W3C home > Mailing lists > Public > www-rdf-interest@w3.org > July 2003

RE: Do resources have representations?

From: Aredridel <aredridel@nbtsc.org>
Date: 28 Jul 2003 19:21:26 -0600
To: www-rdf-interest@w3.org
Message-Id: <1059441686.2332.17.camel@mizar>

> For security reasons software dealing with this stuff should generally
> assume that most people are malicious and the rest are idiots as far as
> possible. To accept the identification of uri1 and http://www.w3.org/ I'm
> going to want either to be told this by somebody I trust, or at the very
> least be told this by both uri1Owner and the W3C (I would take the W3Cs word
> for it that what I can retrieve from uri1 is a valid representation of
> http://www.w3.org/, but not the inverse). Even in this case I would retry
> the URI I was given after the information on the identification of the same
> resource by the two URIs became stale. Existing mechanisms should be enough
> to prevent a security issue.

Now, a potentially "real life" example:

http[s]://www.w3.org/ has metadata that states
https://www.w3.org/key is a signature key for "Authoritative"
information
http://www.example.org/~foo/bla is/has metadata that states that
http://www.w3.org/ and http://www.example.org/1234 are the same
resource, and equivalent representations, and the statement is signed
with the key https://www.w3.org/key, then your browser may have enough
information (assuming that https://www.w3.org had a valid and trustable
certificate) to direct (according to http://www.example.org/~foo/bla's
instructions, authorised by https://www.w3.org/key) your browser to
http://www.example.org/1234 should the situation merit (perhaps it is a
more local mirror).

For that to happen, RDF needs a schema for signatures of statements
(detached signatures as meta-statements, perhaps?), and a schema item
for equivalent representations of a resource -- owl:isSameIndividual or
whatnot, or perhaps a more specific, web-oriented namespace set -- a
hypothetical w3:isSameRepresentationAs, (perhaps also w3:isMirrorOf and
w3:ipTopologyLocation) or something equivalent.

Ari
Received on Tuesday, 29 July 2003 01:02:29 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:52:00 GMT