W3C home > Mailing lists > Public > public-powderwg@w3.org > May 2008

Re: Report on Beijing

From: Phil Archer <parcher@icra.org>
Date: Wed, 07 May 2008 12:03:44 +0100
Message-ID: <48218C90.1040104@icra.org>
To: Public POWDER <public-powderwg@w3.org>

Just to follow up on this, I am working on the DR doc just now and would 
like to propose the following additional text be included in the 

Trust is a central theme of POWDER, however, we do not prescribe a 
single method through which trust must be conferred on Description 
Resources. By its very nature, trust is a human judgement that can only 
be made by weighing the likelihood that the data is true against the 
effect of it being false.  POWDER does, however, provide support for, 
and is amenable to, a variety of methods through which users and user 
agents can establish trust.

Does that answer the question do you think?


Phil Archer wrote:
> Thanks Kai, and thanks for flying the POWDER flag in Beijing.
> I get asked the same question and my answer is usually a version of:
> There are several methods of adding security - XML Sig, SSL etc. And it 
> depends on the application which is the most appropriate. The claim that 
> a Web site offers good ideas for children's parties needs a different 
> level of security than the claim that the advice on the Web site is 
> useful for defusing a nuclear warhead. /Therefore/ we don't prescribe a 
> single method.
> But... as you say, the question does keep coming up. Section 4 of the DR 
> doc [1] attempts to answer it and highlights several methods:
> 1. wdr:authenticate - which links a FOAF file to a description of a 
> service - any service - through which one can authenticate an DR created 
> by that author.
> 2. Certification using a DR - in which a hash of the (single) thing 
> described is part of the description.
> 3. supportedBy - a pointer from a DR to some other source of information 
> that will offer a similar description.
> 4. The source of the DR - if you get your DR directly from 
> technosite.es, notwithstanding a man in the middle attack, you can be 
> pretty sure that Technosite was the publisher of the DR.
> 5. Machine Learning - Since DRs make it easy to use controlled 
> vocabularies, and controlled vocabularies make it easy to train contnet 
> analysers.
> Those who know the WG members will be able to discern where these 
> approaches all come from. In addition, Andrea has suggested we make use 
> of Dan Brickley's 'other vocabulary', the Web of trust 
> http://xmlns.com/wot/0.1/ and, yes, XML Sig. I'd be very happy to see 
> these in the doc!
> Phill
> [1] http://www.w3.org/TR/2008/WD-powder-dr-20080317/#trust
> Scheppe, Kai-Dietrich wrote:
>> Phil had asked about China and the WWW2008 conference.
>> Yes, there is something to report.
>> I gave a short presentation on POWDER.  It went fine, people seemed 
>> interested, there were few questions.
>> However, one point came up in several conversations with several people
>> - that of security.
>> Basically I was asked: 
>>       How do you ensure that the DR which has been written does in fact
>> come from that person or entity?
>> I believe we had, a long time ago, discussed digital signatures, but
>> wasn't sure what had come of all that.
>> Question to the group:  Will we deal with that? And if yes, how?
>> The easy way out would be to say no, trust is up to the user and we
>> won't bother, but I was struck by how this point came up several times
>> independently, thus I think it is not something to be brushed aside.
>> -- Kai
Received on Wednesday, 7 May 2008 11:04:26 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:06:04 UTC