W3C home > Mailing lists > Public > public-lod@w3.org > February 2013

Re: I've built www.vocabs.org - A community driven website that allows you to build RDF vocabularies

From: Luca Matteis <lmatteis@gmail.com>
Date: Fri, 15 Feb 2013 19:20:55 +0100
Message-ID: <CALp38EPxxmuBY7D4PavJKbMGiVr+vkb4vFGiRWk4gawNQS0X1g@mail.gmail.com>
To: Stéphane Corlosquet <scorlosquet@gmail.com>
Cc: Melvin Carvalho <melvincarvalho@gmail.com>, public-lod@w3.org
I guess, but do we really want to be that paranoid? What's the attackers
motive to modify domain/range properties?

In any case, are there examples of vocabularies that use HTTPS in their
URI? Most the ones I've seen use default http://, even standard OWL/RDFS.

This can also confuse the users: should they use https:// or http:// URIs?
That little 's' makes the URI different and can cause lots of un-needed
complexity.

I good way to solve this would simply be to have users always use 'http://'
and then redirect to HTTPS after an url is resolved.


On Fri, Feb 15, 2013 at 6:51 PM, Stéphane Corlosquet
<scorlosquet@gmail.com>wrote:

>
>
> On Fri, Feb 15, 2013 at 12:42 PM, Luca Matteis <lmatteis@gmail.com> wrote:
>
>> Hi Melvin,
>>
>> Thanks for your feedback. CORS could actually be implemented, but this is
>> really only useful if you're wanting to request data using browser-side
>> JavaScript. So its application is rather limited, and not a high-priority
>> feature imho.
>>
>> Regarding HTTPS, we're not dealing with highly sensitive material so I
>> truly think it's kind of redundant. The data that is transferred is Open
>> Data, therefore a MITM attacker would simply gain access to information
>> that is already open.
>>
>
> The point of MITM isn't only information disclosure, but in the case of
> open data such as vocabularies to intercept and alter the data being
> transferred over the wire, which can be potentially damaging effects on the
> consumer requesting the data. Imagine for example a system making decision
> based on open vocabularies, and getting fooled by someone performing MITM
> attack. For example changing the domain/range of properties and impacting
> reasoning on the consumer end.
>
> Steph.
>
>
>>
>> Hope this may have cleared things. But CORS is definitely on my list of
>> things to consider implementing :)
>>
>>
>> On Fri, Feb 15, 2013 at 6:16 PM, Melvin Carvalho <
>> melvincarvalho@gmail.com> wrote:
>>
>>>
>>>
>>> On 14 February 2013 17:46, Luca Matteis <lmatteis@gmail.com> wrote:
>>>
>>>> Dear all,
>>>>
>>>> It's my first time here, but I've been attracted to the Linked data
>>>> initiative for quite a while now. A couple of weeks ago I needed to build
>>>> my first RDF vocabulary.. I cannot tell you how hard this process was for
>>>> an RDF newbie as myself. I had to read a couple of books, and read a lot
>>>> all over the web before I could get a grasp of it all.
>>>>
>>>> Even after understanding the linked-data context, and how the
>>>> technologies involved worked, I was still left with a set of tools that I
>>>> thought were pretty limited. I had to download apps, that did or didn't
>>>> work. And learn various different programming APIs to generate the RDF that
>>>> I wanted. I can only imagine the difficulty a non-techie person would have
>>>> when trying to build a vocabulary.
>>>>
>>>> Another issue that I confronted when looking for existing vocabularies,
>>>> was that most of the time they were created by a single entity (a group of
>>>> people) that knows about the lexicon of the subject. I think this is quite
>>>> limited as well. A vocabulary should be open and agreed upon a group of
>>>> people. It should be community-driven. It should be crowd-sourced and
>>>> validated, the same way correct answers are validated on Stackoverflow.
>>>>
>>>> So in a couple of days I built http://www.vocabs.org/ that does
>>>> exactly this. It allows people, with very little technical experience, to
>>>> start creating vocabularies (entirely through the web-interface). Not only
>>>> that, but different users can then join and comment, and add new vocabulary
>>>> terms. An example of this: http://www.vocabs.org/term/WineOntology(*hint* click "download" at the top).
>>>>
>>>> I was just wondering what the Semantic community thinks of this idea. I
>>>> hope it's clear what I'm trying to achieve here, but maybe a better
>>>> explanation would be here: http://www.vocabs.org/about
>>>>
>>>
>>> Looks great
>>>
>>> Two features we are lacking in some of the existing vocabs are
>>>
>>> - CORS enabled (I think even dublin core doesnt have this turned on yet)
>>> - HTTPS which can be useful for things like payments to prevent MITM
>>>
>>>
>>>
>>>>
>>>> Thanks!
>>>>
>>>
>>>
>>
>
>
> --
> Steph.
Received on Friday, 15 February 2013 18:21:27 UTC

This archive was generated by hypermail 2.3.1 : Sunday, 31 March 2013 14:24:46 UTC