[foaf-dev] web of trust, openid and foaf

Peter Williams pwilliams at rapattoni.com
Tue Sep 18 05:38:56 BST 2007


At http://yorkporc.spaces.live.com/blog/cns!5061D4609325B60!212.entry I think I address most of your points, along with a wholesale reorganization of the material. It now reads like a paper (even though its supposed to be a blog post!). 

 

Thanks for the Comments.

 

The next task is to get the SPARQL library back into action, and get back to using Euler to compute whose public key is endorsed by who, in a key-signing chain of length X discovered by evaluating the connections in the knows relation. It will be fun to see how the engineering issues play out when such processes are applied to very large numbers of FOAF files, with many knows-relations.

 

> -----Original Message-----

> From: Story Henry [mailto:henry.story at bblfish.net]

> Sent: Monday, September 17, 2007 6:28 AM

> To: Peter Williams

> Cc: foaf-dev at lists.foaf-project.org

> Subject: Re: [foaf-dev] web of trust, openid and foaf

> 

> Hi Peter, thanks for taking the time to write this up.

> 

> I'll just add comments, on your text, most of them of stylistic

> value. I think it is really great how you have come to learn all this

> stuff so quickly. It is great to have someone with real experience in

> security grok this :-)

> 

> ----------------

> 

> So here are points I can think of:

> 

> - I think you need to use html coloring for your html examples

>    (use &lt; and &gt;, place the quoted html into a <pre> </pre> tag,

> and you can even use font coloring tags

>    to get the coloring effect.

>    Otherwise you may want to work on getting much higher resolution

> on your images, they are quite painful to look at on higher

> resolution screens

> 

> - [[

>   "Basic" legitimacy is determined by confirming that the openid

> Property is present in the Person class of an authentic FOAF file

> that contains a single

> PersonalProfileDocument.

> ]]

>   that should perhaps be "the openid property is present in the

> instance of the Person class..."

> (the openid property is present in the Person class itself - it is

> defined as having a foaf:Person as a domain)

> 

> - [[

> The first graphic below shows a FOAF file with a

> PersonalProfileDocument.

> ]]

> 

> should be "The first graphic below shows a FOAF file with a

> PersonalProfileDocument element". (that would be looking at the level

> of syntax)

> 

> One can the move to the level of semantics, by explaining that the

> document is describing itself, as you do.

> 

> - [[The Person resource has an openid Property whose value is --

> unlike the previous example -- very

> much related to the URL from which the document may be retrieved:

> http://homepw.livejournal.com/data/foaf.rdf

> HTTP/1.0 200 OK

> Content-Type: application/rdf+xml; charset=utf-8

> ]]

> 

> Reading that graphic it looks like the statement is:

> [] foaf:openid <http://homepw.livejournal.com> .

> 

> so you need to explain the jump from there to the URL of the next line:

> http://homepw.livejournal.com/data/foaf.rdf

> 

> - [[

> In that example (from the draft specification), note the form of a

> complex identity element - a

> User. This contrasts with how identity was used in another example in

> the context of two SPARQL

> query attempting to emulate the request and response of SAML

> assertions:

> ]]

> 

> You never go on to explain how it contrasts. One is a statement, the

> other two are examples of queries.

> 

> - [[

> Signaling a FOAF file in a FOAF-aware

> consumer

> ]]

> 

> You fail to mention here the other way of doing this, by placing a

> meta link in the <head> section of the html.

> It is pretty close, but I think the second way will be the more usual

> method.

> 

> In Conclusion:

> 

> It looks to me like their are some untied ends around still.  I think

> this could be made clearer with some

> UML sequence diagrams that show:

> 

>   -1 the original writing of the openid

>   -2 the getting of the openid html file

>   -...

>   - the getting of the foaf file (verification that it contains an

> openid relation on a person)

>   - the cryptographic ties if there are any

> 

> Well in point of fact, I imagine one could write a whole book on the

> subject... So there is probably no way to finish this.

> 

> Home page: http://bblfish.net/

> Sun Blog: http://blogs.sun.com/bblfish/

> Foaf name: http://bblfish.net/people/henry/card#me

> 

> On 17 Sep 2007, at 11:20, Peter Williams wrote:

> 

> > After 2+ months of learning, reading, tooling and playing, I've put

> > my thoughts on a deeper integration of openid and foaf down on

> > paper, http://yorkporc.spaces.live.com/blog/cns!5061D4609325B60!

> > 175.entry.

> >

> >

> >

> > I feel very much like I felt in 1993, very hopeful and very

> > enthused. My gut feeling tells me the next round of security

> > technology is maturing nicely.  Much of the technology in play

> > today is, in contrast, nearly 25 year old and heavily focused on

> > centralized control. A lot of it can be discarded, being replaced

> > with materials that simply fit web culture "properly".

> >

> > _______________________________________________

> > foaf-dev mailing list

> > foaf-dev at lists.foaf-project.org

> > http://lists.foaf-project.org/mailman/listinfo/foaf-dev

 



More information about the foaf-dev mailing list