- From: Phil Tetlow <philip.tetlow@uk.ibm.com>
- Date: Fri, 19 Nov 2004 08:08:53 -0500
- To: "'public-swbp-wg@w3.org'" <public-swbp-wg@w3.org>
Given that XHTML 2.0 is about to go to final call and that it appears that the XHTML Working Group are unlikely to have trawled our mailing list recently, I think that we should be somewhat morally obliged to communicate a set of potential warnings along with our blessing to include any variant of RDF directly onto the ’clickable’ web. Hence, rather reluctantly, I feel that I must climb back onto my soapbox, and apologise for my ramblings up front… I’m would never pretend that content of this mail is even partially correct, or that others do not fully understand the potential misuse of RDF/A already, but I think that it is important that we at least:- - Debate the potential for the misuse/abuse of Semantic Web technologies when unleashed directly onto the ‘clickable’ Web. Hence I would like to formally request ‘RDF/A Use Cases’ as an agenda item on our next telecom on 2nd December. - Forward the findings of that debate, or a sanitised version of this document, directly to the XHTML Working Group. Before I go any further I must reiterate that I am strongly in favour of the inclusion of RDF/A in any XHTML standard and merely consider that playing the Devil’s advocate is always a strong tool to drive out counter argument, no matter how weak. For many years I have relied heavily on a simple equation in my work as a Technical Architect: INFORMATION (often a priceless resource) = DATA + STRUCTURE + CONTEXT Every time I start to architect a technical solution with a new group of people, I am constantly amazed by the fact that we, as a profession, are unbelievably poor at remembering the importance of the last element in this equation. Nearly everyone I encounter in my professional life can grasp some understanding of ‘pure’ data, and a substantial number make a very comfortable living – thank you very much - from chanting nothing but the ‘Structure’ mantra, yet very few understand the real importance of ‘Context’ in Systems Engineering. This, I have come to believe, is because most solutions are built to function within either closed problem spaces or restricted communities. In such circumstances those building the systems often come from within and carry with them implicit knowledge and experience of the context in which their solutions will be used. But the wider Web is not like. It is a vast and open problem space by definition and is open to multiple uses and interpretations from numerous communities with radically different profiles, needs and expectations. Recent discussions on our mailing list, concerning self-organisation and the Semantic Web (i.e. Sony’s recently patented technologies), have also reminded me that the W3C’s endeavours to establish a rich semantic framework for the Web have specifically centred on descriptive approaches. As such, for descriptive frameworks, if all the elements in the above equation are not present with sufficient strength, it quickly breaks down and is overpowered by self-interpreted, prescriptive approaches, typically boiling down to nothing more than human intelligence, intuition and instinct: obviously the antithesis of the original machine-understandable aspiration for the Semantic Web. For these reasons I believe that if constructs are not included to explicitly specify context, when substantial semantic metadata technologies, like RDF/A, move down onto the ‘clickable’ Web they will be prone to misuse through: - o Misunderstanding by genuine inexperienced enthusiasts. It is easy to say, but ‘a little knowledge is a dangerous thing’ and the cumulative effect of large amounts of inaccurate and incomplete metadata on the Web may well have significant and unexpected repercussions o Deliberate misuse by experts with malicious and/or unlawful intentions. Hence I have included the following use cases to illustrate potential misuses of RDF/A:- 1. To Establish False Trust and Authority – Given that XHTML fragments can be used as RDF/A objects, they could be seen to include the potential dangerous elements, like a Java applets, scripts etc, aimed at deliberately distributing malicious code in the form of viruses, spammers, spyware etc. Given that associated RDF/A could be used to deliberately disseminate false information about such objects and their associated payloads, there are obvious issues around both establishing trust in and the authority behind metadata in open problems spaces such as the ‘clickable Web’. 2. To Encourage Misdirection and Distraction – One obvious use of RDF/A is to augment hyperlinks and act as a form of formal signposting mechanism. Again, if false information is provided that cannot be trusted, this could be used to misdirect users to unwanted and potentially dangerous URL’s. Furthermore, in the case of automated agents, I see a potential here to distract attention while sniffer routines probe for potential security weaknesses. 3. The Concealment of Hidden Codes, Messages and Cyphers - I appreciate that there are already a number of mechanisms available to hide information on the Web, but RDF/A surely offers a fresh opportunity. Given the current climate of global terrorism, I think it would be unwise not to highlight this fact from a Best Practices standpoint. 4. Chaotic Meta-behaviour – It is highly likely that the Semantic Web will play a significant part in the establishment of dynamic self-organising ‘meta-systems’ in the future, with disparate ontologies being joined by higher levels of abstracted technology. Without proper controls in place to dictate appropriate context there is obvious risk involved. Your comments would be greatly valued. Kind regards Phil Tetlow Senior Consultant IBM Business Consulting Services Mobile. (+44) 7740 923328
Received on Friday, 19 November 2004 13:05:52 UTC