Ben Laurie wrote:
I'm getting quite tired of this: the point is, you cannot achieve
unlinkability with WebID except by using a different WebIDs. You made
the claim that ACLs on resources achieve unlinkability. This is
incorrect.
You're 100% correct here Ben, and I'm unsure why it's so hard to convey!?
If you use the same identifier for more than one request, subsequent
requests can be associated with the first request. An identifier here is
any identifying, stable, information - key parts and URIs.
If the issue is only unlinkability across sites, then you just have a
keypair+uri per site. Or better, key-pair only, and that's associated
with an identifier for the agent behind the interface.
You're correct that ACLs won't cut it.
