- From: Jeremy Carroll <jeremy@topquadrant.com>
- Date: Tue, 28 Jun 2011 18:04:18 -0700
- To: Steve Harris <steve.harris@garlik.com>
- CC: public-rdf-wg@w3.org
On 6/28/2011 3:45 AM, Steve Harris wrote: > > That's what I meant about only being able to do the verification at retrieval time. > > The process we followed was: (from memory) > > 1) fetch document from URL > 2) check for WoT data > 3) fetch WoT data [if present] > 4) verify fetched document against WoT data [if present] > 5) assert 1 into triplestore [if 4 passed] > Yes this is a good process but has little to do with RDF since it is just about verifying the signatures on the source documents. If this process suffices for the use case it is clearly better to use this. Jeremy > At that point, we know that as long as the graph that the data was asserted into isn't disturbed (enforced in the application layer in our case), that the document in 1 has been signed as per 2. > > That's probably not sufficient for all usecases, but it suited ours fine, and it doesn't have complexity issues. > > For OAuth and HTTPS steps 1-4 are done as part of the implementation of the standard, but for WoT we did them manually. > > There's also WebID which maybe fits in there somewhere, as it uses x509 certificates, but I'm not au fait with it. > > - Steve >
Received on Wednesday, 29 June 2011 01:04:50 UTC