W3C home > Mailing lists > Public > semantic-web@w3.org > March 2008

Re: RDFAuth: an initial sketch

From: Renato golin <renato@ebi.ac.uk>
Date: Fri, 28 Mar 2008 15:27:03 +0000
Message-ID: <47ED0E47.90308@ebi.ac.uk>
To: bnowack@semsol.com
CC: Story Henry <henry.story@bblfish.net>, foaf-dev of a Friend <foaf-dev@lists.foaf-project.org>, Semantic Web <semantic-web@w3.org>

Benjamin Nowack wrote:
> A [resource server] could of course always reject non-PGP-encrypted 
> tokens, or PGP-encrypted tokens. After all, it's the [resource server]'s 
> decision what to accept. RDFAuth-wise, we just have to make sure that
> both methods can be implemented easily.

As it happens today with SMTP/IMAP/POP you can authenticate or not 
through several different schemes without loosing functionality. It's up 
to the server to define what's acceptable and what's not.

Google's IMAP is authenticated and work through SSL and I didn't loose a 
single feature I wanted, so I guess we can always define several layers 
of security which can be implemented but limit this number to a minimum 
(none, minimal and secure) to avoid creating too many standards.

Again, PGP is not unique, fail-proof nor fool-proof as we well know, but 
it's one of the standards... If we are to create a new standard for 
sharing keys we must have a hell of an excuse to do so and even then I 
would rather bug off the GPG guys to change it than re-write it myself.

cheers,
--renato
Received on Friday, 28 March 2008 15:27:53 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 08:45:05 UTC