Re: what is on Trust and Proof levels? from Adrian Walker on 2010-11-01 (semantic-web@w3.org from November 2010)

From: Adrian Walker <adriandwalker@gmail.com>
Date: Mon, 1 Nov 2010 10:43:52 -0400
To: nathan@webr3.org
Cc: Henry Story <henry.story@bblfish.net>, Ivan Herman <ivan@w3.org>, Juriy Katkov <katkov.juriy@gmail.com>, Semantic Web <semantic-web@w3.org>
Message-ID: <AANLkTi=wq+MNc558u9StFJHkuoODGw=N6Q0G3V51DhHK@mail.gmail.com>

Hi All --

Interesting discussion of *trust *from the point of view of checking
identity.

There's also the question of producing a *proof *that explains why a derived
answer follows from some RDF facts and any logic used.

>From the user point of view, the proof should be in English (or other
natural language) rather than in a technical notation.  ("p is true because
q and r are true" is meaningless an end user)

The system online at the site below shows one way of providing English
explanations.  The are also abductive English explanations of why an
expected result is missing.

To see how this can work with RDF, one can run the following example

  www.reengineeringllc.com/demo_agents/RDFQueryLangComparison1.agent

by pointing a browser to the same site, and choosing *RDFQueryLangComparison1
*.

The approach is implemented and up and running on the web, so appears to be
ready for cooking into a standard.

HTH.  Apologies if you have seen this before, and thanks for comments.

                                   -- Adrian

Internet Business Logic
A Wiki and SOA Endpoint for Executable Open Vocabulary English Q/A over SQL
and RDF
Online at www.reengineeringllc.com
Shared use is free, and there are no advertisements

Adrian Walker
Reengineering



On Mon, Nov 1, 2010 at 10:08 AM, Nathan <nathan@webr3.org> wrote:

> Henry Story wrote:
>
>> On 1 Nov 2010, at 14:25, Nathan wrote:
>>
>>  Henry Story wrote:
>>>
>>>> On 31 Oct 2010, at 09:23, Ivan Herman wrote:
>>>>
>>>>> On Oct 29, 2010, at 01:58 , Juriy Katkov wrote:
>>>>>
>>>>>  Hello everyone! I've studied semantic web standard and technologies
>>>>>> for some time but still don't understand: what kind of tecnologies are on
>>>>>> Proof and Trust levels of the Semantic Web layer cake? Have these standards
>>>>>> already built or not?
>>>>>>
>>>>>>  The short answer is: no.
>>>>>
>>>>> There is R&D on trust, security issues, signatures, etc, but none that
>>>>> I know of are of a maturity level to be defined as a standard. (Yet?)
>>>>>
>>>> Well I think WebID is really past that stage now. It's been tested on
>>>> more platforms that one
>>>> can think of and list, people have written thesis on it, implementations
>>>> have been made, ...
>>>>  http://esw.w3.org/Foaf%2Bssl
>>>> It's mature, and ready to be cooked by a willing standards organisation.
>>>> If you want to support it and are member of the W3C please add your name to
>>>> the wiki here: http://esw.w3.org/Foaf%2Bssl/WebIdWorkingGroup
>>>> That provides a foundation stone for the rest. The rest is still a lot
>>>> of work.
>>>>
>>> There's still a critical link missing, there's no way of proving in RDF
>>>
>>
>> You cannot make proofs in RDF. You make statements.
>>
>>  that a person really holds the private key for which which they say they
>>> hold the public key.
>>>
>>
>> I am surprised that you still have this issue. It sounds like you still
>> have not understood foaf+ssl
>> to me. Are you saying that all our deployments are broken at present? Or
>> is there something I am missing?
>>
>
> It's not an issue with FOAF+SSL, WebID protocol or other, quite sure we
> both fully understand that.
>
> What I'm saying is, if you dereference my webid you will find a statement
> like this:
>
>  [ a rsa:RSAPublicKey;
>   cert:identity :me;
>   rsa:modulus  [ cert:hex "FDB6FB1159710EAEEC69B.." ];
>   rsa:public_exponent  [ cert:decimal "65537" ] ] .
>
> But you do not know if :me holds (or ever held) the private key
> corresponding to that public key.
>
> Remember the elements we're considering here, this is completely orthogonal
> to FOAF+SSL, this is simply you considering the RDF graph received upon
> dereferencing my webid.
>
> If however we were to augment the graph with another statement which
> included a some data which was signed by the private key, then you have an
> extra statement, something you can use as part of trust metrics. A signature
> you can verify with the public key, and you can take that additional
> knowledge and use it for whatever you want, as some form of trust metric or
> to contribute to some belief state you currently hold.
>
> Follow?
>
> Best,
>
> Nathan
>
>

Received on Monday, 1 November 2010 14:44:23 UTC