Commentary by Mark Wahl, CISA
Organizing principles for identity systems:
A friend is someone who'll help you move...a profile (20070731)
Dave Kearns writes in his blog post " Dragging me, kicking and screaming" that a user Alice moving or copying her contact list, which includes a contact Bob, from social network service X to social network service Y, may not be desirable from Bob's POV, as the "Alice <-> Bob" relationship which Bob signed up to in service X might not be what Bob wants as his description in service Y. This might be due to factors such as
- service Y gives relationships hosted there an undesirable connotation (Bob doesn't want to "be seen" in Y),
- service Y not having the right "terms" to define a relationship (Alice and Bob are "coworkers" in X but Y only has "neighbors"), or
- service Y not allowing the adequate degree of assymetry to relationships (e.g., Y might require relationships to be symmetric or transitive).
He writes
"Unfortunately, most social networking sites don't allow for this sort of "split view" of the relationship - they actually expect both parties to agree upon the degree of intimacy involved. While this mostly serves to lower the precision of the meaning of the relationship terms, it also means that anyone viewing your contacts will think the relationship is as you describe it. That can do a lot of damage to my reputation, another facet of my identity which I would prefer to enhance."
I am reminded of the 1983 movie The King of Comedy, in which aspiring comic Rupert Pupkin (played by Robert De Niro) imagines that he is a guest on a national TV show hosted by Jerry Langford (where Liza Minnelli is another guest)
and since he feels that
| RupertPupkin FriendOf JerryLangford |
and friendship should be symmetric, then he believes that
| JerryLangford ShouldBeFriendOf RupertPupkin |
To a viewer of this movie, it is obvious that Rupert's friend beliefs are incorrect; Jerry won't put Rupert on his show. Rupert then enlists the help of another "fan" Masha to kidnap him.
If these characters had accounts in one of today's typical social network site, a viewer would need additional information to go on.
Rupert Pupkin and Masha might list each other as friends:
| Site | Page | Relation | To |
|---|---|---|---|
| myspace.com | /rupertpupkin | friend | /masha |
| myspace.com | /masha | friend | /rupertpupkin |
And while one might expect to see the "true" assertion
| Site | Page | Relation | To |
|---|---|---|---|
| myspace.com | /jerrylangford | friend | /lizaminelli |
it is more likely that a page such as http://www.myspace.com/jerrylangford page does not have the actual list of friends, but instead, like the real-world Britney Spears page, is a celebrity page that lists hundreds of thousands of people as "friends" who are self-asserted fans.
| Site | Page | Relation | To |
|---|---|---|---|
| myspace.com | /jerrylangford | friend | ... |
| myspace.com | /jerrylangford | friend | /rupertpupkin |
| myspace.com | /jerrylangford | friend | /masha |
| myspace.com | /jerrylangford | friend | ... |
The compounding of self-asserted information and misleading statements is a hazardous tool, in part as it makes difficult automated processing of these statements.
A similar problem is faced in the design of any comprehensive ontology of real-world information: there is no single, simple, consensus reality view, since "common sense" and "technical" interpretations of a statement may be different. In one case, the Cyc ontology
...divides its knowledge base into smaller contexts called micro-theories which contain specialized information regarding specific areas (such as troop movement, physics, movies, etc.). Belief revision is performed within micro-theories or within a small group of micro-theories that are working together, and the system is only concerned with maintaining consistency within that small group (as opposed to across the entire belief space). For example: in an everyday context, a table is solid, but within a physics context, it is mostly space (between atoms).(from an email from Graham Horn)
And in the Semantic web, RDF currently doesn't give a way to identify or quote the RDF statements themselves.
For example, a FOAF page of Rupert Pupkin might state
| Site | Subject | Predicate | Object |
|---|---|---|---|
| myclaimspace.com | /#rupertpupkin | foaf:friend | /#masha |
| myclaimspace.com | /#rupertpupkin | foaf:friend | myspace.com/jerrylangford |
A receiver of the above two statements might have difficulty in determining whether they are valid.
- Who is making these statements?
Is it myclaimspace.com, or Rupert Pupkin? - Who is allowed to make those statements?
Can someone make arbitrary statements on myclaimspace.com? Can they choose their own subject? own predicate? own object?
If Rupert Pupkin adds a statement nbc.com legalese:issuesContractTo /#rupertpupkin, who must validate it? The holder of nbc.com? The creator of the predicate issuesContractTo? The subject (but here is an object) rupertpupkin? - Which parties are to be trusted to make these particular statements correctly?
Are the assertions from myclaimspace.com plausible? If so, are the assertions from myclaimspace.com/#rupertpupkin also plausible?
This starts to resemble the certificate scoping and practice statement extensions added to X.509 by the IETF PKIX working group.