W3C home > Mailing lists > Public > www-archive@w3.org > July 2010

Re: [foaf-protocols] Standardising the foaf+ssl protocol to launch the Social Web

From: Reto Bachmann-Gmür <reto@gmuer.ch>
Date: Tue, 6 Jul 2010 21:33:27 +0200
Message-ID: <AANLkTinNwY_qrwVU350ekUpK4G833OwijUaOPyToABU6@mail.gmail.com>
To: Bruno Harbulot <Bruno.Harbulot@manchester.ac.uk>
Cc: Thomas Roessler <tlr@w3.org>, Tim Berners-Lee <timbl@w3.org>, Harry Halpin <hhalpin@w3.org>, foaf-protocols@lists.foaf-project.org, Ivan Herman <ivan@w3.org>, Ian Jacobs <ij@w3.org>, Jeffrey Jaff <jeff@w3.org>, www-archive <www-archive@w3.org>, Henry Story <henry.story@gmail.com>
On Tue, Jul 6, 2010 at 5:17 PM, Bruno Harbulot
<Bruno.Harbulot@manchester.ac.uk> wrote:
> 5. Addressing the issue of signed RDF assertions or comparison with
> other repositories of keys.
>   So far, we've been using a simple dereferencing of the WebID to do the
> verification. It's OK, but it doesn't really improve the security
> compared to OpenID. There is potential to improve the security by using
> the keys of course. How far do we want to go there?

"Addressing the issue of signed RDF assertions" -> In such generic
terms I think it's by far out of scope for foaf+ssl (for a paper on
the subject see Jeremy Carroll paper on signing rdf graphs [1]).
However I think I very much agree with your intention and I think that
from the beginning we should have a way for transitive trust chains.
But instead of signing complete graphs or arbitrary extensions we
should have a way to say and sign something like "At time X i
assume|believe|stronger that Y is the public key of P, see Z for
possible updates on this believe", I think this signing should be done
largely automatically and even if on a low trust level of "assume" can
have great benefits. For example a friend request should be
accompanied by such a statement (as in fact this only says that we
think we're sending the request to the right person, a single one of
these is of little use but many such statements can build a sound
foundation for some trust).


1. http://citeseerx.ist.psu.edu/viewdoc/download?doi=
Received on Tuesday, 6 July 2010 19:33:56 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 14:43:41 UTC