- From: Gavin Carothers <gavin@carothers.name>
- Date: Tue, 17 Jan 2012 13:38:44 -0800
- To: RDF-WG WG <public-rdf-wg@w3.org>
Also on Wiki at http://www.w3.org/2011/rdf-wg/wiki/Example_of_Endorsement_Use_Case ## Endorsement (3rd Use Case from Sandro) A system wants to convey to another system in RDF that some person agrees with or disagrees with certain RDF triples. ## Concrete Example Alice wants to say that she agrees that Bob is named Bob. Bob has stated in a foaf record that he is named Bob. He did so in a Turtle document he hosts on http://example.org/bob/foaf.ttl @prefix foaf: <http://xmlns.com/foaf/0.1/> . <#me> foaf:name "Bob", foaf:homepage <http://mytotallyfakesite.com> . Alice Requests the Turtle document. After reading it she decides that she wants to agree with Bob's name, but doesn't with to endorse the totally fake site as Bob's homepage. In order to use any sort of HMAC or other signing system Alice will need to produce a byte stream for the message. An example byte stream: 0000000 3c 68 74 74 70 3a 2f 2f 65 78 61 6d 70 6c 65 2e 0000010 6f 72 67 2f 62 6f 62 2f 66 6f 61 66 2e 74 74 6c 0000020 23 6d 65 3e 20 3c 68 74 74 70 3a 2f 2f 78 6d 6c 0000030 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f Or in ASCII: <http://example.org/bob/foaf.ttl#me> <http://xmlns.com/foaf/0.1/name> "Bob". Once Alice has the byte stream she uses it to compute a hash 64487b3448548b7c8a5cfaeb0147bf54. She also creates a full signature using her private key. She then writes this all down in a new TriG document: @prefix foaf: <http://xmlns.com/foaf/0.1/> . @prefix foo: <http://example.org/foo/> @base <http://example.org/alice> . { <#me> foo:endorces urn:md5:64487b3448548b7c8a5cfaeb0147bf54; foo:signature "SomeSigningBytes"; . } @base <http://example.org/bob/foaf.ttl> . urn:md5:64487b3448548b7c8a5cfaeb0147bf54 { <#me> foaf:name "Bob" . } Alice then sends the document to Charlie. Charlie is able to take the triples in the graph statement labeled urn:md5:64487b3448548b7c8a5cfaeb0147bf54 produce the same byte stream and verify both the hash and Alice's signature. ## Results I am unaware of any use case around endorsement or authority that would not require some level of cryptographic signing. Once going down that road it's easy to use the byte stream required by ANY HMAC system to name the set of triples. This sort of use of IRIs containing hashes for identity of arbitrary data is already in wide use today. http://en.wikipedia.org/wiki/Magnet_URI_scheme#URN.2C_containing_hash_.28xt.29 --Gavin
Received on Tuesday, 17 January 2012 21:39:22 UTC