Re: password datatype in RDF

On Thu, 2010-02-04 at 09:34 -0800, Jeremy Carroll wrote:
> I seem to have received advise about how to store passwords, but 
> actually my question was about how to represent passwords in RDF.
> 
> In my use case the password is typed in by a user, and later (perhaps 
> week's later) presented by the system to another application.
> 

You should try and encoded the password as soon as possible. In the case
of a web application, using JavaScript to encode it. I don't see a any
difference between the need to encoded stored passwords and the need to
encoded transmitted passwords.

> This means that my system needs to be able to access the text (not just 
> the encrypted text) that the user typed in.
> 
> I see this as essentially one triple:
> 
> eg:account eg:password "secret text that needs to be protected when 
> stored or on the wire or in a display" .
> 

I think a blank node resource is more appropriate option here. Consider:
eg:account eg:password [a eg:Secret;
 eg:encoded "939e7578ed9e3c518a452acee763bce9"^^xsd:hexBinary;
 eg:algorithm "MD5"].

RSA could also be used for the algorithm with another property for the
key used. You can then have your UI display resources of type eg:Secret
as ***s and (if needed) make it easy for the user to decrypt the secret
text.

James

Received on Thursday, 4 February 2010 22:31:36 UTC