Re: what is on Trust and Proof levels? from Nathan on 2010-11-01 (semantic-web@w3.org from November 2010)

From: Nathan <nathan@webr3.org>
Date: Mon, 01 Nov 2010 14:08:02 +0000
To: Henry Story <henry.story@bblfish.net>
CC: Ivan Herman <ivan@w3.org>, Juriy Katkov <katkov.juriy@gmail.com>, Semantic Web <semantic-web@w3.org>
Message-ID: <4CCEC9C2.3090407@webr3.org>

Henry Story wrote:
> On 1 Nov 2010, at 14:25, Nathan wrote:
> 
>> Henry Story wrote:
>>> On 31 Oct 2010, at 09:23, Ivan Herman wrote:
>>>> On Oct 29, 2010, at 01:58 , Juriy Katkov wrote:
>>>>
>>>>> Hello everyone! I've studied semantic web standard and technologies for some time but still don't understand: what kind of tecnologies are on Proof and Trust levels of the Semantic Web layer cake? Have these standards already built or not?
>>>>>
>>>> The short answer is: no.
>>>>
>>>> There is R&D on trust, security issues, signatures, etc, but none that I know of are of a maturity level to be defined as a standard. (Yet?)
>>> Well I think WebID is really past that stage now. It's been tested on more platforms that one
>>> can think of and list, people have written thesis on it, implementations have been made, ...
>>>   http://esw.w3.org/Foaf%2Bssl
>>> It's mature, and ready to be cooked by a willing standards organisation. If you want to support it and are member of the W3C please add your name to the wiki here: http://esw.w3.org/Foaf%2Bssl/WebIdWorkingGroup
>>> That provides a foundation stone for the rest. The rest is still a lot of work.
>> There's still a critical link missing, there's no way of proving in RDF
> 
> You cannot make proofs in RDF. You make statements.
> 
>> that a person really holds the private key for which which they say they hold the public key.
> 
> I am surprised that you still have this issue. It sounds like you still have not understood foaf+ssl
> to me. Are you saying that all our deployments are broken at present? Or is there something I am missing?

It's not an issue with FOAF+SSL, WebID protocol or other, quite sure we 
both fully understand that.

What I'm saying is, if you dereference my webid you will find a 
statement like this:

  [ a rsa:RSAPublicKey;
    cert:identity :me;
    rsa:modulus  [ cert:hex "FDB6FB1159710EAEEC69B.." ];
    rsa:public_exponent  [ cert:decimal "65537" ] ] .

But you do not know if :me holds (or ever held) the private key 
corresponding to that public key.

Remember the elements we're considering here, this is completely 
orthogonal to FOAF+SSL, this is simply you considering the RDF graph 
received upon dereferencing my webid.

If however we were to augment the graph with another statement which 
included a some data which was signed by the private key, then you have 
an extra statement, something you can use as part of trust metrics. A 
signature you can verify with the public key, and you can take that 
additional knowledge and use it for whatever you want, as some form of 
trust metric or to contribute to some belief state you currently hold.

Follow?

Best,

Nathan

Received on Monday, 1 November 2010 14:08:49 UTC