[foaf-protocols] webid-linked claim verification?
kidehen at openlinksw.com
Thu Aug 26 16:58:29 CEST 2010
On 8/26/10 3:47 AM, Dan Brickley wrote:
> Hi folks
> Has anyone here built a webapp that shows verification of simple
> identity-relevant claims? This idea is not tightly coupled to WebID
> but would help ground WebIDs (or equally self-hosted OpenIDs) in other
> identifying information.
> e.g. 1.) you go along, log in with a webid cert, and select "verify an
> email address"; it sends you some generated token by email, with a
> URL; you get that mail, follow the link, log in again with webid if
> needed [eg. the mail might arrive tommorrow], ... after which you've
> established some evidence that whoever controls that webid also
> controls (for now) that mailbox.
> e.g. 2.) you go along, log in with a webid cert, and select "verify a
> Web account", and choose a provider from a list of service providers
> who offer OpenID, OAuth and/or proprietary API ways of allowing
> someone to demonstrate control over an account. For OpenID you should
> also have the ability to type in an arbitrary OpenID-enabled URL. So
> here you might verify that you control http://twitter.com/example
> [this would use OAuth], or a Facebook account.
ODS will certainly have this. Works in progress re. UI that's more user
friendly and productive (less screen interactions).
Basically, we do this as part of the data virtualization built into ODS
(via Virtuoso). Thus, one WebID can be associated with numerous online
accounts, and during the association process claims are made and
verified (using OAuth where its supported ).
As I see it, this becomes a virtualized and federated form of
verification lookup which an IdP can offer with an X.509 Cert. (Info
Card) as the starting point.
In looking at the OpenID+OAuth hybrid protocol, this hidden gem became
self explanatory and serving (at least to us).
> e.g. 3.) or you login with webid again, and select "verify a Chat
> account"; selecting from MSN, Yahoo, AIM, or Jabber/XMPP. Actually
> these things are increasingly linked to general Web profiles, but at
> least Jabber/XMPP would be particularly interesting. So you'd type in
> your chat address, let's say johnsmith at gmail.com for a Google Talk
> one, but these can also be self-hosted XMPP servers eg.
> danbri at foaf.tv. The service would send a roster join request to that
> user, and if accepted, could send a click-to-verify link much as with
> the email example.
> e.g. 4.) More stuff! There are no natural limits to the kinds of
> claims that could be verified, or the methods applied. This is the
> charm and the burden of the Semantic Web; it's completely general.
> But fact checking is hard, so there is value in picking off the more
> mechanisable pieces; mobile phone / SMS numbers could be a natural
> next step.
> There are a lot of 'claim graph analytics' you can do with this sort
> of data, especially when linked with other social Web data (quite
> naturally in named graphs, when managed in SPARQL). This is the same
> kind of machinery offered by http://code.google.com/apis/socialgraph/
> ... although SGAPI deals more with public crawlable assertions. If we
> assume the possibility of a simple Web app that allows users to
> demonstrate simultaneous control over multiple accounts, the natural
> next question is re what it does with that info. Some of it could be
> simply published in public (signed, date stamped etc.) or made
> available over some public lookup API.
> eg. it could just emit a 'verified claims' file with simple statements, ...
> <http://example.com/johnsmith#me> a :Person; :account
> <http://twitter.example.com/johnsmith>; :account
> <http://facebook.example.com/jsmith/> ...
> Such info could be used as a grounding for more trust, eg. my blog
> comments system could allow webid-based commenting, and auto-accept
> posts that came from people whose twitter or facebook IDs I know, even
> if I've not seen their webid before. Some such tool seems to me worth
> building, both to show that these service activities will still exist
> in a WebID world, they're just not core duties of an identity
> provider. But also to counter some of the concerns I've seen raised
> about self-asserted ID. Is there anything out there like this
One of the ironies of the modern business era is that the InterWeb has
mad many forget the basic premise: Business is a Contact Sport!
Thus, we have artificially low Serendipitous Discovery Quotient when
building contact networks via the InterWeb. WebID solves this problem
in a major way.
We should persist this usecase to ESW Wiki alongside other users of WebID.
BTW - the patterns might not be unique all the way to WebID, but WebID
is the vehicle that inserts an standard based Info Card (X.509 Cert )
into this mix, which is crucial :-)
> foaf-protocols mailing list
> foaf-protocols at lists.foaf-project.org
More information about the foaf-protocols