[Freedombox-discuss] Identity Management wiki entry

bertagaz at ptitcanardnoir.org bertagaz at ptitcanardnoir.org
Sat Aug 13 11:32:57 UTC 2011 

Hi,

Thanks to have spent some time on this page, it is mainly its purpose,
write down ideas and help the discussion to go on. It's a very first draft
and certainly needs a lot of work.

On Sat, Aug 13, 2011 at 05:43:32PM +1000, John Walsh wrote:
> Hi Everybody,
>  
> I have reviewed http://wiki.debian.org/FreedomBox/IdentityManagement and
> have the following questions, comments and suggestions. Once agreement is
> reached, i.e. no disagreements on this thread I will update the wiki entry.
>  
> First of all I would like to make the observation that the current document
> seems to be primarily concerned about security but touches on user
> management. If this document is concerned with trust management and not user
> management then I apologise now for my comments being off-topic about this
> wiki entry. I have also broadened the scope of user management to include
> people in every context.
>  
> Before I write about user management, I would like to mention some
> differences I see between people in the real world and the online world. In
> the real world, a multi-lingual person speaks to different groups in their
> own languages, i.e. some group members may only understand the groups
> language. In the online world, multi-lingual people (correct me if this
> assumption is wrong) are happy to receive content in different languages as
> a single (activity) stream. However, the "mono-lingual" people only want to
> see the multi-lingual posts of their language and for this reason websites
> stream content based on language, e.g. en.wikinews.org, de.wikinews.org,
> en.ogmaciel.com, pt.ogmaciel.com. Does this mean multi-lingual people should
> have a different username for each language for the benefit of their
> "mono-lingual" audience?
>  
> In the real world, when an activist says something controversial this may go
> unnoticed by most of their friends through the anonymity of the real world.
> Even those friends present at the time could have been surprised by the
> activists comments, but being human they may forget over time. However, in
> the online world there would be a permanent record of the activists comments
> - the internet never forgets. If the FBX is to accommodate this need, should
> the FBX manage two domains, one for personal usernames and one for activist
> usernames? Can you have 2 domains on the same IP address?

In the described scenario of this page, the activist would have one login
on the FBX, from which she would manage different identities, one for the
personnal activities/relations/etc, another for the more activist part of
it. Each of them could use services hosted on different FBX and domains,
i.e could use a mail server hosted on a remote FBX, but use the friendika
instance running on the same FBX she logs into.

> Below are the existing Glossary entries
> *	
> Owner(s): Administrative account on the FreedomBox
> <http://wiki.debian.org/FreedomBox> . 
> 
> *	
> User(s): refers to system user, which would be the login used to connect to
> a FreedomBox <http://wiki.debian.org/FreedomBox>  account. 
> 
> *	
> Identit{y,ies}: refers to a virtual (or service) identity. 
> 
> I would like to propose the following glossary entries;
>  
> *Owner* 
> The FBX Administrative Account
>  
> *Local* 
> One or many Local Area Network user accounts. Each Local has system user
> login access to a FBX.
>  
> *Username*
> One or many username's (username at domain.tld) per account. Should there be
> one username per language?
>  
> *Profile* 
> Profiles can be based on relationships and language. Profiles are used to
> control the release of personal identifiable and personal information.
>  
> *Contact* 
> Address book of Local. 
>  
> *Guest*
> One or many contacts with Guest login access to the FBX. A Guest account is
> required to store your friends backup or for friends who only have an email
> address, i.e. no social network account. Each contact is associated with a
> profile through a defined relationship.
>  
> *Circle* 
> Lists of contacts. There will be lists for relationships which will be
> automatically updated when there is a new Guest. There can be custom lists
> with contacts and/or guests (guests are a subset of contacts). 
>  
> *Group*
> Private (invite only) and moderated and public forums/conferences for
> members
>  
> *Member* 
> Public access to Group login on the FBX
>  
> *Subscriber*
> A "follower" of the public stream
>  
> The existing *features* are listed below
> 
> *	
> The User/Identity management must enforce privacy and avoid leaks of
> informations. 
> 
> *	
> Users/Owners of a  <http://wiki.debian.org/FreedomBox> FreedomBox should be
> able to have several Identities. 
> 
> *	
> Identities must not be linked publicly to a User. 
> 
> *	
> Identities or Users may not be linked to a Legal Name. 
> 
> *	
> Identities should be able to use several services, not always hosted on the
> same  <http://wiki.debian.org/FreedomBox> FreedomBox. Thus there should be a
> way to publish this information, either publicly or privately. 
> 
> *	
> There must be strong ways to authenticate an Identity as well as a User. 
> 
> *	
> There must be strong ways to verify a Identity ownership.
> 
> I would be grateful if somebody could explain bullet point 5 and the last
> bullet point. I would also like to propose "identity" in the feature list
> above be replaced with username, a label more familiar to users. I would
> also like to propose the "Using GNUPG" section be replaced with "Security".

Which part of point 5 isn't clear? Does the rest of this email answer to
the question or not?

The last point is that people should be able to verify when they meet
someone that she is really the owner of this identity.

I prefer the "Identity" term over the "Username" one, because the later is
a bit confusing. It is most often used to refer to account username, or
login, which is only one small part of the picture this page is trying to
draw. It's reference in the glossary is certainly confusing, badly worded,
and probably should be more clearly explained. Actually the definition on
the W3 webpage Melvin pointed at in his answer to your mail has an
interesting definition for it.

The "Using GnuPG" section is there because there might be a lot of
different options to consider to implement the described features (i.e
WebID has been discussed many times too on this list).

> Some of my glossary entries seem a bit long and I am wondering should some
> of the glossary characteristics be listed as a feature. I also wonder where
> should I place the scenarios described above - should I add them to the user
> stories wiki entry?

My idea when writing it was to define a way for people to use the FBX, not
as yet another kind of social network, but only to answer to the question
of how FBX users/owners would manage their online identities and accounts,
what relations would/should exist between them, ...

For example, a person could be given an account (User in the glossary,
maybe confusing) on a FBX by one of its owners, from which she could setup
different virtual identities. Each of them would have the possibility to
exist on the internet by having one or more email address, social network
account, etc. The account on the FBX itself would only exist mostly
privately to manage different online identities ({semi,}private or public
ones).

I don't think that the FBX project should try to implement/be yet another
social network. Even if it will *be* a network, the "social network" part of
it as commonly understood should be ran by a dedicated app (i.e friendika,
buddycloud or whatever). Otherwise it seems we would spend a lot of time
doing once again what others are trying to do, and certainly less
effectively. So this is not the scope of this document in my opinion, and
then all the social network part of it (circles, groups,...) might not be
that relevant to use there.

So the question in this page is to try to define how technically user
account and identities could be managed in FBX, to try to find a way to
implement it, and because at the end it might help people designing the
FBX interface.

I totally agree though that the definitions in the glossary are probably
too fuzzy.

> 
> If people agree with broadening the scope of the entry I would like to
> rename the wiki entry to user management. All feedback is welcome.

User management might sound a bit too restrictive to me, in my sysadmn
head, it is more related to how owners/admins of a FBX manage their users.
What are others thinking about this renaming?

I'm not saying that what you are trying to work on is not relevant for the
project though. First as everyone I only express my own opinion :). And
trying to define what would be the requirements/features for a social
network app to be included in the FBX sounds like a good idea, given the
broad choice that exists and the discussion that goes on quite often on
this list about that. That might help to choose the one(s) that are the
more relevant for what the FBX project is trying to achieve. Or maybe I
misunderstand what you are trying to do?

bert.

More information about the Freedombox-discuss mailing list