Re: what is on Trust and Proof levels? from Henry Story on 2010-11-01 (semantic-web@w3.org from November 2010)

From: Henry Story <henry.story@bblfish.net>
Date: Mon, 1 Nov 2010 16:26:45 +0100
To: nathan@webr3.org
Cc: Ivan Herman <ivan@w3.org>, Juriy Katkov <katkov.juriy@gmail.com>, Semantic Web <semantic-web@w3.org>
Message-Id: <5EACB5F9-A7E5-4038-B529-D1B274EF0E06@bblfish.net>
On 1 Nov 2010, at 15:08, Nathan wrote:

> Henry Story wrote:
>> On 1 Nov 2010, at 14:25, Nathan wrote:
>>> Henry Story wrote:
>>>> On 31 Oct 2010, at 09:23, Ivan Herman wrote:
>>>>> On Oct 29, 2010, at 01:58 , Juriy Katkov wrote:
>>>>> 
>>>>>> Hello everyone! I've studied semantic web standard and technologies for some time but still don't understand: what kind of tecnologies are on Proof and Trust levels of the Semantic Web layer cake? Have these standards already built or not?
>>>>>> 
>>>>> The short answer is: no.
>>>>> 
>>>>> There is R&D on trust, security issues, signatures, etc, but none that I know of are of a maturity level to be defined as a standard. (Yet?)

>>>> Well I think WebID is really past that stage now. It's been tested on more platforms that one
>>>> can think of and list, people have written thesis on it, implementations have been made, ...
>>>>  http://esw.w3.org/Foaf%2Bssl
>>>> It's mature, and ready to be cooked by a willing standards organisation. If you want to support it and are member of the W3C please add your name to the wiki here: http://esw.w3.org/Foaf%2Bssl/WebIdWorkingGroup
>>>> That provides a foundation stone for the rest. The rest is still a lot of work.

>>> There's still a critical link missing,

That statement seemed to be saying that there was a critical link missing to the WebId
protocol. This is what I was disagreeing with.

I did say "The rest still is a lot of work"

Now are signatures "Critical"? I don't know. You need some good scenarios to show where they
are critical. I think one can get a huge part of the social web going without signatures, just
by links between WebIDs.

>>> there's no way of proving in RDF
>> You cannot make proofs in RDF. You make statements.
>>> that a person really holds the private key for which which they say they hold the public key.
>> I am surprised that you still have this issue. It sounds like you still have not understood foaf+ssl to me. Are you saying that all our deployments are broken at present? Or is there something I am missing?
> 
> It's not an issue with FOAF+SSL, WebID protocol or other, quite sure we both fully understand that.
> 
> What I'm saying is, if you dereference my webid you will find a statement like this:
> 
> [ a rsa:RSAPublicKey;
>   cert:identity :me;
>   rsa:modulus  [ cert:hex "FDB6FB1159710EAEEC69B.." ];
>   rsa:public_exponent  [ cert:decimal "65537" ] ] .
> 
> But you do not know if :me holds (or ever held) the private key corresponding to that public key.

Ok, so this is not something that is missing from the WebID protocol. This is something
you would like in addition to it for other use cases, not necessarily WebId related.
That is indeed different.

It is important in my view to be as minimalistic as possible for each application. So if
WebID does not need a signature, there is a great advantage in not having to provide one.

> 
> Remember the elements we're considering here, this is completely orthogonal to FOAF+SSL, this is simply you considering the RDF graph received upon dereferencing my webid.

So I dereference a URI, in some scenario where I am not in a WebId protocol situation, and I 
want to find a proof that the WebId referent owns that public key. 

It would be useful to find a list of use cases for this scenario. Because one can already
do a lot of trust metrics, just using the graph of linked foaf files.  

But when you have a few use cases, then it would be easy to add a relation, such as 

   cert:identitySig a rdf:Property;
        rdfs:domain foaf:Agent;
        rdfs:range Signature;
        rdfs:comment "Signature of the WebID using the private key of the public key".

That may not be the best way to model that relation, but something along those lines seems ok.

> 
> If however we were to augment the graph with another statement which included a some data which was signed by the private key, then you have an extra statement, something you can use as part of trust metrics. A signature you can verify with the public key, and you can take that additional knowledge and use it for whatever you want, as some form of trust metric or to contribute to some belief state you currently hold.

Yes, though it would be worth spelling that out in greater detail. All the signature above proves is:

  that the owner of the private key, has write access to the file and can sign the WebId. If he has access to that file, then he is also in a position to determine the meaning of the WebId, and so he can decide that it is whoever has the private key for the public key. By signing the WebId there he can prove that relation: ie he can remove the doubt that the public key was just found on the internet somewhere and copied.

Compare this to a situation where someone would mail you that same Profile, or if you found a piece of paper on the ground at a party with the same triples on it. There all you would know is that the person who wrote the paper had the matching private key, and that he could write on the paper and sign   a string, which happend to be a URI. But it would not tell you that the WebID referred to the possessor of the private key. Why? Because it was not dereferenced from the resource in the correct manner.

So what does removing the doubt that "the public key was just found on the internet somewhere" do. 

-foaf+ssl: Well clearly it won't help with foaf+ssl authentication, because someone who had the certificate with their WebID would by connecting to the Relying Party (Juliet's server) prove that the client had the private key. There is no need there to also have the profile document prove something too.
-encryption: if I found that public key and used it to encrypt something, then sent it to some provably related endpoint, then unless the WebID owner did have the private key, he would not be able to do much with it. So he'd be silly to publish a fake public key.

- signature verification. Perhaps here we are getting somewhere
   So I find a document signed on the internet with some private key. But there is no WebID linking to it. I do happen to have crawled my friends networks, and one person claims to have that public key. Then it could help to be able to prove that this was correct. 
   But this is not yet "critical". Few people sign anything currently.

  Any other examples?


> 
> Follow?
> 
> Best,
> 
> Nathan

Social Web Architect
http://bblfish.net/
Received on Monday, 1 November 2010 15:27:18 UTC