- From: Pat Hayes <phayes@ihmc.us>
- Date: Mon, 15 Mar 2004 20:14:51 -0600
- To: Patrick Stickler <patrick.stickler@nokia.com>
- Cc: Jeremy Carroll <jjc@hpl.hp.com>, Dan Brickley <danbri@w3.org>, www-archive@w3.org, Pat Hayes <phayes@ihmc.us>, Chris Bizer <chris@bizer.de>
>On Mar 12, 2004, at 23:14, ext Jeremy Carroll wrote: > >> >> >>Dan Brickley wrote: >> >>>Just to de-lurk, yes this all makes sense. One technique that I >>>believe to be deployable (even if a pragmatic hack) is PGP signing >>>RDF files. >>>For eg see http://usefulinc.com/foaf/signingFoafFiles >>>PGP only assures that the file hasn't been changed since the >>>signer interacted with it, doesn't assure that the signer asserts >>>it. My working guess is that, if the doc itself claims that the >>>signer is its creator, that is enough to bootstrap the claim that >>>the signer asserts >>>the triples encoded in the rdf/xml. > > >Again, I think it's very important to keep separate the authenticity of >a graph from the intended usage of the graph by the owner/creator/publisher. > >Just because a graph is signed, should not mean that it is explicitly >asserted (even if lots of agents might presume that it is). Agreed. But if it is signed AND if it says that is an assertion by the signer, then that seems to me to be good enough for everyone's pump to be primed. And we can build this into the rdfg MT. (If the graph-saying involves arbitrarily long inference chains to establish, for no good reason....? Lets leave that issue to the lawyers.) A cautious lawyer might also require that both the asserting graph and the asserted graph were signed by the same signer (and that they also asserted in RDF that they were so signed in a checksum-checkable way, etc.) That seems to me to be a bit like signing every page of legal document, but OK, in extreme conditions. >Per my examples of conditional assertion, there can (and I expect will) be >lots of use cases where authenticity is important for non-asserted or >conditionally asserted graphs. > >If we're introducing new machinery to address these issues, then there >is no justification for blurring distinctions that are/could be >significant just to have maximal reuse of existing machinery. > >>>Potentially tenuous but I can't >>>think of how else to roll this stuff out... >>>Dan >> >>My guess is that with only a little bit of common practice to that >>effect, that this would stand up in a court of law. A digital >>signature is a pretty heavy duty device and is already understood >>as the analog of a written signature - and if the RDF stacks up as >>saying affirmed by Jeremy and I have digitally signed it as Jeremy, >>I think I would have a hard time trying to repudiate it. >> > >I agree. If there was an explicit claim of assertion. If there was only >a signature, then IMO all that would constitute is a test of origin >of the statements, not whether they reflect asserted claims. I think we all agree at this point. Pat -- --------------------------------------------------------------------- IHMC (850)434 8903 or (650)494 3973 home 40 South Alcaniz St. (850)202 4416 office Pensacola (850)202 4440 fax FL 32501 (850)291 0667 cell phayes@ihmc.us http://www.ihmc.us/users/phayes
Received on Monday, 15 March 2004 21:14:54 UTC