Verifiable Identity controlled by You, at Web-Scale

Image for post
Image for post

Situation Analysis

The 2016 US Election is over. It showcased the influence of social media stalwarts like Facebook, Google, and Twitter, and in the process magnified the fact that information provenance, privacy, security, and society are collectively being challenged like no other time in our history.

In my personal opinion, these challenges are the product of development and deployment of applications and services that follow flawed Web 2.0 development patterns.

Fundamentally, Web 2.0 applications do not take a granular approach to identity and do not leverage the nature of entity relationship type semantics with regards to fundamental design.

For instance, a majority of Web 2.0 applications do not recognize Application Users as distinct entities from the Applications they use. None of them adapt open standards (such as X.509 Certificates) as Identity Claims bearing tokens due to misunderstandings that arise with PKI (Public Key Infrastructure) in the areas of UI (User Interface) and UX (User Interaction).

Image for post
Image for post

Surprisingly, though X.509 certificates drive eCommerce globally, via its role as the token used to verify the identities of retailers, we fail to reuse this standard to distinctly identify Applications and their Users. Net effect, individual identity is controlled by application and service providers rather than end-users.

Fix the problem head-on, as I will demonstrate in this post using our newly released YouID Browser Extension. Fundamentally, this is about taking the tedium out of creating and using an X.509 Certificate (Digital Identity Card) and complementing that with the same ease of use when authenticating against applications and services that support TLS (which already includes functionality for Client Authentication Challenges).

What is the YouID Browser Extension?

The new YouID Browser Extension lets you take full control of your Identity in cyberspace using existing open standards. It distinguishes the identity of a Web Application from the identity of an Application User, and as a result, it solves the UI/UX paradox that has challenged Web Application development and deployment since the inception of the World Wide Web.

Why is it important?

Every aspect of the Web — from Email to Social Media and beyond — has been challenged by identity and privacy for years. The rise of social media behemoths, hosted email services, and increasingly myopic desktop email apps have only made matters worse.

There is no escaping the need for verifiable identity in all of these. This is a classic example of a power that must be taken, rather than expecting it to ever be given.

Unknown to most, we already have open standards that can enable one to take full control over their online identity. Unfortunately, demonstrating this reality in a user-friendly form is all but impossible with existing browsers, without adding one or more browser extensions.

How do I use it?

Simply download and install our new YouID browser extension for Chrome, Opera, Vivaldi, or Firefox (a build for Edge is coming soon) to experience what’s previously been deemed impossible — i.e., you can now create, control, and use your own ID cards with existing open standards, such as:

  • HTTP URIs — used for Agent (Person, Organization, Software) Identification (also known as WebIDs)
  • RDF Language Sentences — used for the Agent Description (including how a Person is associated with Software Applications [User Agents]) i.e., profile document creation
  • HTTPS — used for Secure Transmission of Agent Profile and other Data
  • WebID+TLS — used to verify Agent Identity Claims, this extension of HTTPS extends its handshake scope beyond HTTPS Server Machines to include various other Agents
  • WebID+TLS+Delegation — used to distinguish between Software and its Users, this extends WebID+TLS to allow the evaluation of these and other delegate relationships types

Here is a collection of screenshots that outline the process of registering a WebID with this extension:

Location in Chrome Extensions Toolbar

Image for post
Image for post

Initial dialog prior to existence of any registered WebID

Image for post
Image for post

Entering an actual WebID

Image for post
Image for post

Registered a WebID following successful lookup

Image for post
Image for post

Registering another WebID

Image for post
Image for post

Successful registration of additional WebID

Image for post
Image for post

Two registered WebIDs available for use

Image for post
Image for post

Selecting a WebID for use across HTTPS sessions

Image for post
Image for post

The following collection of screenshots demonstrates how to make use of WebIDs registered in your browser, courtesy of the YouID Browser Extension.

Go to the homepage of an HTTPS Application (e.g., the SPARQL Query Service endpoint we provide at: http://linkeddata.uriburner.com ):

Image for post
Image for post

Log in to your HTTPS application, and then authenticate using the WebID+TLS protocol (that is, authenticate using your Software Agent’s credentials, by selecting its X.509 certificate):

Image for post
Image for post

Following selection of and successful authentication through the WebID+TLS protocol, you can see that you are logged in under the identity associated with the WebID that you selected via the YouID Browser Extension:

Image for post
Image for post

Click on the YouID icon in your Browser’s Toolbar, and select a different WebID as the default:

Image for post
Image for post

Then return to your application and click on the “Change Login” link. This lets you log in to the same application using a different WebID, without restarting your browser:

Image for post
Image for post

Following authentication using WebID+TLS, note that you’ve been successfully logged in using a different WebID — the one you selected as your new default via the YouID Browser Extension:

Image for post
Image for post

What’s novel about any of this?

I’ve just demonstrated how the nature (semantics) of the relationship between an application and its user has been successfully integrated into an existing protocol for secure interaction between Web applications (the browser and the query service provider), using existing open standards. All of this has been achieved without compromising UI and UX, too!

Now that the identity of an application and its users are distinguishable, you can interact with applications that implement fine-grained access controls (or data access policies) that are scoped to specific user identities, user groups defined by lists, or user groups defined by sophisticated rules expressed in query languages like SPARQL. This flexibility replaces today’s common weak conflation of user and application identities that does nothing but compromise privacy (and eventually security) for all.

Links

OpenLink Software Blog

Blog Publication Hub focused on Data Access, Integration…

Kingsley Uyi Idehen

Written by

CEO, OpenLink Software —High-Performance Data Centric Technology Providers. #SHA1 Fingerprint:7ED0CF5F F77BF6214D5FC50EFF9BC354386EB100

OpenLink Software Blog

Blog Publication Hub focused on Data Access, Integration, Flow, and Management Tech

Kingsley Uyi Idehen

Written by

CEO, OpenLink Software —High-Performance Data Centric Technology Providers. #SHA1 Fingerprint:7ED0CF5F F77BF6214D5FC50EFF9BC354386EB100

OpenLink Software Blog

Blog Publication Hub focused on Data Access, Integration, Flow, and Management Tech

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store