure.  Unfortunately
> JSON doesnt have a native syntax for links like turtle does.  Perhaps
> this is an area of standardization.  Links enable heterogeneous
> systems to work together
>
> *4. Your identity is protocol, medium and transport agnostic*
>
> When people talk about the web they talk about http.  However, there
> is every indication, that web was designed to bring together many
> large systems.  http: URIs working with file:,  irc:, ftp: etc.  It
> should even work with systems that have UUIDs and not (yet) URIs.  The
> principle is that any data that you want to share should not include
> anything about the transport.  Instead, that can get cleanly separated
> into meta data
>
> *5. Separate data and protocol meta data from identity data*
>
> The http/html web quite cleanly separates a document from its data,
> and protocol from content.  It does this using headers for a
> document.  Also within the document HEAD and BODY tags aim to cleanly
> separate data about the document from data about the thing within.  In
> http the thing within is cleanly separated from the protocol data
> using the "#" character.  In JSON-LD 1.1 you can do something similar
> using "@id" : "".  Put your meta data in there, and your identity data
> is linked to that.  In this way it can be reused in different systems,
> publishing, messaging, ledgers, auth, leading to increased
> functionality for the end user, tied together seamlessly
>
> *Summary*
>
> There's growing interest in using the web in a more distributed and
> decentralized way.  IMHO, by employing some or all of the 5 rough
> architectural principles above, it's possible to bring together
> different systems operating on the internet in a more distributed and
> decentralized way
>
> Related:  timbl's essay on the giant global graph:
> https://web.archive.org/web/20160713021037/http://dig.csail.mit.edu/breadcrumbs/node/215
> <https://web.archive.org/web/20160713021037/http://dig.csail.mit.edu/breadcrumbs/node/215>
>
> Feedback on any or all of the points welcome!
>

Hi Melvin,

Nice breakdown.

Here's a little tweak, for additional clarity.


1. Separate identifiers from identity -- Yes

2. Identifiers are a string of characters used to create a global unique
keys around which identity is constructed

3. Your identity is a collection of attributes that coalesce around
unique keys

4. Your identity is protocol, medium and transport agnostic -- Yes

5. Separate data and protocol meta data from identity data -- Yes

Fundamentally, the following need to be loosely-coupled at all times:

1. Identity -- various identifier schemes

2. Identification -- various document types

3. Authentication -- various protocols

4. Authorization -- various protocols

5. Storage -- various protocols


-- 
Regards,

Kingsley Idehen       
Founder & CEO 
OpenLink Software   
Home Page: http://www.openlinksw.com
Community Support: https://community.openlinksw.com
Weblogs (Blogs):
Company Blog: https://medium.com/openlink-software-blog
Virtuoso Blog: https://medium.com/virtuoso-blog
Data Access Drivers Blog: https://medium.com/openlink-odbc-jdbc-ado-net-data-access-drivers

Personal Weblogs (Blogs):
Medium Blog: https://medium.com/@kidehen
Legacy Blogs: http://www.openlinksw.com/blog/~kidehen/
              http://kidehen.blogspot.com

Profile Pages:
Pinterest: https://www.pinterest.com/kidehen/
Quora: https://www.quora.com/profile/Kingsley-Uyi-Idehen
Twitter: https://twitter.com/kidehen
Google+: https://plus.google.com/+KingsleyIdehen/about
LinkedIn: http://www.linkedin.com/in/kidehen

Web Identities (WebID):
Personal: http://kingsley.idehen.net/public_home/kidehen/profile.ttl#i
        : http://id.myopenlink.net/DAV/home/KingsleyUyiIdehen/Public/kingsley.ttl#this
Received on Monday, 7 June 2021 19:20:57 UTC