- From: Dave Reynolds <der@hplb.hpl.hp.com>
- Date: Thu, 17 Oct 2002 10:31:28 +0100
- To: Graham Klyne <GK@NineByNine.org>
- CC: SWAD-E public discussion <public-esw@w3.org>
I've always felt that SPKI/SDSI [1] is a very interesting model of security
which fits rather nicely with the semantic web:
o Rights certificates are bound directly to keys ("principals") not to
identities. x.509 effectively maps rights to identities but SDSI separates
these. This leads to a decentralized design where everyone can be a sort of
certification authority, no need for a global hierarchy. This separation also
means you can have some level of privacy and yet still exercise certified
rights.
o The notion of local namespaces that map from "principals" (i.e. keys) to some
name or identity is very consistent with foaf. First you could use
foaf/vCard/person-ont to associate your own names and contact information for
principals that you know. This could be either informal or formally done by SDSI
identity certificates. Secondly the SDSI principle of addressing people via
chains of names in linked local namespaces would fit very nicely with using FOAF
"knows" links.
o The delegation certificate machinery is a good base for allowing
authoritative sources to delegate their authority. It could be an interesting
way of approaching the semantic web trust layer so that when a package of
assertions is signed it can signed on behalf of some delegation chain giving a
traceback mechanism.
Dave
[1] http://theory.lcs.mit.edu/~cis/sdsi.html
Graham Klyne wrote:
>
> Maybe this has already been considered ... it's obvious enough, but the
> thought has only just struck me.
>
> It occurs to me that the FOAF experiment of Dan Brickley and friends (and
> FOAFs) might have some relevance to some aspects of trust modelling. I'm
> scratching some words about public key certificates and CA chaining, and
> got to this point:
> [[
> <t>So X.509 employs the idea of certificate chains, where
> each CA's public key is itself signed by a "higher" CA,
> and so on until a trusted "root" CA is encountered.
> Thus, a chain of certificates can link the holder of
> some key and a user of the corresponding public key
> to a common point of trust. Set against this, the
> longer the certificate chain the more scope there is
> for compromise of any one of the CA signing keys, which
> would effectively nullify the basis for trust in the
> end user keys thus protected.</t>
> ]]
>
> This describes the X.509 hierarchical CA chaining model. PGP, on the other
> hand, employs a more grassroots based web of trust, in which any keyholder
> can express degrees of trust in another. In his book "Applied
> Crytography", Bruce Schneier puts it like this:
> [[
> There are no key certification authorities; PGP instead supports a "web
> of trust". Every user generates and distributes his own public key. Users
> sign each other's public keys, creating an interconnected community of PGP
> users.
> ]]
>
> All of which has strong resonances with FOAF. I'm thinking in particular that:
> (a) FOAF might be used to model PGP webs-of-trust.
> (b) FOAF might be able to supply additional information about
> relationships, which could be used to guide trust decisions in a PGP
> web-of-trust.
> (c) with a FOAF model and trust strategies modelled as rules on RDF data,
> some PGP trust decisions might be automated that otherwise are made manually.
>
> Hmmm... I must pay more attention to the next IETF key-signing party.
>
> #g
>
> -------------------
> Graham Klyne
> <GK@NineByNine.org>
Received on Thursday, 17 October 2002 05:34:30 UTC