[foaf-protocols] webid-linked claim verification?

Melvin Carvalho melvincarvalho at gmail.com
Thu Aug 26 20:20:26 CEST 2010

On 26 August 2010 09:47, Dan Brickley <danbri at danbri.org> wrote:

> Hi folks
> Has anyone here built a webapp that shows verification of simple
> identity-relevant claims? This idea is not tightly coupled to WebID
> but would help ground WebIDs (or equally self-hosted OpenIDs) in other
> identifying information.
> e.g. 1.) you go along, log in with a webid cert, and select "verify an
> email address"; it sends you some generated token by email, with a
> URL; you get that mail, follow the link, log in again with webid if
> needed [eg. the mail might arrive tommorrow], ... after which you've
> established some evidence that whoever controls that webid also
> controls (for now) that mailbox.
> e.g. 2.) you go along, log in with a webid cert, and select "verify a
> Web account", and choose a provider from a list of service providers
> who offer OpenID, OAuth and/or proprietary API ways of allowing
> someone to demonstrate control over an account. For OpenID you should
> also have the ability to type in an arbitrary OpenID-enabled URL. So
> here you might verify that you control http://twitter.com/example
> [this would use OAuth], or a Facebook account.
> e.g. 3.) or you login with webid again, and select "verify a Chat
> account"; selecting from MSN, Yahoo, AIM, or Jabber/XMPP. Actually
> these things are increasingly linked to general Web profiles, but at
> least Jabber/XMPP would be particularly interesting. So you'd type in
> your chat address, let's say johnsmith at gmail.com for a Google Talk
> one, but these can also be self-hosted XMPP servers eg.
> danbri at foaf.tv. The service would send a roster join request to that
> user, and if accepted, could send a click-to-verify link much as with
> the email example.
> e.g. 4.) More stuff! There are no natural limits to the kinds of
> claims that could be verified, or the methods applied. This is the
> charm and the burden of the Semantic  Web; it's completely general.
> But fact checking is hard, so there is value in picking off the more
> mechanisable pieces; mobile phone / SMS numbers could be a natural
> next step.
> There are a lot of 'claim graph analytics' you can do with this sort
> of data, especially when linked with other social Web data (quite
> naturally in named graphs, when managed in SPARQL). This is the same
> kind of machinery offered by http://code.google.com/apis/socialgraph/
> ... although SGAPI deals more with public crawlable assertions. If we
> assume the possibility of a simple Web app that allows users to
> demonstrate simultaneous control over multiple accounts, the natural
> next question is re what it does with that info. Some of it could be
> simply published in public (signed, date stamped etc.) or made
> available over some public lookup API.
> eg. it could just emit a 'verified claims' file with simple statements, ...
> <http://example.com/johnsmith#me> a :Person; :account
> <http://twitter.example.com/johnsmith>; :account
> <http://facebook.example.com/jsmith/> ...
> Such info could be used as a grounding for more trust, eg. my blog
> comments system could allow webid-based commenting, and auto-accept
> posts that came from people whose twitter or facebook IDs I know, even
> if I've not seen their webid before. Some such tool seems to me worth
> building, both to show that these service activities will still exist
> in a WebID world, they're just not core duties of an identity
> provider. But also to counter some of the concerns I've seen raised
> about self-asserted ID. Is there anything out there like this
> currently?

Dan this is a great point.  I think this is one of three key areas that need
focus, in a similar way to how GNU/Linux has teams working on the kernel,
working on drivers, and working on applications.

1. Right now the 'kernel' of Web 4.0 (WebOS) is being hammered out using the
building blocks of the semantic web (FOAF/WebID being one of the key user
centric parts).  This includes core definitions, data frameworks (RDF) and
serializations, autnorization, access control, read/write access, querying,
reasoning/logic, messaging workflows etc.

There's a lot of work to be done, but much of the hard stuff is done.  The
basic kernel needs to have a sufficient maturity for the other areas to
enter into a virtuous cycle where we start to see highly interoperable
apps.  The WebID spec has been a good step forward.  We need to build on
that momentum to create a more mature web 'kernel'.

2. Drivers to existing technology.  I think what you describe will play an
important role here.  Ideally, we'd have a team working on this full time,
webizing cool apps, and allowing bridges to all our favourite social
networking sites, email, and of course real world experiences.  Web of Trust
and assertions will form an important glue here.  The feedback loop between
this stage and (1) will also be necessary.  I could see a very successful
business specializing in this area.  There are lots of pitfalls on the way
here, but if you have a good understanding of (1) and stay true to web
architecture, I think it's a path to success.  We need to hammer more of
this stuff out.

3. The application layer.  For this we will be looking for highly
interoperable apps running off the web OS.  It will use (1) as a framework,
and (2) for delivery.  It can be something similar to the facebook platform
or open social, but more scalable and leveraging web arch to the max.  User
centric workflows and a great UX/UI will be driver here and we will see a
whole new range or apps and application builders.  Imagine the Auction
houses of the future, the markets, the payment systems, web scale games that
merge reality and fantasy.  This is where the really exciting stuff will
happen but again you need a strong foundation in (1) and (2).

We can and will build all this stuff out, but we're slightly underresourced
compared with some other R&D initiatives.  It's just a case of doing things
in the right order based on what resources we have available.  It's a huge
challenge, but a massive reward at the end ... I do think the team is up to
the task, and there's definitely been good progress lately.

Just my 2 cents...

> cheers,
> Dan
> _______________________________________________
> foaf-protocols mailing list
> foaf-protocols at lists.foaf-project.org
> http://lists.foaf-project.org/mailman/listinfo/foaf-protocols
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.foaf-project.org/pipermail/foaf-protocols/attachments/20100826/96ec0c9c/attachment.htm 

More information about the foaf-protocols mailing list