OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SV: Copyrighting schemas, Hailstorm (strayed a bit)

Hi Joel

Please, no need for excuses. I'm glad you took some time to reply again. 

My original intention in writing this series of mails to this particular
list, is that I wanted to see what kind of sensitivity we, as a community,
have when it comes to indentitiy, intergrity and similar concepts and our
leverage on those things in developing particular solutions and discussing

Comments inlined



-----Ursprungligt meddelande-----
Från: Joel Rees [mailto:rees@server.mediafusion.co.jp]
Skickat: den 6 juni 2001 14:05
Till: Dimitris Dimitriadis
Kopia: XML DEV
Ämne: Re: Copyrighting schemas, Hailstorm (strayed a bit)

Hello, Dimitris,

I really did a poor job of clipping and inserting when I responded below,
and I apologize.

I guess what I'm driving at is this -- the governments of various nations
(and various corporations with out-of-control ambitions) _will_ try these
kinds of things. Some of them will go down in flames, but some will
unfortunately succeed. Going out of our way to build the standards to
prevent such abuse will only make it harder for us to defend ourselves.

The best approach is clean, simple, open standards.

[dd] I fully agree. And, I'd like to add, keeping an eye open for what goes
on and try to inform people to prepare them for various situations. We all
have some older relatives who are possible future victims as they don't know

Look at the encryption flap in the US. That one actually came really close
to the wire. Fortunately, there were some of us developing alternative
technologies on an open base and getting them outside of the government's
control as fast as possible. (We still aren't safe, barely any breathing
room, but at least we held the control freaks off until we could get Mr.
Slick out of the oval office. Cycling is a good thing, and will help us
again in four to eight years.)

And look at Microsoft. We are to blame for creating that monster. We let
them get ahead of us. We (as an industry) told ourselves no sane person
would buy their snake oil, and spent too much time too far beyond the
cutting edge solving the next decade's problems before we knew what they
were. They grabbed the bits and pieces that were too mundane for us and did
a little end-run around our pieces of the frontier. And we keep using the
tools they build for us.

[dd] My original mail may have been posted as a reply to a thread that had
to do with Hailstorm, but wasn't directed at them. Needless to say, of
course, I do have difficulties in accepting that large corporations gain
control over identification means (this is probably because we have let the
current model emerge withouth putting it under thourough analysis). I also
want to separate identification from services (which is my reply to Len's
original question). But I don't think that's enough. Even if we were to do
that, we'd have lost another battle that would have been goin gon
simltaneously. That of integrity.  

Constant vigilance. And regularly going to the polls and voting people out
and voting government smaller. Also, voting with your pocket book, even when
it hurts in the short run. You can't substitute for these in code, so you
have to build the code strong enough to defend yourself with it when you
need to. And you have to make the technology available to as many people as
you can, especially freedom-minded people.

[dd] I definitely agree with you here, and especially with the last
sentence. If nothing else, the goal is to raise awareness amongst ourselves.

One nice advantage -- power mongers have a harder time understanding clean,
simple code. Convoluted code is easier for them to pervert.

[dd] So, again risking making people very tired, what are other peoples'
views on these matters? What can/should we do to avoid ending up in a
1984ish scenario? Should we care to begin with?

My two jpy.

Joel Rees

Dimitris Dimitriadis" <dimitris.dimitriadis@improve.se>
To: "'Joel Rees'" <rees@mediafusion.co.jp>
Cc: "XML DEV" <xml-dev@lists.xml.org>
Sent: Monday, June 04, 2001 9:18 PM
Subject: SV: Copyrighting schemas, Hailstorm

Hi Joel

Thanks for your reply.

Comments inlined

-----Ursprungligt meddelande-----
Från: Joel Rees [mailto:rees@server.mediafusion.co.jp]
Skickat: den 4 juni 2001 07:04
Till: Dimitris Dimitriadis; 'Bullard, Claude L (Len)'
Kopia: XML DEV
Ämne: Re: Copyrighting schemas, Hailstorm

Dimitris Dimitriadis wrote:


[dd] If I have a particular set of identification means (password, voice,
retinal scan, fingerprint, what have you) and rest assured that that's
enough and they can be forged and used by others, we end up in the pig
loving donkey case (only difference being that I have less money and more
bills, possibly even a secret lover I didn't know of until then). If, on the
other hand, we can come up with alternative means that cannot be forged, we
can rest assured that nothing bad will happen.


Forgeries have always existed and always will. So are you asking how to keep
the statical rate of occurence low enough to avoid violent revolution? (in
spite of the fact that your tool is primarily a box that allows people to do
stupid things at higher and higher speeds.)


[dd] Forged identity is only one of the many unwanted things I mentioned. In
the context you copied from, it had to do with the most obvious danger, that
of using information in a simply wrong way. That, however, is too obvious a
thing to discuss at length.

There's a series of other effects frameworks like the one we're discussing
can have:
1. Collecting information about people to predict behaviour (done today
already, no big deal)
2. Creating platforms that use that kind of prediction engines to "simplify
ordinary people's lives", that is, sell them stuff
3. Making the platform big enough for non-typical services to use the
platform as a primary menas of cummincation between subject and service
giver (govenrment, non-profit organizations, what have you).
4. Scale this up any number of times.

So onow the question becomes: who has primary access to my identification
means? Obviously not the bodies that have, up to now, done the job. This
power gets transferred to other kinds of organisations. Trivially, these
organisations can keep track of every piece of information you send around.
(Connect this to the work done on the semantic web to get some idea of why
the layer of trust is needed)

Why, then, is this relevant to xml-dev? Well, our beloved syntax makes these
things possible to a far higher degree than ordinary binary code does. And
as we are responsible human beings, we should have some clue as to what kind
of consequence it could have.

Arguments that, by the way, I cannot see have any relevance (and please
correct me if I'm wrong) are:
1. Weapons do not kill people, people do
2. People know what they do when they sign up for various services (ask the
farmers in the backwoods of India, I don't think what their fingerprints
could lead them to)
3. Forgery can be tried in a court of law. (Sure, but the question is how
you measure activity in a system you don't have access to, in order to
realise that someone has broken the law)


Has anyone noted the news items about computerizing land records for farmers
in the backwoods of India? They use fingerprint IDs, and the government
officials in charge seem sold on the concept that since passwords aren't
being used they can't be abused. Said government officials have extrapolated
to a zero probability of forgery (or at least a low enough probability of

[dd] I think this goes to show why it is so important to inform people as to
what identification means nowadays. It's equally important to raise
awareness amongst ourselves that we are, to some degree, relevant for any
change in that direction, by building systems like that, hooking up to
frameworks with that functionality and so on.


Joel Rees


The xml-dev list is sponsored by XML.org, an initiative of OASIS

The list archives are at http://lists.xml.org/archives/xml-dev/

To unsubscribe from this elist send a message with the single word
"unsubscribe" in the body to: xml-dev-request@lists.xml.org