Thinking on Endorsement use case from Gavin Carothers on 2012-01-17 (public-rdf-wg@w3.org from January 2012)

From: Gavin Carothers <gavin@carothers.name>
Date: Tue, 17 Jan 2012 13:38:44 -0800
To: RDF-WG WG <public-rdf-wg@w3.org>
Message-ID: <CAPqY83yNK5prWH7Ma2zHd7PdD_reOEaKjmb7fwUvBKS8Ux9CXg@mail.gmail.com>

Also on Wiki at
http://www.w3.org/2011/rdf-wg/wiki/Example_of_Endorsement_Use_Case

## Endorsement (3rd Use Case from Sandro)

A system wants to convey to another system in RDF that some person
agrees with or disagrees with certain RDF triples.

## Concrete Example

Alice wants to say that she agrees that Bob is named Bob.

Bob has stated in a foaf record that he is named Bob. He did so in a
Turtle document he hosts on http://example.org/bob/foaf.ttl

 @prefix foaf: <http://xmlns.com/foaf/0.1/> .

 <#me> foaf:name "Bob",
     foaf:homepage <http://mytotallyfakesite.com> .

Alice Requests the Turtle document. After reading it she decides that
she wants to agree with Bob's name, but doesn't with to endorse the
totally fake site as Bob's homepage.

In order to use any sort of HMAC or other signing system Alice will
need to produce a byte stream for the message. An example byte stream:

 0000000 3c 68 74 74 70 3a 2f 2f 65 78 61 6d 70 6c 65 2e
 0000010 6f 72 67 2f 62 6f 62 2f 66 6f 61 66 2e 74 74 6c
 0000020 23 6d 65 3e 20 3c 68 74 74 70 3a 2f 2f 78 6d 6c
 0000030 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f

Or in ASCII:

 <http://example.org/bob/foaf.ttl#me> <http://xmlns.com/foaf/0.1/name> "Bob".

Once Alice has the byte stream she uses it to compute a hash
64487b3448548b7c8a5cfaeb0147bf54. She also creates a full signature
using her private key. She then writes this all down in a new TriG
document:

 @prefix foaf: <http://xmlns.com/foaf/0.1/> .
 @prefix foo: <http://example.org/foo/>

 @base <http://example.org/alice> .

 { <#me> foo:endorces urn:md5:64487b3448548b7c8a5cfaeb0147bf54;
      foo:signature "SomeSigningBytes";
      .
 }

 @base <http://example.org/bob/foaf.ttl> .

 urn:md5:64487b3448548b7c8a5cfaeb0147bf54 {
  <#me> foaf:name "Bob" .
 }

Alice then sends the document to Charlie. Charlie is able to take the
triples in the graph statement labeled
urn:md5:64487b3448548b7c8a5cfaeb0147bf54 produce the same byte stream
and verify both the hash and Alice's signature.

## Results

I am unaware of any use case around endorsement or authority that
would not require some level of cryptographic signing. Once going down
that road it's easy to use the byte stream required by ANY HMAC system
to name the set of triples. This sort of use of IRIs containing hashes
for identity of arbitrary data is already in wide use today.
http://en.wikipedia.org/wiki/Magnet_URI_scheme#URN.2C_containing_hash_.28xt.29

--Gavin

Received on Tuesday, 17 January 2012 21:39:22 UTC