- From: Luca Matteis <lmatteis@gmail.com>
- Date: Fri, 15 Feb 2013 19:20:55 +0100
- To: Stéphane Corlosquet <scorlosquet@gmail.com>
- Cc: Melvin Carvalho <melvincarvalho@gmail.com>, public-lod@w3.org
- Message-ID: <CALp38EPxxmuBY7D4PavJKbMGiVr+vkb4vFGiRWk4gawNQS0X1g@mail.gmail.com>
I guess, but do we really want to be that paranoid? What's the attackers motive to modify domain/range properties? In any case, are there examples of vocabularies that use HTTPS in their URI? Most the ones I've seen use default http://, even standard OWL/RDFS. This can also confuse the users: should they use https:// or http:// URIs? That little 's' makes the URI different and can cause lots of un-needed complexity. I good way to solve this would simply be to have users always use 'http://' and then redirect to HTTPS after an url is resolved. On Fri, Feb 15, 2013 at 6:51 PM, Stéphane Corlosquet <scorlosquet@gmail.com>wrote: > > > On Fri, Feb 15, 2013 at 12:42 PM, Luca Matteis <lmatteis@gmail.com> wrote: > >> Hi Melvin, >> >> Thanks for your feedback. CORS could actually be implemented, but this is >> really only useful if you're wanting to request data using browser-side >> JavaScript. So its application is rather limited, and not a high-priority >> feature imho. >> >> Regarding HTTPS, we're not dealing with highly sensitive material so I >> truly think it's kind of redundant. The data that is transferred is Open >> Data, therefore a MITM attacker would simply gain access to information >> that is already open. >> > > The point of MITM isn't only information disclosure, but in the case of > open data such as vocabularies to intercept and alter the data being > transferred over the wire, which can be potentially damaging effects on the > consumer requesting the data. Imagine for example a system making decision > based on open vocabularies, and getting fooled by someone performing MITM > attack. For example changing the domain/range of properties and impacting > reasoning on the consumer end. > > Steph. > > >> >> Hope this may have cleared things. But CORS is definitely on my list of >> things to consider implementing :) >> >> >> On Fri, Feb 15, 2013 at 6:16 PM, Melvin Carvalho < >> melvincarvalho@gmail.com> wrote: >> >>> >>> >>> On 14 February 2013 17:46, Luca Matteis <lmatteis@gmail.com> wrote: >>> >>>> Dear all, >>>> >>>> It's my first time here, but I've been attracted to the Linked data >>>> initiative for quite a while now. A couple of weeks ago I needed to build >>>> my first RDF vocabulary.. I cannot tell you how hard this process was for >>>> an RDF newbie as myself. I had to read a couple of books, and read a lot >>>> all over the web before I could get a grasp of it all. >>>> >>>> Even after understanding the linked-data context, and how the >>>> technologies involved worked, I was still left with a set of tools that I >>>> thought were pretty limited. I had to download apps, that did or didn't >>>> work. And learn various different programming APIs to generate the RDF that >>>> I wanted. I can only imagine the difficulty a non-techie person would have >>>> when trying to build a vocabulary. >>>> >>>> Another issue that I confronted when looking for existing vocabularies, >>>> was that most of the time they were created by a single entity (a group of >>>> people) that knows about the lexicon of the subject. I think this is quite >>>> limited as well. A vocabulary should be open and agreed upon a group of >>>> people. It should be community-driven. It should be crowd-sourced and >>>> validated, the same way correct answers are validated on Stackoverflow. >>>> >>>> So in a couple of days I built http://www.vocabs.org/ that does >>>> exactly this. It allows people, with very little technical experience, to >>>> start creating vocabularies (entirely through the web-interface). Not only >>>> that, but different users can then join and comment, and add new vocabulary >>>> terms. An example of this: http://www.vocabs.org/term/WineOntology(*hint* click "download" at the top). >>>> >>>> I was just wondering what the Semantic community thinks of this idea. I >>>> hope it's clear what I'm trying to achieve here, but maybe a better >>>> explanation would be here: http://www.vocabs.org/about >>>> >>> >>> Looks great >>> >>> Two features we are lacking in some of the existing vocabs are >>> >>> - CORS enabled (I think even dublin core doesnt have this turned on yet) >>> - HTTPS which can be useful for things like payments to prevent MITM >>> >>> >>> >>>> >>>> Thanks! >>>> >>> >>> >> > > > -- > Steph.
Received on Friday, 15 February 2013 18:21:27 UTC