- From: Dave Reynolds <der@hplb.hpl.hp.com>
- Date: Thu, 04 Apr 2002 17:05:44 +0100
- To: Jeremy Carroll <jjc@hplb.hpl.hp.com>
- CC: reagle@w3.org, www-rdf-interest@w3.org
Jeremy Carroll wrote: > Aren't you really talking about the absense of a Public Key > Infrastructure ... I agree, this is pki-free trust rather than key-free trust. In principle you can apply the "trust through volume of circumstantial evidence" principle to any statement that is made in enough places, and do without any keys. If I were to find enough independently made assertions that "Joseph Reagle stated on Tuesday that 'the semantic web will displace PKI'" then I might start to believe these assertions even if none of them are signed. In practice it is statements such as "Joseph Reagle's public key digest is 0xab213276" that you are expecting to occur in enough places to be "trusted" for that reason. You then extend this trust in the identity binding of the key to trust in individual statements by signing them by the key. Thus Joseph's hypothesis could be rephrased more like: "The pervasive publication of key digests will enable trust in identity without the use of a Public Key Infrastructure, the use of these keys to sign statement digests in the Semantic Web will provide for practical trust solutions in the absence of a workable PKI." This seems like a good and useful hypothesis - the problem with PKI is the "I" bit not the "PK" bit! One innocuous phrase in the above is "independently made". In the case of the human web you trust a Kevin Bacon key digest that appears in lots of places because different people have probably done work to put them there and maybe have done some level of checking. In the case of the semantic web this might not be true. I can imagine a lot of knowledge sources in the semantic web will be populated by ingesting data from other sources. It is entirely possible for one (malicious or otherwise) assertion about a public key to be copied many times over entirely automatically - sheer number of hits in the SW-google doesn't tell you enough about the independence of the sources to lead to trust. A really robust revocation will be needed. Revocation is harder, not easier, in such a decentralized trust world. > You talk about digesting RDF statements, but really we are interested in > digesting sets of RDF statements, i.e. graphs. If these graphs have blank > (anonymous) nodes then we have difficulties. First, I tend to agree with Graham that signing the manifestation (i.e. and XML serialization) is enough and is analogous to real world signing. Second, a signing solution for the subset of RDF just involving trees, not graphs, of anonymous nodes is considerably easier and IMHO would hit the majority of the practical needs. The common use of anonymous nodes in actual data (as opposed to queries or reification) is arguably to represent structured values which are typically tree-like. Currently, in the absence of reification, the XML syntax can only express tree shaped bNode structures so only being able to digest and sign such structures doesn't seem like a severe practical restriction. Dave
Received on Thursday, 4 April 2002 11:08:09 UTC