W3C home > Mailing lists > Public > semantic-web@w3.org > February 2010

Re: password datatype in RDF

From: James Leigh <james-nospam@leighnet.ca>
Date: Wed, 03 Feb 2010 21:32:43 -0500
To: Jeremy Carroll <jeremy@topquadrant.com>
Cc: Semantic Web <semantic-web@w3.org>
Message-ID: <1265250763.2154.18.camel@isaac>
On Wed, 2010-02-03 at 15:26 -0800, Jeremy Carroll wrote:
> We have an RDF based form, where some of the details of the presentation 
> are decided late, based on the data and its schema.
> For our application, we need to enter various SMTP setup information in 
> this form, including a username and password.
> Right now, the password appears in clear-text ... :(
> A colleague suggested that we invent a new datatype:
> tq:password rdfs:subClassOf xsd:string .
> and then upgrade our form presentation software to treat this datatype 
> with the conventional ****s
> That seems like a reasonable approach, has it been done before? Is there 
> a datatype to reuse, or some other method?
> thanks
> Jeremy

Hi Jeremy,

There is no reason to store a password in a literal label, regardless of
the datatype. I would suggest using a resource node to represent a
password with properties that can be used for authentication or what
have you. In AliBaba, the following syntax is used for digest

</realm> a http:DigestRealm;
        http:realmAuth "testrealm@host.com";
        http:origin </>;
        http:credential [a http:Credential;
                http:name "Mufasa";
                http:encoded "939e7578ed9e3c518a452acee763bce9"^^xsd:hexBinary;
                http:algorithm "MD5"].

The above technique is not (usually) easily reversed. If you require the
password to be reversible you should use encryption and store the
private key elsewhere.

Received on Thursday, 4 February 2010 02:33:15 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:49:54 UTC