[rdfweb-dev] Which Person wrote this FOAF?

Graham Klyne GK at ninebynine.org
Tue Jul 29 14:10:08 UTC 2003

At 07:17 29/07/03 -0400, Dan Brickley wrote:
>    (thinking out loud:)
>  - maybe there is a relation (not sure how app-specific) along lines of
>    wot:delegatesAssurance that relates PGP keys. Example: my PGP key has
>    fingerprint "FA0C 0D5A 2B3F 808D AA28  2B63 3E15 EF2F 7322 8FE4". I
>    could use it to PGP-sign some RDF which says that that key stands in
>    a delegatesAssurance relationship to key(s) from Ecademy, TypePad.
>    So I would only need a very basic PGP-signed FOAF file that said, in
>    effect, 'if you see more FOAF signed by these other keys, they're
>    making claims on my behalf.' (hmm, presume a different key for each
>    user, rather than one key for all FOAF signed by that service?)
>    (to feel comfortable with this, I'd want (i) time limits (ii) a
>    revocation mechanism (iii) parameters for what I'm delegating, ie.
>    wouldn't want this to be a blank slate for the delegated sites to
>    say anything at all 'from me' forever. This is a huge problem space,
>    and one we should tiptoe into rather cautiously...)

This seems to me rather like inverse certificates (the individual indicates 
willingness to stand by the actions of a service provider), which when it 
comes down to it is just a different way of using ordinary 
certificates.  As always with certificates, the challenge is figuring out 
how to bootstrap the chain of trust.  (e.g. suppose I sign up to Ecademy 
under an assumed name... and then issue a certificate delegating assurance 
to Ecademy statements about that name.)

And all your "comfort points" are exactly the kinds of features you'll find 
in existing certificate designs.


Graham Klyne
<GK at NineByNine.org>
PGP: 0FAA 69FF C083 000B A2E9  A131 01B9 1C7A DBCA CB5E

More information about the foaf-dev mailing list