[foaf-dev] RDFAuth: an initial sketch

Peter Williams pwilliams at rapattoni.com
Mon Apr 7 02:35:20 BST 2008


My mail was a little tongue in cheek, since the conversation about making F=
OAF useful today for interchange of contacts and localized endorsements bet=
ween social network members had been discussing the relationship between th=
ermodynamics and triples - and the laws impact on any and all triple cachin=
g frameworks. One might as well add a little quantum entropy into that disc=
ussion to heat it up a bit more.

On a more pragmatic note, consider the proposed relationship between OAuth =
and SAML2 http://rnd.feide.no/content/proposal-perfsonar-oauth-profile.

I've already widely discussed that from SAML2 I've bridged to OpenID2. Thus=
, by transitivity, we have OpenID2 to OAuth easily deployable. As I am now =
actively investigating which authorization framework to apply to our busine=
ss (considering OAuth and XACML) this is all timely. By default, US realty =
will be deploying SAML tokens over SOAP web services for both authentiation=
 and authorization, to access a US national RDF/XML data service,  within a=
 year. But there is plenty of leeway politically - to also add RETS/OAuth t=
o the pot. Provided the various bearers are transfering the same payload me=
ssages, different endpoints can exhibit different doctrines of how best to =
interact with certain types of semantic web user agents. Different security=
 frameworks can be in operation - provinding there always lies the opportun=
ity to account link identifiers or translate the various tokens blobs.





From: Renato golin
Sent: Sun 4/6/2008 2:24 PM
To: Peter Williams
Cc: Kjetil Kjernsmo; foaf-dev at lists.foaf-project.org
Subject: Re: [foaf-dev] RDFAuth: an initial sketch


Peter Williams wrote:
> You'd have to let go of the PGP fantasy AND buy some rather expensive =

> devices. But, QC auth for key agreement does work, practically, now. It =

> would allow semweb and crypto to merge better, given both would have =

> left the discrete time domain. http://www.msnbc.msn.com/id/6009001/

Hi Peter,

Yes, quantum security is perfect in the theoretical sense but W3C cannot =

enforce users to buy *any* kind of special hardware to make the web =

works, expensive or cheap. There are fingerprint scanners widely =

available and still we don't see any standard requiring them to work.

Standards work on a different level, by defining which level of trust =

you must rely on each part of the system. What you use to assure that is =

up to the implementation.

cheers,
--renato
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.usefulinc.com/pipermail/foaf-dev/attachments/20080406/733=
b91c0/attachment.htm


More information about the foaf-dev mailing list