[foaf-dev] FOAF-based whitelisting project
dave at brondsema.net
Wed Mar 14 02:53:59 UTC 2007
Graham Klyne wrote:
> This is a response to several points raised in this thread:
> 1. I think that simply publishing a whitelist with hashed email addresses=
> insufficiently secure: because there are relatively few domains and email
> addresses tend to have regular patterns, this may be subjected to a dicti=
> attack by spammers to obtain suitable addresses to forge in their emails.=
> additional cleverness is required to prevent such attacks.
Yes, plus spammers already have millions of non-hashed email addresses
to spoof. It would be dangerous to query a trust network using an
identity that you haven't authenticated. Fortunately, SPF and DKIM are
two authentication methods for email that many mail servers have begun
to implement. I think most or all configurations would require SPF or
DKIM authentication before computing a trust value.
> 2. Regarding trust models based in psych research - I believe a seminal w=
> this area was by Stuart Marsh. His model is regarded by many as being ve=
> important but too complex for general computational use. It is widely ci=
> those who have developed more computationally amenable models.
Do you mean Stephen Marsh at
http://homepage.mac.com/smarsh2003/Main/index.html ? I haven't read any
of his work yet, I'll have to increase his priority in my reading queue.
I also have been listing some researchers, and lots of workshops at
> 3. Non-linear trust metric: Audan Josang has a model of "subjective trust=
> has been very influential. It combines elements of trust and certainty, =
> a relatively simple associated calculus. I'm not sure the extent toi whi=
> calculus has been verified against empirical or psych studies.
> 4. There was (still is?) a network of researchers interested in trust in =
> computing environments called iTrust -- http://www.itrust.uoc.gr/ -- the =
> working group funding ran for 3 years and supported 3 conferences; there=
> since been at least one more conference. Papers from these conferences c=
> many aspects of trust, and in particular reputation systems that embody s=
> notion of trust in analyzing recommendations.
> 5. IIRC, iTrust researchers in reputation systems generally found it was =
> to give each - party separate trust ratings as a recommender and as a pri=
> There are some related descriptions and references here:
> This is just one of many possibly relevant papers thrown up by Google for
> "Josang trust metric"
> Finally, some (rather dated) notes on my own web site:
> including a survey of papers from the first 2 conferences:
> (the raw data for this was collected as RDF).
> Kjetil Kjernsmo wrote:
>> Hi all!
>> Some of you might have noticed that I started "Community Projects" with =
>> the W3C semweb Education and Outreach IG, and submitted a proposal =
>> myself, about using FOAF-based trust networks for whitelisting email. =
>> And blacklisting too. =
>> The project overview is at =
>> Importantly, I want to build it using the most basic data, really =
>> identifying people, context-dependant trust, etc, will need to be added =
>> as we go. I just want to make this useful as quickly as possible.
>> If no-one objects, I intend to use foaf-dev as the project mailing list. =
>> After all, it should be the core topic of this list. Of course, I have =
>> other options as well, I even have a mailman install of my own, but I =
>> hope to engage people here, and besides, it isn't that much activity =
>> anyway. =
>> I've started to write some code, as plugins for Qpsmtpd and =
>> SpamAssassins are the main deliverables on the road-map. =
>> I've created some untested code, now at =
>> They should be functional, though, except for one little fact, that the =
>> trust metric is now just a random number... :-)
>> Chris Prather has started coding the trust module, though, and we'll see =
>> what we can get out of this. Chris now has write access to my SVN repo, =
>> we'll be accepting patches. =
>> I hope people will be interested in getting involved. I hope this can be =
>> big, I mean, we allready have like 17 million FOAF profiles out there, =
>> and if this becomes useful, we could persuade others to support it. =
Dave Brondsema : dave at brondsema.net
http://www.brondsema.net : personal
http://www.splike.com : programming
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 890 bytes
Desc: OpenPGP digital signature
Url : http://lists.usefulinc.com/pipermail/foaf-dev/attachments/20070313/c2=
More information about the foaf-dev