- From: Tim Boland <frederick.boland@nist.gov>
- Date: Wed, 07 May 2008 11:06:03 -0400
- To: public-powderwg@w3.org
Would the text proposed contain any normative requirements which would then need to (hopefully) be objectively tested? How would this trust be managed/tested (will we be testing any requirements related to trust management for POWDER)? Thanks and best wishes Tim Boland NIST At 03:53 PM 5/7/2008 +0100, you wrote: >Thanks Kai, it'll be in the next version of the doc posted to the group - >which I hope to do tomorrow morning. > >Phil. > >Scheppe, Kai-Dietrich wrote: >>Hi Phil, >>That is pretty good, but I think something else needs to be said as >>well. >>There is the fickle nature of trust with regard to the circumstances. >>You may trust one person to give you information on cooking, but would >>extend trust to another person about how to fix your broken GRDDL >>transform. >>As such how about this: >>Trust is a central theme of POWDER, however, we do not prescribe a >>single method through which trust must be conferred on Description >>Resources. By its very nature, trust is a human judgement that can only >>be made by weighing the likelihood that the data is true against the >>effect of it being false. >>This judgement is highly dependant on the circumstances under which the >>need to extend trust arises. >>POWDER does, therefore, provide support for, and is amenable to, a >>variety of methods through which users and user agents can establish >>trust to suit their particular situation. >> >>...as a thought. >>Kai >> >>>-----Original Message----- >>>From: public-powderwg-request@w3.org >>>[mailto:public-powderwg-request@w3.org] On Behalf Of Phil Archer >>>Sent: Wednesday, May 07, 2008 1:04 PM >>>To: Public POWDER >>>Subject: Re: Report on Beijing >>> >>> >>>Just to follow up on this, I am working on the DR doc just now and would >>>like to propose the following additional text be included in the >>>introduction: >>> >>>Trust is a central theme of POWDER, however, we do not prescribe a >>>single method through which trust must be conferred on Description >>>Resources. By its very nature, trust is a human judgement that can only >>>be made by weighing the likelihood that the data is true against the >>>effect of it being false. POWDER does, however, provide support for, >>>and is amenable to, a variety of methods through which users and user >>>agents can establish trust. >>> >>>Does that answer the question do you think? >>> >>>Phil. >>> >>>Phil Archer wrote: >>>>Thanks Kai, and thanks for flying the POWDER flag in Beijing. >>>> >>>>I get asked the same question and my answer is usually a version of: >>>> >>>>There are several methods of adding security - XML Sig, SSL >>>etc. And >>>>it depends on the application which is the most >>>appropriate. The claim >>>>that a Web site offers good ideas for children's parties needs a >>>>different level of security than the claim that the advice >>>on the Web >>>>site is useful for defusing a nuclear warhead. /Therefore/ we don't >>>>prescribe a single method. >>>> >>>>But... as you say, the question does keep coming up. >>>Section 4 of the >>>>DR doc [1] attempts to answer it and highlights several methods: >>>> >>>>1. wdr:authenticate - which links a FOAF file to a description of a >>>>service - any service - through which one can authenticate an DR >>>>created by that author. >>>> >>>>2. Certification using a DR - in which a hash of the (single) thing >>>>described is part of the description. >>>> >>>>3. supportedBy - a pointer from a DR to some other source of >>>>information that will offer a similar description. >>>> >>>>4. The source of the DR - if you get your DR directly from >>>>technosite.es, notwithstanding a man in the middle attack, >>>you can be >>>>pretty sure that Technosite was the publisher of the DR. >>>> >>>>5. Machine Learning - Since DRs make it easy to use controlled >>>>vocabularies, and controlled vocabularies make it easy to train contnet >>>>analysers. >>>> >>>>Those who know the WG members will be able to discern where these >>>>approaches all come from. In addition, Andrea has suggested we make use >>>>of Dan Brickley's 'other vocabulary', the Web of trust >>>>http://xmlns.com/wot/0.1/ and, yes, XML Sig. I'd be very >>>happy to see >>>>these in the doc! >>>> >>>>Phill >>>> >>>> >>>>[1] http://www.w3.org/TR/2008/WD-powder-dr-20080317/#trust >>>> >>>>Scheppe, Kai-Dietrich wrote: >>>>>Phil had asked about China and the WWW2008 conference. >>>>> >>>>>Yes, there is something to report. >>>>>I gave a short presentation on POWDER. It went fine, >>>people seemed >>>>>interested, there were few questions. >>>>> >>>>>However, one point came up in several conversations with several people >>>>>- that of security. >>>>> >>>>>Basically I was asked: How do you ensure that the DR which has >>>>>been written does in fact come from that person or entity? >>>>> >>>>>I believe we had, a long time ago, discussed digital >>>signatures, but >>>>>wasn't sure what had come of all that. >>>>> >>>>> >>>>>Question to the group: Will we deal with that? And if yes, how? >>>>> >>>>>The easy way out would be to say no, trust is up to the >>>user and we >>>>>won't bother, but I was struck by how this point came up several times >>>>>independently, thus I think it is not something to >>>be brushed aside. >>>>>-- Kai > >
Received on Wednesday, 7 May 2008 15:06:48 UTC