RE: Report on Beijing from Scheppe, Kai-Dietrich on 2008-05-07 (public-powderwg@w3.org from May 2008)

From: Scheppe, Kai-Dietrich <k.scheppe@telekom.de>
Date: Wed, 7 May 2008 16:24:09 +0200
To: "Phil Archer" <parcher@icra.org>, "Public POWDER" <public-powderwg@w3.org>
Message-ID: <398533C370C23441981074C456AA3BDD031DB411@QEO00226.de.t-online.corp>
Hi Phil,

That is pretty good, but I think something else needs to be said as
well.

There is the fickle nature of trust with regard to the circumstances.
You may trust one person to give you information on cooking, but would
extend trust to another person about how to fix your broken GRDDL
transform.

As such how about this:

Trust is a central theme of POWDER, however, we do not prescribe a
single method through which trust must be conferred on Description
Resources. By its very nature, trust is a human judgement that can only
be made by weighing the likelihood that the data is true against the
effect of it being false.  
This judgement is highly dependant on the circumstances under which the
need to extend trust arises.
POWDER does, therefore, provide support for, and is amenable to, a
variety of methods through which users and user agents can establish
trust to suit their particular situation.


...as a thought.

Kai


> -----Original Message-----
> From: public-powderwg-request@w3.org 
> [mailto:public-powderwg-request@w3.org] On Behalf Of Phil Archer
> Sent: Wednesday, May 07, 2008 1:04 PM
> To: Public POWDER
> Subject: Re: Report on Beijing
> 
> 
> Just to follow up on this, I am working on the DR doc just 
> now and would like to propose the following additional text 
> be included in the
> introduction:
> 
> Trust is a central theme of POWDER, however, we do not 
> prescribe a single method through which trust must be 
> conferred on Description Resources. By its very nature, trust 
> is a human judgement that can only be made by weighing the 
> likelihood that the data is true against the effect of it 
> being false.  POWDER does, however, provide support for, and 
> is amenable to, a variety of methods through which users and 
> user agents can establish trust.
> 
> Does that answer the question do you think?
> 
> Phil.
> 
> Phil Archer wrote:
> > 
> > Thanks Kai, and thanks for flying the POWDER flag in Beijing.
> > 
> > I get asked the same question and my answer is usually a version of:
> > 
> > There are several methods of adding security - XML Sig, SSL 
> etc. And 
> > it depends on the application which is the most 
> appropriate. The claim 
> > that a Web site offers good ideas for children's parties needs a 
> > different level of security than the claim that the advice 
> on the Web 
> > site is useful for defusing a nuclear warhead. /Therefore/ we don't 
> > prescribe a single method.
> > 
> > But... as you say, the question does keep coming up. 
> Section 4 of the 
> > DR doc [1] attempts to answer it and highlights several methods:
> > 
> > 1. wdr:authenticate - which links a FOAF file to a description of a 
> > service - any service - through which one can authenticate an DR 
> > created by that author.
> > 
> > 2. Certification using a DR - in which a hash of the (single) thing 
> > described is part of the description.
> > 
> > 3. supportedBy - a pointer from a DR to some other source of 
> > information that will offer a similar description.
> > 
> > 4. The source of the DR - if you get your DR directly from 
> > technosite.es, notwithstanding a man in the middle attack, 
> you can be 
> > pretty sure that Technosite was the publisher of the DR.
> > 
> > 5. Machine Learning - Since DRs make it easy to use controlled 
> > vocabularies, and controlled vocabularies make it easy to train 
> > contnet analysers.
> > 
> > Those who know the WG members will be able to discern where these 
> > approaches all come from. In addition, Andrea has suggested we make 
> > use of Dan Brickley's 'other vocabulary', the Web of trust 
> > http://xmlns.com/wot/0.1/ and, yes, XML Sig. I'd be very 
> happy to see 
> > these in the doc!
> > 
> > Phill
> > 
> > 
> > [1] http://www.w3.org/TR/2008/WD-powder-dr-20080317/#trust
> > 
> > Scheppe, Kai-Dietrich wrote:
> >> Phil had asked about China and the WWW2008 conference.
> >>
> >> Yes, there is something to report.
> >> I gave a short presentation on POWDER.  It went fine, 
> people seemed 
> >> interested, there were few questions.
> >>
> >> However, one point came up in several conversations with several 
> >> people
> >> - that of security.
> >>
> >> Basically I was asked: 
> >>       How do you ensure that the DR which has been written does in 
> >> fact come from that person or entity?
> >>
> >> I believe we had, a long time ago, discussed digital 
> signatures, but 
> >> wasn't sure what had come of all that.
> >>
> >>
> >> Question to the group:  Will we deal with that? And if yes, how?
> >>
> >> The easy way out would be to say no, trust is up to the 
> user and we 
> >> won't bother, but I was struck by how this point came up several 
> >> times independently, thus I think it is not something to 
> be brushed aside.
> >>
> >> -- Kai
> >>
> 
> 
>
Received on Wednesday, 7 May 2008 14:25:06 UTC