- From: Patrick Stickler <patrick.stickler@nokia.com>
- Date: Mon, 15 Mar 2004 11:21:09 +0200
- To: "ext Jeremy Carroll" <jjc@hplb.hpl.hp.com>
- Cc: Dan Brickley <danbri@w3.org>, www-archive@w3.org, Pat Hayes <phayes@ihmc.us>, Chris Bizer <chris@bizer.de>
On Mar 12, 2004, at 23:14, ext Jeremy Carroll wrote: > > > Dan Brickley wrote: > >> Just to de-lurk, yes this all makes sense. One technique that I >> believe to be deployable (even if a pragmatic hack) is PGP signing >> RDF files. >> For eg see http://usefulinc.com/foaf/signingFoafFiles >> PGP only assures that the file hasn't been changed since the signer >> interacted with it, doesn't assure that the signer asserts it. My >> working guess is that, if the doc itself claims that the signer is >> its creator, that is enough to bootstrap the claim that the signer >> asserts >> the triples encoded in the rdf/xml. Again, I think it's very important to keep separate the authenticity of a graph from the intended usage of the graph by the owner/creator/publisher. Just because a graph is signed, should not mean that it is explicitly asserted (even if lots of agents might presume that it is). Per my examples of conditional assertion, there can (and I expect will) be lots of use cases where authenticity is important for non-asserted or conditionally asserted graphs. If we're introducing new machinery to address these issues, then there is no justification for blurring distinctions that are/could be significant just to have maximal reuse of existing machinery. >> Potentially tenuous but I can't >> think of how else to roll this stuff out... >> Dan > > My guess is that with only a little bit of common practice to that > effect, that this would stand up in a court of law. A digital > signature is a pretty heavy duty device and is already understood as > the analog of a written signature - and if the RDF stacks up as saying > affirmed by Jeremy and I have digitally signed it as Jeremy, I think I > would have a hard time trying to repudiate it. > I agree. If there was an explicit claim of assertion. If there was only a signature, then IMO all that would constitute is a test of origin of the statements, not whether they reflect asserted claims. I may sign my name on the inner jacket of a book, but that doesn't mean I am asserting the claims made in the book -- only that I am wishing to indicate ownership of the (copy of the) book. If, however, I were to write "I affirm the claims expressed in this book." above the signature, then that would be a different matter. Origin of published content and assertion of claims (truth) are two different things, and our machinery should capture that distinction. > Jeremy (not digitally signed, not affirmed, take it or leave it!) Likewise ;-) Patrick > > > > -- Patrick Stickler Nokia, Finland patrick.stickler@nokia.com
Received on Monday, 15 March 2004 04:21:34 UTC