- From: James Leigh <james-nospam@leighnet.ca>
- Date: Thu, 04 Feb 2010 17:31:01 -0500
- To: Jeremy Carroll <jeremy@topquadrant.com>
- Cc: Steve Harris <steve.harris@garlik.com>, Semantic Web <semantic-web@w3.org>
On Thu, 2010-02-04 at 09:34 -0800, Jeremy Carroll wrote: > I seem to have received advise about how to store passwords, but > actually my question was about how to represent passwords in RDF. > > In my use case the password is typed in by a user, and later (perhaps > week's later) presented by the system to another application. > You should try and encoded the password as soon as possible. In the case of a web application, using JavaScript to encode it. I don't see a any difference between the need to encoded stored passwords and the need to encoded transmitted passwords. > This means that my system needs to be able to access the text (not just > the encrypted text) that the user typed in. > > I see this as essentially one triple: > > eg:account eg:password "secret text that needs to be protected when > stored or on the wire or in a display" . > I think a blank node resource is more appropriate option here. Consider: eg:account eg:password [a eg:Secret; eg:encoded "939e7578ed9e3c518a452acee763bce9"^^xsd:hexBinary; eg:algorithm "MD5"]. RSA could also be used for the algorithm with another property for the key used. You can then have your UI display resources of type eg:Secret as ***s and (if needed) make it easy for the user to decrypt the secret text. James
Received on Thursday, 4 February 2010 22:31:36 UTC