[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] RE: Copyrighting schemas, Hailstorm
The difficulty is authentication and what one can reason as to facts based on it. There is no such thing as identity: there is only identification. The central dilemma is identification. My identity is NOT clbullar@i... or cbullard@h.... These are two strings that enable a system to locate machines to which I have access and put something in part of memory of those machines. I cannot control completely: o What is put in that part of that machine o Where the strings are used o Who uses them o What assertions are made based on the location of those strings or any context of use So reasoning about the presence of that string in any location or context is wide open to certain kinds of abuse and the more we automate that reasoning, the easier it is to abuse if not more likely. For example, have you ever found yourself subscribed to a maillist that you did not subscribe to? Let's be specific. Yahoogroups.com operates discussion groups that depend on signing up and getting a password and ID based on your email string. One would think that should stop one from being signed up to DonkeysLovePigs discussion groups. Does it? No. You can find yourself signed up to groups you have absolutely no interest in, and have to unsubscribe yourself. Ok, but what happens if the fact that a machine has recorded the fact that at one point in time you email string was in that database and the fact returned in good trustworthy RDF is Dimitris Dimitriadis was-Member-of DonkeysLovePigs and you live in a country where donkeys aren't allowed that particular affection? The system is too easy to game and because of that, protection of personal identity is paramount. One cannot enable the machine to reason based on the string unless one is very careful to limit the kinds of assertions that can be made and the consequences of those assertions. Machines don't bear false witness; people do. If it comes down to a jury, or even a judge, you need protection. Public safety databases (your 911 systems, police databases, etc) are rigorously designed to stop that sort of thing. Why? Because the enemy of your police is not your criminals. Criminals are product. The enemy is lawyers. The jurisprudence system goes to some pain to err on the side of the accused and if it can be shown in any way that a database can possibly be tampered with (remember OJ), the case usually goes to the defendant. Lawyers do some pretty bizarre things to show "possible" and the only way the prosecutors can get their jobs done is to go to bizarre lengths to make their case "airtight". But every venue, judge and jury doesn't work the same way or see this the same way. To some, "quacks like a duck" is all they need to know. Now, do a little global traveling in which in every venue you visit, pig loving donkeys get treated differently, but access to the fact that your email address was in the DonkeyLovesPigs data base is a global fact. So before we even get to who owns the software, we have to be very scrupulous about what the information can be used for, and when machine-reasoning has to be questioned as to interpretation. And the problem here is: We Don't Control That. At that point, disconnecting looks like the safest option. Kiss the NewNew Economy goodbye. So who does control that? Today, anybody. As soon as you sent the first piece of email, or signed up for the first subscription, you said goodbye to the ability to control the use of that string if not the right. So something like Hailstorm has to happen. So now you have the next problem of administration. If a someone can sign you up to DonkeysLovePigs, how can you be sure someone can't get your Hailstorm information and sign you up to something even more incriminating? And that's a simple case. Identity theft is big business. My intuition is that companies who make the software for authentication can't own the services as well. Imprudent. Yet even then, depending on how used, these services require oversight to protect the public from abuse. That is the way public safety systems work and in that one, we are mainly protecting the accused.... ... and everyone with a driver's license, a gun permit, a pawnshop ticket and so on. That's why those systems aren't on the web. Len http://www.mp3.com/LenBullard Ekam sat.h, Vipraah bahudhaa vadanti. Daamyata. Datta. Dayadhvam.h -----Original Message----- From: Dimitris Dimitriadis [mailto:dimitris.dimitriadis@i...] I don't know, I just get a bit worried by someone wanting to own the channel through which people interact with others (here I do not mean the connection to the internet) as well as their means of asserting that they are who they claim.
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|