W3C home > Mailing lists > Public > semantic-web@w3.org > February 2010

Re: password datatype in RDF

From: James Leigh <james-nospam@leighnet.ca>
Date: Thu, 04 Feb 2010 17:31:01 -0500
To: Jeremy Carroll <jeremy@topquadrant.com>
Cc: Steve Harris <steve.harris@garlik.com>, Semantic Web <semantic-web@w3.org>
Message-ID: <1265322661.3373.51.camel@isaac>
On Thu, 2010-02-04 at 09:34 -0800, Jeremy Carroll wrote:
> I seem to have received advise about how to store passwords, but 
> actually my question was about how to represent passwords in RDF.
> 
> In my use case the password is typed in by a user, and later (perhaps 
> week's later) presented by the system to another application.
> 

You should try and encoded the password as soon as possible. In the case
of a web application, using JavaScript to encode it. I don't see a any
difference between the need to encoded stored passwords and the need to
encoded transmitted passwords.

> This means that my system needs to be able to access the text (not just 
> the encrypted text) that the user typed in.
> 
> I see this as essentially one triple:
> 
> eg:account eg:password "secret text that needs to be protected when 
> stored or on the wire or in a display" .
> 

I think a blank node resource is more appropriate option here. Consider:
eg:account eg:password [a eg:Secret;
	eg:encoded "939e7578ed9e3c518a452acee763bce9"^^xsd:hexBinary;
	eg:algorithm "MD5"].

RSA could also be used for the algorithm with another property for the
key used. You can then have your UI display resources of type eg:Secret
as ***s and (if needed) make it easy for the user to decrypt the secret
text.

James
Received on Thursday, 4 February 2010 22:31:36 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 21:45:34 GMT