[rdfweb-dev] Which Person wrote this FOAF?

Bill Kearney wkearney99 at hotmail.com
Tue Jul 29 22:07:57 UTC 2003

> To have such a construct would probably be a bad idea.  There will never
> be guaranteed one source of information about anyone -- this is how the
> web works

No, this is not how the web works.  If I'm the owner of www.example.com domain
it can reasonably assumed I "own" things referencing that domain.  More so when
resources can be retrieved from said domain.  Further cemented by being able to
use PKI to digitally verify it.

> and a fundamental assumption of FOAF -- so to codify such an
> expectation in the vocabulary is either: (a) incorrect, if foaf:file
> implies a 1:1 authoritativeness, or (b) redundant, if you don't imply a
> 1:1 relationship, you don't get any more than seeAlso gives you.

> It's also eminently fakeable.  I could start littering the interweb with
> foaf:file statements for somebody else, pointing to files of my own
> invention.
> In short: foaf:file would tend to give false assurances that consuming
> software really can't support.

In that example, yes.  But in the sense that multiple mechanisms ought to be
used to establish authenticity it's not unreasonable.

> > It could be used in statements about statements (i.e.
> > to say this info came from Foo's foaf file).
> Well, we can already record the URL we found the information at.  If
> there's a foaf:maker or foaf:made property connected to that URL, we can
> record (unverified) author information.  And if a verifiable digital
> signature is in place, we can then make a trust decision on that
> information, based on how much we trust the key we have for that person.

> I agree on this importance, but it does not necessitate creating
> something like a "foaf:file" term.  maker, made and dig sigs can get us
> pretty far on in that.

+1 on Dsig and pki.

-Bill Kearney

More information about the foaf-dev mailing list