WebID and eCommerce

Background of Talk

I was kindly invited late last year (2011) by Adrian Gschwend to present WebID at a conference organised by eema (the european association for e-identity and security). The conference was held in late March in Switzerland on the theme European eID Interoperability Concepts and Compliance. As it was held in Switzerland, I thought that an international Banking angle could be useful. So instead of presenting the usual distributed social web story that has propelled my interest in WebID since the beginning, I decided to look at how WebID could be of interest to international business and commerce, and how it could help with interoperability. This was not difficult: institutions form social networks just like individual people do, and trust works in very much the same way. States have "friendship" relations to each other, have legal frameworks that create trust between institutions such as banks, enterprises, educational institutions, ... The semantic web makes it easy to give an interoperability story, and Linked Data makes it easy to link all these together. The presentation was very successful, and so I polished it up in the last week into the following slidecast with audio.

The presentation

WebID and Commerce
View another webinar from Henry Story

The slides with notes are available as PDF here. These can be viewed with the MP3 audio here.

This slideshow does not emphasize the interoperability aspects of the semantic web. So I should add that the semantic web can rightefully be thought of as the logic of interoperability. There are many other talks that go into that in more details.

Summary

TLS currently helps one know that when one opens a connection to a service (domain:port pair) one is actually connected to the machine that officially owns that domain. It does not give one the big picture of what kind of entity one is actually connected to: ie. it does not answer the following questions:

In this talk I look at how this extra information could be made available by using WebID and Linked Data, published by official entities in ways that gave those documents legal weight. This would not be technically very difficult to do, but would provide huge benefits to the web. It could increase trust in the the web, and it could enable e-commerce in a much broader way that hitherto found.

The talks then shows how this can be used to create a framework for flexible user identities to enable e-commerce.

The emphasis here is to show how trust is inevitably social, and how formal relations between states and various institutional players could easily be expressed by publishing interlinked static documents with legal weight on well known locations. This adds the missing background trust graph that the internet needs and that is missing from the Public Key Infrastructure (PKI) story. It also gives Linked Data a very pragmatic use case which can guide its further development. WebID just happens to be the cornerstone that ties these two projects together, and a very light one at that. I also sketch how WebID can be slightly extended from its present form to enable institutional trust relations.

Discussions

This topic was well discussed on the IETF TLS mailing list in the thread Fixing TLS Trust. Here is my summary of the responses:

Please send any further comments to the lists or to me by e-mail.