Re: Principles of Identity in Web Architecture

Hi Graham,

I think Pat would be completely ok with all the uses of ”identities” as
described below. I am. They are really different ways of speaking of identifiers (IRIs)
or credentials (passports), and they are compatible with two identifiers having
the same referent.

Note that identifiers and credentials don’t  come with a list of all identity
statements to all other identifiers in existence for that person. Ie. your passport
does not have an extra page listing all your other identifiers. No Credential
comes with a list of all owl:sameAs statements (the RDF name for = ) to all other
identifiers for that person: the passport would need to constantly be updated
and this would only work if there were really only one computer in the world, as people
could easily otherwise coin new identifiers without the knowledge of the passport office.


> On 15. Jun 2021, at 23:53, Graham Leggett <minfrin@sharp.fm> wrote:
> 
> On 15 Jun 2021, at 18:08, Patrick J. Hayes <phayes@ihmc.org> wrote:
> 
>> Fine, provided that y'all come up with a crisp and reasonably tight – I won't say definition, but – an account, an explanation, of what y'all mean by it, to allow readers to immediately intuit the answers to simple questions.
>> 
>> For example, one person may have several identities, I gather. Can a person use (have? display? enact?) more than one of them at once?
> 
> Yes. A holder of a Greek passport might be using that Greek passport to use the freedom of movement afforded to them in the EU, at the same time as that same holder of a South African passport uses internet banking to access banking services in South Africa. The Greek passport contains their name in the Greek alphabet, as well as potentially their name in the Latin alphabet. Greek surnames are gendered in Greece, but South African authorities typically assume the father’s gendered name, and so the Latin alphabet names in the two passports don’t match. The holder of these two passports are one person, but they have three names and two identities.

That is a good example. If one put that in terms of Verifiable Credentials,
the person would have 2 Identifiers (perhaps a WebID and a DID) and two credentials.

(I wish I had taken on an Austrian passport when I was younger, then this Brexit
chaos would have been a lot less problematic. My brother got a French one, but
then he lives in Brazil. I know some people who have 4 passports.)

> 
>> Who or what controls which one is in use at any given moment?
> 
> Alice does. More specifically, the Greek authorities above don’t take instructions from the South African authorities, and the South African authorities don’t take instructions from the Greek authorities. There is no control outside of what Alice wants to do.

That is the Self Sovereign Identity idea that the user holds his credentials in
his wallet, and can should be able to choose which ones to present (with the help
of software of course).

>> Does the person always know which one of them is in use?
> 
> Yes, if the system they are using is well designed. Passports are separate documents that despite being standardised, are clearly distinguishable from one another.

+1

> 
>> (Is this talk of "use" even appropriate?) Can a person engage in a transaction without an identity, just being the person that they are? (Or is this impossible by definition, because interactions always involve identities rather than people?
> 
> Yes. Alice walks into a shop, pays cash and walks out. Alice uses an Apple Music Gift Card to gain access to some music. Alice buys a one day travelcard, loads it onto a pay as you go Oyster card and uses it to travel on the London Underground. Alice buys a pay-as-you-go simcard and uses it to gain access to mobile services for a period of time.

Note that simcards don’t so much identify Alice, as they identify themselves and
the telephone they are inserted in. In many countries they are made to identify
a person via a law stating that people are not allowed to give the phone away
without notifying the telecom of the change. That is you remain *responsible* for
the sim card.

>> Or because the person /is/ one of their identities, as when we say, "Speaking for myself,…") Can more than one person have the same identity?
> 
> A company is a group of people. The “release key” on an open source project is an identity that may represent more than one person.
> 
>> Can things other than people have them?
> 
> Yes. Pets can be insured. To be insured, the pets need to be identified.

That is where the criteria of identity of the referent of the identifier is important.
So one can have for a WebID

</People/Berners-Lee/card#i> a foaf:Person .

The type foaf:Person gives us the criteria of identity of the referent.

It is given by the definition of the term at the location of the referent. That
is illustrated here:

https://github.com/solid/authentication-panel/blob/main/proposals/HttpSignature.md#solid-use-case

but one could also have a different type of identifier that is not tied to one
person:

<#chair> a w3c:Role .

then one could have different people chairing a Working Group for different
periods of time, which could be expressed with some :filled relation of a role
to time-slices of a person.

<#chair> a w3c:Role;
    filled
     [ startDate ”…”;
       endDate ”…”;
       person </People/Berners-Lee/card#i>
     ],
     [ startDate ”…”;
       endDate ”…”;
       person :Pat;
     ].


> 
>> Can an identity exist without a person, free-floating as it were? If information is given to one of them (does this even make sense?) then can the others now also access that information, or might there be things that one of them knows but the others don't? (Or is it wrong to even talk of identities knowing anything?)
>> 
>> And so on. I genuinely have no idea what the proper answers are to questions like this.
> 
> Identity has existed long before the internet, and if there is a plan to build anything useful the design needs to defer to real needs and experience of real life people.
> 
> If the needs of these people aren't met, they won’t use the system.

Yes.

Someone wrote in this thread that the Internet does not have an identity
system. Actually it does: URLs, which identify resources that
return representations and that can be used to refer to objects via
those representations.

We now have verifiable credentials that use the same technology.
Certainly there are more things that need to be worked on to get
consensus to fullfill the goals people want to put forward here.


I can name quite a few, such as the need for a Web of Nations which
I mentioned in a thread last summer
https://co-operating.systems/2020/06/01/

But all that can build on what we have seamlessly.

Henry


> 
> Regards,
> Graham
> —
> 
> 

Henry Story

https://co-operating.systems
WhatsApp, Signal, Tel: +33 6 38 32 69 84‬
Twitter: @bblfish

Received on Wednesday, 16 June 2021 07:35:56 UTC