[foaf-dev] RDFAuth: an initial sketch
pwilliams at rapattoni.com
Mon Apr 7 02:35:20 BST 2008
My mail was a little tongue in cheek, since the conversation about making F=
OAF useful today for interchange of contacts and localized endorsements bet=
ween social network members had been discussing the relationship between th=
ermodynamics and triples - and the laws impact on any and all triple cachin=
g frameworks. One might as well add a little quantum entropy into that disc=
ussion to heat it up a bit more.
On a more pragmatic note, consider the proposed relationship between OAuth =
and SAML2 http://rnd.feide.no/content/proposal-perfsonar-oauth-profile.
I've already widely discussed that from SAML2 I've bridged to OpenID2. Thus=
, by transitivity, we have OpenID2 to OAuth easily deployable. As I am now =
actively investigating which authorization framework to apply to our busine=
ss (considering OAuth and XACML) this is all timely. By default, US realty =
will be deploying SAML tokens over SOAP web services for both authentiation=
and authorization, to access a US national RDF/XML data service, within a=
year. But there is plenty of leeway politically - to also add RETS/OAuth t=
o the pot. Provided the various bearers are transfering the same payload me=
ssages, different endpoints can exhibit different doctrines of how best to =
interact with certain types of semantic web user agents. Different security=
frameworks can be in operation - provinding there always lies the opportun=
ity to account link identifiers or translate the various tokens blobs.
From: Renato golin
Sent: Sun 4/6/2008 2:24 PM
To: Peter Williams
Cc: Kjetil Kjernsmo; foaf-dev at lists.foaf-project.org
Subject: Re: [foaf-dev] RDFAuth: an initial sketch
Peter Williams wrote:
> You'd have to let go of the PGP fantasy AND buy some rather expensive =
> devices. But, QC auth for key agreement does work, practically, now. It =
> would allow semweb and crypto to merge better, given both would have =
> left the discrete time domain. http://www.msnbc.msn.com/id/6009001/
Yes, quantum security is perfect in the theoretical sense but W3C cannot =
enforce users to buy *any* kind of special hardware to make the web =
works, expensive or cheap. There are fingerprint scanners widely =
available and still we don't see any standard requiring them to work.
Standards work on a different level, by defining which level of trust =
you must rely on each part of the system. What you use to assure that is =
up to the implementation.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the foaf-dev