Re: Thinking on Endorsement use case from Sandro Hawke on 2012-01-18 (public-rdf-wg@w3.org from January 2012)

From: Sandro Hawke <sandro@w3.org>
Date: Wed, 18 Jan 2012 10:36:32 -0500
To: Gavin Carothers <gavin@carothers.name>
Cc: RDF-WG WG <public-rdf-wg@w3.org>
Message-ID: <1326900992.6193.94.camel@waldron>

What threat model is addressed by either the hash or the signature that
isn't address by using a bnode (and no crypto)?   (maybe answer in
telecon; I probably wont read email before then.)

   -- Sandro

On Tue, 2012-01-17 at 13:38 -0800, Gavin Carothers wrote:
> Also on Wiki at
> http://www.w3.org/2011/rdf-wg/wiki/Example_of_Endorsement_Use_Case
> 
> ## Endorsement (3rd Use Case from Sandro)
> 
> A system wants to convey to another system in RDF that some person
> agrees with or disagrees with certain RDF triples.
> 
> ## Concrete Example
> 
> Alice wants to say that she agrees that Bob is named Bob.
> 
> Bob has stated in a foaf record that he is named Bob. He did so in a
> Turtle document he hosts on http://example.org/bob/foaf.ttl
> 
>  @prefix foaf: <http://xmlns.com/foaf/0.1/> .
> 
>  <#me> foaf:name "Bob",
>      foaf:homepage <http://mytotallyfakesite.com> .
> 
> Alice Requests the Turtle document. After reading it she decides that
> she wants to agree with Bob's name, but doesn't with to endorse the
> totally fake site as Bob's homepage.
> 
> In order to use any sort of HMAC or other signing system Alice will
> need to produce a byte stream for the message. An example byte stream:
> 
>  0000000 3c 68 74 74 70 3a 2f 2f 65 78 61 6d 70 6c 65 2e
>  0000010 6f 72 67 2f 62 6f 62 2f 66 6f 61 66 2e 74 74 6c
>  0000020 23 6d 65 3e 20 3c 68 74 74 70 3a 2f 2f 78 6d 6c
>  0000030 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f
> 
> Or in ASCII:
> 
>  <http://example.org/bob/foaf.ttl#me> <http://xmlns.com/foaf/0.1/name> "Bob".
> 
> Once Alice has the byte stream she uses it to compute a hash
> 64487b3448548b7c8a5cfaeb0147bf54. She also creates a full signature
> using her private key. She then writes this all down in a new TriG
> document:
> 
>  @prefix foaf: <http://xmlns.com/foaf/0.1/> .
>  @prefix foo: <http://example.org/foo/>
> 
>  @base <http://example.org/alice> .
> 
>  { <#me> foo:endorces urn:md5:64487b3448548b7c8a5cfaeb0147bf54;
>       foo:signature "SomeSigningBytes";
>       .
>  }
> 
>  @base <http://example.org/bob/foaf.ttl> .
> 
>  urn:md5:64487b3448548b7c8a5cfaeb0147bf54 {
>   <#me> foaf:name "Bob" .
>  }
> 
> Alice then sends the document to Charlie. Charlie is able to take the
> triples in the graph statement labeled
> urn:md5:64487b3448548b7c8a5cfaeb0147bf54 produce the same byte stream
> and verify both the hash and Alice's signature.
> 
> ## Results
> 
> I am unaware of any use case around endorsement or authority that
> would not require some level of cryptographic signing. Once going down
> that road it's easy to use the byte stream required by ANY HMAC system
> to name the set of triples. This sort of use of IRIs containing hashes
> for identity of arbitrary data is already in wide use today.
> http://en.wikipedia.org/wiki/Magnet_URI_scheme#URN.2C_containing_hash_.28xt.29
> 
> --Gavin
> 
>

Received on Wednesday, 18 January 2012 15:36:44 UTC