W3C home > Mailing lists > Public > www-rdf-interest@w3.org > April 2002

Re: Think Piece: Key Free Trust in the Semantic Web

From: Dave Reynolds <der@hplb.hpl.hp.com>
Date: Thu, 04 Apr 2002 17:05:44 +0100
Message-ID: <3CAC79D8.379FA150@hplb.hpl.hp.com>
To: Jeremy Carroll <jjc@hplb.hpl.hp.com>
CC: reagle@w3.org, www-rdf-interest@w3.org
Jeremy Carroll wrote:
> Aren't you really talking about the absense of a Public Key
> Infrastructure ...

I agree, this is pki-free trust rather than key-free trust.

In principle you can apply the "trust through volume of circumstantial evidence"
principle to any statement that is made in enough places, and do without any
keys. If I were to find enough independently made assertions that "Joseph Reagle
stated on Tuesday that 'the semantic web will displace PKI'" then I might start
to believe these assertions even if none of them are signed. In practice it is
statements such as "Joseph Reagle's public key digest is 0xab213276" that you
are expecting to occur in enough places to be "trusted" for that reason. You
then extend this trust in the identity binding of the key to trust in individual
statements by signing them by the key.

Thus Joseph's hypothesis could be rephrased more like:
  "The pervasive publication of key digests will enable trust in identity
without the use of a Public Key Infrastructure, the use of these keys to sign
statement digests in the Semantic Web will provide for practical trust solutions
in the absence of a workable PKI."

This seems like a good and useful hypothesis - the problem with PKI is the "I"
bit not the "PK" bit!

One innocuous phrase in the above is "independently made". In the case of the
human web you trust a Kevin Bacon key digest that appears in lots of places
because different people have probably done work to put them there and maybe
have done some level of checking. In the case of the semantic web this might not
be true. I can imagine a lot of knowledge sources in the semantic web will be
populated by ingesting data from other sources. It is entirely possible for one
(malicious or otherwise) assertion about a public key to be copied many times
over entirely automatically - sheer number of hits in the SW-google doesn't tell
you enough about the independence of the sources to lead to trust. A really
robust revocation will be needed. Revocation is harder, not easier, in such a
decentralized trust world.

> You talk about digesting RDF statements, but really we are interested in
> digesting sets of RDF statements, i.e. graphs. If these graphs have blank
> (anonymous) nodes then we have difficulties.

First, I tend to agree with Graham that signing the manifestation (i.e. and XML
serialization) is enough and is analogous to real world signing.

Second, a signing solution for the subset of RDF just involving trees, not
graphs, of anonymous nodes is considerably easier and IMHO would hit the
majority of the practical needs. The common use of anonymous nodes in actual
data (as opposed to queries or reification) is arguably to represent structured
values which are typically tree-like. Currently, in the absence of reification,
the XML syntax can only express tree shaped bNode structures so only being able
to digest and sign such structures doesn't seem like a severe practical
restriction.

Dave
Received on Thursday, 4 April 2002 11:08:09 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:51:53 GMT