Re: Report on Beijing from Phil Archer on 2008-05-07 (public-powderwg@w3.org from May 2008)

From: Phil Archer <parcher@icra.org>
Date: Wed, 07 May 2008 15:53:18 +0100
To: Public POWDER <public-powderwg@w3.org>
Message-ID: <4821C25E.6060004@icra.org>
Thanks Kai, it'll be in the next version of the doc posted to the group 
- which I hope to do tomorrow morning.

Phil.

Scheppe, Kai-Dietrich wrote:
> Hi Phil,
> 
> That is pretty good, but I think something else needs to be said as
> well.
> 
> There is the fickle nature of trust with regard to the circumstances.
> You may trust one person to give you information on cooking, but would
> extend trust to another person about how to fix your broken GRDDL
> transform.
> 
> As such how about this:
> 
> Trust is a central theme of POWDER, however, we do not prescribe a
> single method through which trust must be conferred on Description
> Resources. By its very nature, trust is a human judgement that can only
> be made by weighing the likelihood that the data is true against the
> effect of it being false.  
> This judgement is highly dependant on the circumstances under which the
> need to extend trust arises.
> POWDER does, therefore, provide support for, and is amenable to, a
> variety of methods through which users and user agents can establish
> trust to suit their particular situation.
> 
> 
> ...as a thought.
> 
> Kai
> 
> 
>> -----Original Message-----
>> From: public-powderwg-request@w3.org 
>> [mailto:public-powderwg-request@w3.org] On Behalf Of Phil Archer
>> Sent: Wednesday, May 07, 2008 1:04 PM
>> To: Public POWDER
>> Subject: Re: Report on Beijing
>>
>>
>> Just to follow up on this, I am working on the DR doc just 
>> now and would like to propose the following additional text 
>> be included in the
>> introduction:
>>
>> Trust is a central theme of POWDER, however, we do not 
>> prescribe a single method through which trust must be 
>> conferred on Description Resources. By its very nature, trust 
>> is a human judgement that can only be made by weighing the 
>> likelihood that the data is true against the effect of it 
>> being false.  POWDER does, however, provide support for, and 
>> is amenable to, a variety of methods through which users and 
>> user agents can establish trust.
>>
>> Does that answer the question do you think?
>>
>> Phil.
>>
>> Phil Archer wrote:
>>> Thanks Kai, and thanks for flying the POWDER flag in Beijing.
>>>
>>> I get asked the same question and my answer is usually a version of:
>>>
>>> There are several methods of adding security - XML Sig, SSL 
>> etc. And 
>>> it depends on the application which is the most 
>> appropriate. The claim 
>>> that a Web site offers good ideas for children's parties needs a 
>>> different level of security than the claim that the advice 
>> on the Web 
>>> site is useful for defusing a nuclear warhead. /Therefore/ we don't 
>>> prescribe a single method.
>>>
>>> But... as you say, the question does keep coming up. 
>> Section 4 of the 
>>> DR doc [1] attempts to answer it and highlights several methods:
>>>
>>> 1. wdr:authenticate - which links a FOAF file to a description of a 
>>> service - any service - through which one can authenticate an DR 
>>> created by that author.
>>>
>>> 2. Certification using a DR - in which a hash of the (single) thing 
>>> described is part of the description.
>>>
>>> 3. supportedBy - a pointer from a DR to some other source of 
>>> information that will offer a similar description.
>>>
>>> 4. The source of the DR - if you get your DR directly from 
>>> technosite.es, notwithstanding a man in the middle attack, 
>> you can be 
>>> pretty sure that Technosite was the publisher of the DR.
>>>
>>> 5. Machine Learning - Since DRs make it easy to use controlled 
>>> vocabularies, and controlled vocabularies make it easy to train 
>>> contnet analysers.
>>>
>>> Those who know the WG members will be able to discern where these 
>>> approaches all come from. In addition, Andrea has suggested we make 
>>> use of Dan Brickley's 'other vocabulary', the Web of trust 
>>> http://xmlns.com/wot/0.1/ and, yes, XML Sig. I'd be very 
>> happy to see 
>>> these in the doc!
>>>
>>> Phill
>>>
>>>
>>> [1] http://www.w3.org/TR/2008/WD-powder-dr-20080317/#trust
>>>
>>> Scheppe, Kai-Dietrich wrote:
>>>> Phil had asked about China and the WWW2008 conference.
>>>>
>>>> Yes, there is something to report.
>>>> I gave a short presentation on POWDER.  It went fine, 
>> people seemed 
>>>> interested, there were few questions.
>>>>
>>>> However, one point came up in several conversations with several 
>>>> people
>>>> - that of security.
>>>>
>>>> Basically I was asked: 
>>>>       How do you ensure that the DR which has been written does in 
>>>> fact come from that person or entity?
>>>>
>>>> I believe we had, a long time ago, discussed digital 
>> signatures, but 
>>>> wasn't sure what had come of all that.
>>>>
>>>>
>>>> Question to the group:  Will we deal with that? And if yes, how?
>>>>
>>>> The easy way out would be to say no, trust is up to the 
>> user and we 
>>>> won't bother, but I was struck by how this point came up several 
>>>> times independently, thus I think it is not something to 
>> be brushed aside.
>>>> -- Kai
>>>>
Received on Wednesday, 7 May 2008 14:53:56 UTC