W3C home > Mailing lists > Public > public-powderwg@w3.org > May 2008

Re: Report on Beijing

From: Tim Boland <frederick.boland@nist.gov>
Date: Wed, 07 May 2008 11:06:03 -0400
Message-Id: <5.1.1.5.2.20080507105922.02403fc0@mail.nist.gov>
To: public-powderwg@w3.org

Would the text proposed contain any normative requirements which would then 
need to (hopefully) be
objectively tested?  How would this trust be managed/tested (will we be 
testing any requirements related to trust management for POWDER)?

Thanks and best wishes
Tim Boland NIST

At 03:53 PM 5/7/2008 +0100, you wrote:

>Thanks Kai, it'll be in the next version of the doc posted to the group - 
>which I hope to do tomorrow morning.
>
>Phil.
>
>Scheppe, Kai-Dietrich wrote:
>>Hi Phil,
>>That is pretty good, but I think something else needs to be said as
>>well.
>>There is the fickle nature of trust with regard to the circumstances.
>>You may trust one person to give you information on cooking, but would
>>extend trust to another person about how to fix your broken GRDDL
>>transform.
>>As such how about this:
>>Trust is a central theme of POWDER, however, we do not prescribe a
>>single method through which trust must be conferred on Description
>>Resources. By its very nature, trust is a human judgement that can only
>>be made by weighing the likelihood that the data is true against the
>>effect of it being false.
>>This judgement is highly dependant on the circumstances under which the
>>need to extend trust arises.
>>POWDER does, therefore, provide support for, and is amenable to, a
>>variety of methods through which users and user agents can establish
>>trust to suit their particular situation.
>>
>>...as a thought.
>>Kai
>>
>>>-----Original Message-----
>>>From: public-powderwg-request@w3.org 
>>>[mailto:public-powderwg-request@w3.org] On Behalf Of Phil Archer
>>>Sent: Wednesday, May 07, 2008 1:04 PM
>>>To: Public POWDER
>>>Subject: Re: Report on Beijing
>>>
>>>
>>>Just to follow up on this, I am working on the DR doc just now and would 
>>>like to propose the following additional text be included in the
>>>introduction:
>>>
>>>Trust is a central theme of POWDER, however, we do not prescribe a 
>>>single method through which trust must be conferred on Description 
>>>Resources. By its very nature, trust is a human judgement that can only 
>>>be made by weighing the likelihood that the data is true against the 
>>>effect of it being false.  POWDER does, however, provide support for, 
>>>and is amenable to, a variety of methods through which users and user 
>>>agents can establish trust.
>>>
>>>Does that answer the question do you think?
>>>
>>>Phil.
>>>
>>>Phil Archer wrote:
>>>>Thanks Kai, and thanks for flying the POWDER flag in Beijing.
>>>>
>>>>I get asked the same question and my answer is usually a version of:
>>>>
>>>>There are several methods of adding security - XML Sig, SSL
>>>etc. And
>>>>it depends on the application which is the most
>>>appropriate. The claim
>>>>that a Web site offers good ideas for children's parties needs a 
>>>>different level of security than the claim that the advice
>>>on the Web
>>>>site is useful for defusing a nuclear warhead. /Therefore/ we don't 
>>>>prescribe a single method.
>>>>
>>>>But... as you say, the question does keep coming up.
>>>Section 4 of the
>>>>DR doc [1] attempts to answer it and highlights several methods:
>>>>
>>>>1. wdr:authenticate - which links a FOAF file to a description of a 
>>>>service - any service - through which one can authenticate an DR 
>>>>created by that author.
>>>>
>>>>2. Certification using a DR - in which a hash of the (single) thing 
>>>>described is part of the description.
>>>>
>>>>3. supportedBy - a pointer from a DR to some other source of 
>>>>information that will offer a similar description.
>>>>
>>>>4. The source of the DR - if you get your DR directly from 
>>>>technosite.es, notwithstanding a man in the middle attack,
>>>you can be
>>>>pretty sure that Technosite was the publisher of the DR.
>>>>
>>>>5. Machine Learning - Since DRs make it easy to use controlled 
>>>>vocabularies, and controlled vocabularies make it easy to train contnet 
>>>>analysers.
>>>>
>>>>Those who know the WG members will be able to discern where these 
>>>>approaches all come from. In addition, Andrea has suggested we make use 
>>>>of Dan Brickley's 'other vocabulary', the Web of trust 
>>>>http://xmlns.com/wot/0.1/ and, yes, XML Sig. I'd be very
>>>happy to see
>>>>these in the doc!
>>>>
>>>>Phill
>>>>
>>>>
>>>>[1] http://www.w3.org/TR/2008/WD-powder-dr-20080317/#trust
>>>>
>>>>Scheppe, Kai-Dietrich wrote:
>>>>>Phil had asked about China and the WWW2008 conference.
>>>>>
>>>>>Yes, there is something to report.
>>>>>I gave a short presentation on POWDER.  It went fine,
>>>people seemed
>>>>>interested, there were few questions.
>>>>>
>>>>>However, one point came up in several conversations with several people
>>>>>- that of security.
>>>>>
>>>>>Basically I was asked:       How do you ensure that the DR which has 
>>>>>been written does in fact come from that person or entity?
>>>>>
>>>>>I believe we had, a long time ago, discussed digital
>>>signatures, but
>>>>>wasn't sure what had come of all that.
>>>>>
>>>>>
>>>>>Question to the group:  Will we deal with that? And if yes, how?
>>>>>
>>>>>The easy way out would be to say no, trust is up to the
>>>user and we
>>>>>won't bother, but I was struck by how this point came up several times 
>>>>>independently, thus I think it is not something to
>>>be brushed aside.
>>>>>-- Kai
>
>
Received on Wednesday, 7 May 2008 15:06:48 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:42:12 GMT