W3C home > Mailing lists > Public > semantic-web@w3.org > February 2010

Re: password datatype in RDF

From: James Leigh <james-nospam@leighnet.ca>
Date: Wed, 03 Feb 2010 21:32:43 -0500
To: Jeremy Carroll <jeremy@topquadrant.com>
Cc: Semantic Web <semantic-web@w3.org>
Message-ID: <1265250763.2154.18.camel@isaac>
On Wed, 2010-02-03 at 15:26 -0800, Jeremy Carroll wrote:
> We have an RDF based form, where some of the details of the presentation 
> are decided late, based on the data and its schema.
> 
> For our application, we need to enter various SMTP setup information in 
> this form, including a username and password.
> Right now, the password appears in clear-text ... :(
> 
> A colleague suggested that we invent a new datatype:
> 
> tq:password rdfs:subClassOf xsd:string .
> 
> and then upgrade our form presentation software to treat this datatype 
> with the conventional ****s
> 
> That seems like a reasonable approach, has it been done before? Is there 
> a datatype to reuse, or some other method?
> 
> thanks
> 
> Jeremy
> 
> 
> 

Hi Jeremy,

There is no reason to store a password in a literal label, regardless of
the datatype. I would suggest using a resource node to represent a
password with properties that can be used for authentication or what
have you. In AliBaba, the following syntax is used for digest
authentication:

</realm> a http:DigestRealm;
        http:realmAuth "testrealm@host.com";
        http:origin </>;
        http:credential [a http:Credential;
                http:name "Mufasa";
                http:encoded "939e7578ed9e3c518a452acee763bce9"^^xsd:hexBinary;
                http:algorithm "MD5"].

The above technique is not (usually) easily reversed. If you require the
password to be reversible you should use encryption and store the
private key elsewhere.

Cheers,
James
Received on Thursday, 4 February 2010 02:33:15 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 21:45:34 GMT