ISSUE-24: Privacy issues from WebID URI dereferencing

Privacy issues from WebID URI dereferencing

State:
OPEN
Product:
WebID-authn-TLS-spec
Raised by:
Nathan Rixham
Opened on:
2011-02-01
Description:
Part of the WebID protocol includes dereferencing a "WebID URI" specified by the identifying agent.

Whilst a measure of privacy and anonymity is provided by one half of the protocol (the TLS side), the act of dereferencing a "WebID URI" currently has authority/provenance issues (as outlined in ISSUE-23) and privacy issues.

Namely, privacy is not guaranteed, an intermediary (or a "webid/profile host") can detect a request from a server (say a bank, a private site, an adult site, a gambling site) to a users WebID URI and thus know the user has attempted to identify on said site.

This may be something which the protocol needs to address (for instance, force TLS for dereferencing), or may be something that is best noted and addressed by specification text (note as a security consideration and give advice).
Related Actions Items:
No related actions
Related emails:
  1. Formal WebID Teleconf Friday October 11, 2013 14:00UTC (from henry.story@bblfish.net on 2013-10-07)
  2. Re: Cancellation: Formal WebID Teleconf Friday October 4, 2013 14:00UTC (from andrei.sambra@gmail.com on 2013-10-04)
  3. Re: Cancellation: Formal WebID Teleconf Friday October 4, 2013 14:00UTC (from scorlosquet@gmail.com on 2013-10-04)
  4. Re: Cancellation: Formal WebID Teleconf Friday October 4, 2013 14:00UTC (from ddooss@wp.pl on 2013-10-04)
  5. Cancellation: Formal WebID Teleconf Friday October 4, 2013 14:00UTC (from henry.story@bblfish.net on 2013-10-04)
  6. Re: Formal WebID Teleconf Friday October 4, 2013 14:00UTC (from henry.story@bblfish.net on 2013-09-27)
  7. Formal WebID Teleconf Friday September 4, 2013 14:00UTC (from henry.story@bblfish.net on 2013-09-27)
  8. Re: Documenting implicit assumptions? (from henry.story@bblfish.net on 2011-02-01)
  9. Re: WebID-ISSUE-24: Privacy issues from WebID URI dereferencing [WebID Spec] (from henry.story@bblfish.net on 2011-02-01)
  10. Re: WebID-ISSUE-24: Privacy issues from WebID URI dereferencing [WebID Spec] (from benjamin.heitmann@deri.org on 2011-02-01)
  11. Re: WebID-ISSUE-24: Privacy issues from WebID URI dereferencing [WebID Spec] (from scorlosquet@gmail.com on 2011-02-01)
  12. Re: WebID-ISSUE-24: Privacy issues from WebID URI dereferencing [WebID Spec] (from tai@g5n.co.uk on 2011-02-01)
  13. Re: Documenting implicit assumptions? (from nathan@webr3.org on 2011-02-01)
  14. WebID-ISSUE-24: Privacy issues from WebID URI dereferencing [WebID Spec] (from sysbot+tracker@w3.org on 2011-02-01)

Related notes:

No additional notes.

Display change log ATOM feed

Henry Story <Henry.Story@bblfish.net>, Chair, Dominique Hazaƫl-Massieux <dom@w3.org>, Staff Contact
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: 24.html,v 1.1 2019/12/03 13:24:58 carcone Exp $