[foaf-dev] [foaf-protocols] FOAF sites offline during cleanup

Dan Brickley danbri at danbri.org
Mon Apr 27 13:07:14 CEST 2009


(Cc: list trimmed to foaf-dev only)

On 27/4/09 12:57, Kingsley Idehen wrote:
> Dan Brickley wrote:
>> On 27/4/09 10:18, Ian Davis wrote:
>>> Dan,
>>>
>>> Sorry to hear about the attack on your server. If there's anything I or
>>> Talis can do to help, just let me know.
>>
>> Thanks!
>>
>>> On Sun, Apr 26, 2009 at 9:23 PM, Dan Brickley <danbri at danbri.org
>>> <mailto:danbri at danbri.org>> wrote:
>>>
>>> Thanks everyone for the concern and offers of help. It'll take a few
>>> days to figure out the best way to make the Web side of the project more
>>> helpable. In the meantime http://www.w3.org/TR/xmldsig-core/ is worth
>>> some attention!
>>>
>>>
>>> With the lessening emphasis on RDF/XML, shouldn't we be looking at
>>> signing the triples. I seem to recall a paper by Jeremy Carroll that
>>> discussed this. Also, now many of us are focussed on bnode-free linked
>>> data the problems of signing are much easier: serialise as ntriples,
>>> sort and sign the result.
>>
>> A lot of the hairyness of xmlsig comes from the transforms. I prefer
>> signing something nice and concrete, whether XML, RDFa or JSON.
>>
>> What % of "linked data" is truly free of bnodes?
> Dan,
>
> I would safely say re. LOD Cloud somewhere north of 80% :-) And thats
> primary due to the content coming from PingTheSemanticWeb, otherwise I
> would say 90% and higher. The "Linked Data" meme has always encouraged
> URIs for everything.

Even a few bnodes make signing triples a significantly different 
project. We'd need 100% or need an algorithm for graph normalisation 
like Jeremy's. Simplest thing that does the job is the safest - I'd vote 
for signing real documents. Lots of the hairyness of xmlsig comes from 
the transforms, I believe.

Another advantage here is that we can do something useful for RDFa 
(X)HTML pages at the same time...

Can advocates of signed triples come up with a worked-through scenario 
where signing of concrete documents is inadequate?

Dan


More information about the foaf-dev mailing list