[foaf-dev] Credentials Community Group
timothy.holborn at gmail.com
Thu Jul 31 02:24:00 EDT 2014
I’m really pleased to see the initiative set-up to form a community that’s seemingly designed to focus on identity issues specifically, rather than the use of identity in trade use-cases. Potentially a great outcome. I’m therefore hoping the notes below can be assessed, considered and perhaps put into more cognoscente set of considerations overall..
I haven’t seen any references supporting loosely coupled identifiers (i.e. private associations between the proposed identity credential tools - and psudo-anonymity / loosely coupled identifiers).
I refer back to http://www.verisigninc.com/en_US/innovation/verisign-labs/speakers-series/evolution-of-internet/index.xhtml (particularly @23minutes - but the whole thing is good)
This in-turn relates to issues such as ‘choice of law’, when signing-up to site services and an array of other more sophisticated problems / considerations, that perhaps people generally could better understand as a constituent of entering into any-such agreements.
I also note that WebID and FOAF is not listed in the proposal, nor are what i’d term ‘data-rights declarations’ listed in the scope of work. In terms of ’safety’ (per the video above) or security, i think the ability to include other identity related ‘linked-data’ issues - such as methods for credential holders to make declaration about the use-expectations for information/data provided to 3rd parties; and, the ability to not require individuals to unnecessarily disclose identity information. Inclusively providing means to beneficially support protection of individuals, whilst still establishing new identity related tools (which in-turn bring new safety issues for web-users). In effect, a more holistic approach may benefit the requirements (and/or intent) pursuant to other safety issues inclusive to identity and authentication, whether explicit or implicit; and, as described in precedent requirements such as KYC / AML.
Without the use of identity for authentication - the identity credential itself becomes useless.
’not everyone needs to know or see everything’.
It seems that the authentication principles (inc. systems) also form important elements of the identity credentials lifecycle. I’ve been constructing concept of ‘data rights’, which has yielded some interest already - and i’m yet to find a technical home for it, though i believe could fit in well to a W3 CG that’s appropriately broad in its considerations of personal identity requirements.
Therein; some of the ‘data rights' ontological concepts i’ve considered include,
I note that in my research i’ve found that organisations may suffer from the costs incurred if / when privacy (or other) legislation is passed by a state, incurring new obligations that in-turn need to be enacted through DB related SYSADMIN tasks. therein, the capacity for individuals to be presented with choices (perhaps also incentives for different types of choices - i.e. join the loyalty program get 10% discount, free-updates, etc.) assists all parties involved in the transaction. I think in other instances, it’s a bit like seeing advertising your actually interested in - or ensuring the direct mail is being received by people, not dumped into the virtual dumpster - which is a waste of energy, if not to consider other issues therein.
Finally - these standards most affect individuals, who are not ordinarily paid-up members of W3C. The membership of W3C in-turn have fiduciary requirements around what they need, in-order to comply with law. Due to the truly amazing behaviours, works and passion - arguably for furthering humanity (can’t think of a way to summarise it - i’ve started considering the concepts around how we all share WWW citizenship..) the platform exists, as may not have been the case should some of the initial decisions have been different.. The motivations were designed to help organisations, by empowering people to communicate more effectively.
I find "Network Theory Seminar with Tim Berners-Lee” presentation https://twitter.com/WebCivics/status/492707794760392704 (the https://twitter.com/WebCivics/ will be resourcing an array of links around this territory of consideration / ‘web science’) quite grounding; and in-turn, we are certainly at a stage where identity, the digital treatment of persons is a massive issue, on so very many levels. This area is a can of worms. So my $0.02c (or currently about 0.03488uBTC) would be that credentials is an element of identity and personal permissions standards - or - regardless of the name - perhaps your scope is a little too narrow, as to best serve the needs of its intended beneficiaries.
- Authentication is required to create ‘barriers’ around someone who is not you, ‘authenticating’ as you - on computing systems.
- Permissions are required so that we’re not entrapping people into things they’re otherwise not required to do.
- Personal - is different from any act you make, in association to others whether acting as an agent or a member of the community.
Identity is more broadly nebulous, a concept of study in many social sciences / liberal arts - manifestly, something that is not digital or binary. YET, we have credentials and identifiers, or 'footprints'… We are legally recognised entities - or at least, we should be.
inclusive concepts of course: include, the rights, privileges and responsibilities of citizenship and social participation; yet, then it starts to become more complicated. In this world, without economic recognition - people can barely subsist.
Access to justice for incorporated entities, vs. access to justice for the majority of WWW citizens is not reasonably equal. large companies and individuals have issues sharing intellectual property, without a ledger - who knows who did what first; generally, the individual does not have a legal department, yet equally perhaps they’ve got some strategy that could waste alot of time and shareholder money - or perhaps, someone had a KPI that they found difficult to meet without ‘cutting corners’.
when dealing with identity - at this level no less - I think it’s imperative that we ensure the scope is defined in a manner that holistically ensures ‘duty of care’, as we are able to discharge as professional - community members - on a best-efforts basis, to make an attempt that our work is defined in such a way that it seeks not diminish the responsibility or opportunity of any party, to act in good-faith and to maintain our responsibilities as citizens throughout our affairs, including those in which we act as an authorised representative and/or agent - for an incorporated entity.
love it or hate it - most things that affect us has an economic price-tag, whether that rational has been realised, is yet to become realised or has become subject to barriers and may be unaccessible.
I note an array of community initiatives.
(noting that many others exist…)
I’m also working on this concept called ‘web civics’ which aims to create events that link ‘locals’ with ‘international experts’, help finish product produced by scientists such as those on these lists, etc.
I’ve found that people are engaging me about these sorts of issues and that the most interesting conversations are with people who are consummate professionals, in different (and sometimes related or complimentary) fields. I feel it’s important to develop these conversations, build social bridges.
Yet when it gets down to functional - the concepts need to be converted into standards, and i believe supporting W3C Community group works - is the best possible method to get that work done. Perhaps, this is misguided - not sure. ATM i can see an array of different groups looking at identity related issues. From the persistent messages about different crypto standards, to ontological debates, messaging standards (i.e.: serialisation methods - turtle vs. json-ld), etc.
underlying some of these issues is most likely a host of patent / IPR issues, etc.
W3 participants specialised in this field - no matter where in the ideological spectrum they’re focused upon - can accumulatively collaborate / cooperate - towards a standard that can support an array of different use-cases (focused on the use of Linked-Data / RDF / including decentralised web tech.) then, i believe the potential for standards work could have enormously beneficial implications.
However - I equally understand that this may in-turn bring about a resourcing issue. To which, a largely philosophical strategy might need to be deployed in considering how these needs be met.
On 31 Jul 2014, at 2:03 pm, Manu Sporny <msporny at digitalbazaar.com> wrote:
> For those of you that may have missed it in the minutes, we believe we
> now have enough momentum to launch a Credentials Community Group at W3C
> to take over the identity/credentials use cases and technology that this
> group has been working on for a few years now.
> There has been concern voiced that this group would be side-tracked by
> much of the identity/credentials work. We now believe that we've found
> some other organizations in the payments, education, and government ID
> spaces that would like to lead the work (ensuring that the identity use
> cases related to payment continue to be supported). The proposed charter
> for that group is here:
> Please provide input on the charter. It's heavily modeled on the charter
> for this group (so if you like the way this group is run, you should
> like the way that group is run).
> The discussion around the formation of the group starts here:
> -- manu
> Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
> Founder/CEO - Digital Bazaar, Inc.
> blog: The Marathonic Dawn of Web Payments
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the foaf-dev