Re: [foaf-protocols] Standardising the foaf+ssl protocol to launch the Social Web

On Tue, Jul 6, 2010 at 5:17 PM, Bruno Harbulot
<Bruno.Harbulot@manchester.ac.uk> wrote:
>
> 5. Addressing the issue of signed RDF assertions or comparison with
> other repositories of keys.
>
>   So far, we've been using a simple dereferencing of the WebID to do the
> verification. It's OK, but it doesn't really improve the security
> compared to OpenID. There is potential to improve the security by using
> the keys of course. How far do we want to go there?

"Addressing the issue of signed RDF assertions" -> In such generic
terms I think it's by far out of scope for foaf+ssl (for a paper on
the subject see Jeremy Carroll paper on signing rdf graphs [1]).
However I think I very much agree with your intention and I think that
from the beginning we should have a way for transitive trust chains.
But instead of signing complete graphs or arbitrary extensions we
should have a way to say and sign something like "At time X i
assume|believe|stronger that Y is the public key of P, see Z for
possible updates on this believe", I think this signing should be done
largely automatically and even if on a low trust level of "assume" can
have great benefits. For example a friend request should be
accompanied by such a statement (as in fact this only says that we
think we're sending the request to the right person, a single one of
these is of little use but many such statements can build a sound
foundation for some trust).

Cheers,
reto

1. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.58.3198&rep=rep1&type=pdf

Received on Tuesday, 6 July 2010 19:33:56 UTC