[foaf-dev] FOAF-based whitelisting project

Kjetil Kjernsmo kjetil at kjernsmo.net
Mon Mar 12 20:23:28 UTC 2007

On Monday 12 March 2007 04:49, Dave Brondsema wrote:
> foaf:knows does not have the semantics of "trusts".

Well, that's true, but pragmatically, the fact that spammers tend to use 
random addresses, and that most people would realistically say that 
they know people whom they also trust to some extent means that for 
now, it is useful. 

> Yes, there are a 
> LOT of foaf:knows relationships that we need to take advantage of,
> but we can't assume that it means they trust somebody (and on what
> topic?). Konfidi uses separate trust relationships to denote this
> (and to allow for trust topics and numerical trust values).

Yes, I know konfidi is superior in this respect. However, I have a 
requirement for this project that is that the system must be usable 
with the data that is allready out there. I think that is absolutely 
critical for the project's success, and the fact that I trust my 
climbing buddy with my life while climbing doesn't prompt me to give 
him my root password, doesn't change the situation, that foaf:knows is 
most likely quite sufficient as a relationship for at least a few 
months, possibly much longer. 

> Then, we can have a way for individuals to say "all my foaf:knows (or
> foaf:interest) statements at http://foo.com/bar are to be interpreted
> as trust relationships on topic X at value Y".  We could also
> consider allowing system-wide default interpretations of foaf:knows,
> but that should not be the preferred way to declare trust, since
> that's not what it means.

Ideally, yes, but I think that the subset of the people who would 
declare their trust explicit is so small, it won't reach critical mass. 
foaf:knows will have to do, but if possible, we should reward people 
wishing to make clearer statements.

> "supernodes"?  See my earlier email about hierarchical vs. peer
> trust.

I refer to natural supernodes, not artificial supernodes, like a CA. I 
too think that peer trust is superior, and that trust values should be 
computed as seen from the recipient. Natural supernodes are people who 
are known (and trusted) by a large number of people.

> How about accepting triples asserting relationships from anyone, iff
> they are the truster in the relationship.  E.g. I provide a triple
> saying http://brondsema.net/dave# trusts http://example.bar/baz, and
> the http://brondsema.net/dave# foaf:person is identified by a PGP
> fingerprint or a OpenID, then I must PGP-sign my document or provide
> it to a trust server after authenticating with OpenID.

Drop an 'f' from the iff, and I'm with you! :-) I think that we can 
reasonably accept data from sites like my.opera.com and LiveJournal (in 
fact, I think we have to, to reach critical mass) without requiring a 
signature, however, it could be a method to allow data from smaller 
providers into the graph. 


Kjetil Kjernsmo
Programmer / Astrophysicist / Ski-orienteer / Orienteer / Mountaineer
kjetil at kjernsmo.net
Homepage: http://www.kjetil.kjernsmo.net/     OpenPGP KeyID: 6A6A0BBC

More information about the foaf-dev mailing list