- From: Nathan <nathan@webr3.org>
- Date: Mon, 01 Nov 2010 14:43:45 +0000
- To: Henry Story <henry.story@bblfish.net>
- CC: Ivan Herman <ivan@w3.org>, Juriy Katkov <katkov.juriy@gmail.com>, Semantic Web <semantic-web@w3.org>
Henry Story wrote: > The proof of ownership of the private key is not in the foaf profile. Ultra-clarifying, the above is true of FOAF+SSL, I'm saying let's put the proof of ownership of the private key in the foaf profile, via a signature, and see where it leads us - this enables us to begin asking many questions related to trust and consider what factors are in WOT, Certificate chains that are not in LOD, and whether the addition of keys and signatures addresses some of the missing factors. For instance, if I make a statement that :me foaf:knows :you, and you say that :you foaf:knows :me, then what do we gain if I sign your webid (uri) and you place it in your foaf, and you sign my webid and I place it in my foaf? As another example, if I sign my own webid, and place that signature in my foaf, then author a document somewhere in RDF, and in the RDF document say that it's foaf:maker is <my-webid>, then I sign the URI of that document and place the signature in my foaf, what have we established, is there something else on which to base some form of trust? would that metric be stronger if the signature were in the aforementioned RDF document which I authored? Also, is there a benefit to me signing that URI (not it's contents, just the URI) that isn't already there by me signing my own URI then linking outwards? I feel these are important questions to be considering, although I certainly don't have the answers, and adding in that extra statement to make considering these questions may well be worth doing. Best, Nathan
Received on Monday, 1 November 2010 14:44:32 UTC