[foaf-dev] [foaf-protocols] FOAF sites offline during cleanup
danbri at danbri.org
Mon Apr 27 13:07:14 CEST 2009
(Cc: list trimmed to foaf-dev only)
On 27/4/09 12:57, Kingsley Idehen wrote:
> Dan Brickley wrote:
>> On 27/4/09 10:18, Ian Davis wrote:
>>> Sorry to hear about the attack on your server. If there's anything I or
>>> Talis can do to help, just let me know.
>>> On Sun, Apr 26, 2009 at 9:23 PM, Dan Brickley <danbri at danbri.org
>>> <mailto:danbri at danbri.org>> wrote:
>>> Thanks everyone for the concern and offers of help. It'll take a few
>>> days to figure out the best way to make the Web side of the project more
>>> helpable. In the meantime http://www.w3.org/TR/xmldsig-core/ is worth
>>> some attention!
>>> With the lessening emphasis on RDF/XML, shouldn't we be looking at
>>> signing the triples. I seem to recall a paper by Jeremy Carroll that
>>> discussed this. Also, now many of us are focussed on bnode-free linked
>>> data the problems of signing are much easier: serialise as ntriples,
>>> sort and sign the result.
>> A lot of the hairyness of xmlsig comes from the transforms. I prefer
>> signing something nice and concrete, whether XML, RDFa or JSON.
>> What % of "linked data" is truly free of bnodes?
> I would safely say re. LOD Cloud somewhere north of 80% :-) And thats
> primary due to the content coming from PingTheSemanticWeb, otherwise I
> would say 90% and higher. The "Linked Data" meme has always encouraged
> URIs for everything.
Even a few bnodes make signing triples a significantly different
project. We'd need 100% or need an algorithm for graph normalisation
like Jeremy's. Simplest thing that does the job is the safest - I'd vote
for signing real documents. Lots of the hairyness of xmlsig comes from
the transforms, I believe.
Another advantage here is that we can do something useful for RDFa
(X)HTML pages at the same time...
Can advocates of signed triples come up with a worked-through scenario
where signing of concrete documents is inadequate?
More information about the foaf-dev