- From: Jeremy Carroll <jeremy@topquadrant.com>
- Date: Mon, 27 Apr 2009 11:03:34 -0700
- To: "'Toby A Inkster'" <tai@g5n.co.uk>, "'Ian Davis'" <iand@internetalchemy.org>
- Cc: "'Dan Brickley'" <danbri@danbri.org>, "'Hugh Glaser'" <hg@ecs.soton.ac.uk>, "'foaf-dev Friend of a'" <foaf-dev@lists.foaf-project.org>, "'Peter Krantz'" <peter.krantz@gmail.com>, <foaf-protocols@lists.foaf-project.org>, "'Semantic Web'" <semantic-web@w3.org>, <paola.dimaio@gmail.com>, "'Bijan Parsia'" <bparsia@cs.manchester.ac.uk>, "'Thomas Roessler'" <tlr@w3.org>
My view is that neither XML sig nor some sort of RDF signature, as envisaged in my paper cited in this thread, are appropriate. The techniques of both are trying to permit signing of the pertinent information, while ignoring irrelevancies (such as white space [in XML] or triple order [in RDF]). But why bother? If you have the original document, and its signature, just as a text file, you can confirm authorship. This solves the actual problems: everything else is just an intellectual exercise. As with all software problems, ask the question: what are we trying to achieve? Then can we achieve that easily with some off the shelf software? & try and use the simplest off-the-shelf software one can. The presenting problem is that Dan's web site was hacked, and some crucial files for SemWeb are down until he recovers the site. What we need (for the future) is reliable copies of those crucial files, that we know are good. I think that using the original documents, and signatures of those docs as text files achieves the goals. Of course, the next thing that happens, is what happens when someone's private key is compromised ... Jeremy > -----Original Message----- > From: semantic-web-request@w3.org [mailto:semantic-web-request@w3.org] > On Behalf Of Toby A Inkster > Sent: Monday, April 27, 2009 4:51 AM > To: Ian Davis > Cc: Dan Brickley; Hugh Glaser; foaf-dev Friend of a; Peter Krantz; > foaf-protocols@lists.foaf-project.org; Semantic Web; > paola.dimaio@gmail.com; Bijan Parsia; Thomas Roessler > Subject: Re: [foaf-dev] FOAF sites offline during cleanup > > On 27 Apr 2009, at 09:18, Ian Davis wrote: > > > With the lessening emphasis on RDF/XML, shouldn't we be looking at > > signing the triples. I seem to recall a paper by Jeremy Carroll > > that discussed this. Also, now many of us are focussed on bnode- > > free linked data the problems of signing are much easier: serialise > > as ntriples, sort and sign the result. > > > The URI has already been posted, but to summarise, Jeremy's technique > is more or less the one outlined above: serialise as N-Triples, sort > and sign. Graphs do not *need* to be BNode free for this to work. > Some (not all) graphs containing BNodes can still be signed this way > by assigning canonical names to the BNodes. Jeremy's paper outlines > how this can be done. > > -- > Toby A Inkster > <mailto:mail@tobyinkster.co.uk> > <http://tobyinkster.co.uk> >
Received on Monday, 27 April 2009 18:04:36 UTC