Re: semantic web, proof and trust from Dan Connolly on 2001-11-15 (www-rdf-logic@w3.org from November 2001)

From: Dan Connolly <connolly@w3.org>
Date: Thu, 15 Nov 2001 17:06:16 -0600
To: "Smith, Ned" <ned.smith@intel.com>
CC: www-rdf-logic@w3.org
Message-ID: <3BF44A68.E1155A7B@w3.org>

"Smith, Ned" wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> In a semantic web paper by James Hendler, a layer cake of
> technologies is presented with Unicode/URI at the bottom followed by
> XML, RDF, Ontology vocabulary, logic, proof and finally trust. The
> intermediate layers (RDF, ontology, logic and proof) are protected
> ala digital signature (I presume W3C DSIG).
> 
> I'd like to undersand the proof and trust layers, namely what is
> being prooved and what is being trusted?

Coincidently, I was just updating a description of our work
on that, and I discovered a new paper:

A Proof-Carrying Authorization System. Lujo Bauer,
                 Michael A. Schneider, and Edward W. Felten. Technical
                 report CS-TR-638-01, Department of Computer Science,
                 Princeton University, April 2001. 
  http://ncstrl.cs.princeton.edu/expand.php?id=TR-638-01

linked from

  SIP: Proof-Carrying Authorization
  http://www.cs.princeton.edu/sip/projects/pca/

linked from

  The Semantic Web as a language of logic
  http://www.w3.org/DesignIssues/Logic#PCA

linked from

  Access Control Rules, Logic, and Proof
  in Semantic Web Activity: Advanced Development
  http://www.w3.org/2000/01/sw/#access


While I was at it, I discovered a really nice diagram/slide
by Marja:

  SW Principles 3: Web of Trust
  http://www.w3.org/Talks/2001/1102-semweb-fin/slide14-0.html

> The use of digital signature suggests that key management is some how
> involved. Can anyone clarify? Is there the expectation that a PKI
> will be used (for example)?

The proofs pretty much subsume credentials and traditional
PKI stuff.

> Regarding proofs. One possible dimension to proof is the idea that
> one party must prove possession of a secret (a basic element of
> authentication). Is this an aspect of the proof layer?

Sort of.

> What other
> dimensions are implied by the proof layer?
> 
> Trust has been used in a variety of ways. In DOD Orange Book systems
> it describes the Trusted Computing Base which does not rely on
> external checking mechanisms for its assurances. In financial systems
> trust is better understood as risk management and can include
> indemnity protection - not relying exclusively on techniques for risk
> mitigation. The semantic web seems to apply the "web of trust"
> abstraction which could imply a system of distributed cross-checked
> nodes. I presume these nodes contain a TCB of sorts. Can anyone
> elaborate on the intended architecture for web of trust or the Trust
> layer?

The trusted computing base is expected to be:
a proof checker, which includes the ability to verify
digital signatures, plus a knowledge base of policies.

see also Necula's proof-carrying code stuff:
  http://www.cs.berkeley.edu/~necula/pcc.html

-- 
Dan Connolly, W3C http://www.w3.org/People/Connolly/

Received on Thursday, 15 November 2001 18:07:55 UTC