[foaf-dev] Re: [OpenID] cryptographics web of trust

Story Henry henry.story at bblfish.net
Fri Aug 10 15:11:57 BST 2007


Thanks for the feedback. I have extended the blog post to describe  
how one can link up to other people's public keys, sign their public  
keys, and how one can sign parts of one's foaf file, using Dan  
Brickley's and Tim Berners' Lee as examples.

This develops a very powerful web of trust.

http://blogs.sun.com/bblfish/entry/cryptographic_web_of_trust

Henry


On 9 Aug 2007, at 20:15, Steven Livingstone wrote:

> Very cool.
>
> I did some work in encrypting FOAF files a few years back (well,  
> hacked something together in a few hours).
> http://www.ecademy.com/node.php?id=4568
>
> I checked and it is still there:
> http://livz.org/encrypt/PrivateFoaf.aspx
>
> With the FOAF URL :
> http://www.ecademy.com/module.php?mod=network&op=foafrdf&uid=21584
> and searching for the name "Robert Sullivan" and a password  
> "steven", you get my decrypted FOAF file.
>
> The limiting part of it all (to make it really easy) was the fact  
> you needed an identity "Robert Sullivan" and a shared secret   
> "steven" - this is why OpenID is so powerful. With an authenticated  
> OpenID, you would be able to decrypt the FOAF file automatically.
>
> I figured at the time that some online identity (which didn't  
> really exist) could easily be mapped to a corresponding public key,  
> allowing you to encrypt parts of your FOAF files (or any other  
> file) for specific users.
>
> I hadn't spent too much time on it but i'd sure like to see it move  
> forward in some way.
>
> I know there has been other work put into this stuff as well:
> http://usefulinc.com/foaf/encryptingFoafFiles
>
> steven
> http://livz.org
>
>
> > To: general at openid.net; foaf-dev at lists.foaf-project.org
> > From: henry.story at bblfish.net
> > Date: Thu, 9 Aug 2007 18:31:57 +0200
> > Subject: [OpenID] cryptographics web of trust
> >
> > Hi, following some of the conversations I had on the openid  
> forums, I
> > have read up about web security and used that new gained  
> knowledge to
> > enhance my foaf file with a link to my public PGP key and used that
> > to sign my foaf file. Using this it is easy to see how one can  
> create
> > a semantic cryptographic web of trust.
> >
> > http://blogs.sun.com/bblfish/entry/cryptographic_web_of_trust
> >
> > There is a lot more to add for sure, but this is a good starting
> > point. Great fun too.
> >
> > Henry Story
> > _______________________________________________
> > general mailing list
> > general at openid.net
> > http://openid.net/mailman/listinfo/general
>
>
> See what you’re getting into…before you go there See it!



More information about the foaf-dev mailing list