[rdfweb-dev] IM URIs

Bill Kearney wkearney99 at hotmail.com
Sat Aug 2 12:02:07 UTC 2003


> > The question then becomes is how to do we effectively markup that we're
using
> > hashed values and those values can be resolved via a 'known' mechanism of
some
> > kind?
>
> My hunch is that it is probably time to take a more careful look at
> the XML Encryption and XML Signature work,
> http://www.w3.org/Encryption/2001/
> http://www.w3.org/Signature/
>
> While a few of us have been looking at the use of PGP to sign or encrypt
> entire RDF/XML documents (FOAFbot notably supporting signatures), the
> use of XML Enryption promises a more fine-grained facility. If I understand
> correctly, it would give us a way of having chunks of signed or
> encrypted data as markup within a larger RDF/XML document. It's a while since
> I looked at those specs.

I'm not talking about encrypting the data, per se.  I'm talking about providing
a means to share the fact the data is hashed and what sort of un-hashing or
resolution services could be used to 'de-reference' the hash.

As in, I can hash mailto:joe at example.com using a plain SHA1 hash and get:
9bbb06b3bb947843d3ee37048284926bbebfe8b5

Now, I could also take that same info for joe and hash it with something else:
http://example.com?usr=joe@example.com
8d1439d25a8174f1f8ffb8106d075b05a4c4ce95

This would effectively allow any environment that wanted their own "private
hashing technique" to do it without compromising how it was being created.  This
isn't very useful without knowing how to resolve that hash.  But if I just
wanted to publish a list of foaf:People with this different form of identifier
I'm presumably going to have to offer some way for a consumer of the data to
know what they heck is going on here.  I suppose I could just subclass off the
hash into my own vocabulary, that'd work.  But it would introduce the extra step
of people having to resolve my descendant variations using rdfs.  Not impossible
but if they're stuck bitching in the 'regexing plain xml' era then imagine the
uphill battle.

That said, however, the XML Signature stuff might well be useful.  Rather than
reinventing a wheel of my own...

-Bill Kearney




More information about the foaf-dev mailing list