[foaf-dev] keeping "knows" and "trusts" separate (was Re: [foaf-protocols] WebFinger)

Story Henry henry.story at bblfish.net
Wed Aug 19 12:14:13 CEST 2009 

On 19 Aug 2009, at 09:49, Dan Brickley wrote:

> On 19/08/2009 02:26, Melvin Carvalho wrote:
>
>> What about if you use SWSE / VisiNav (
>> http://sw.deri.org/2009/01/visinav/faq.html ) rather than Sindice, to
>> seed your profile algorithm?
>>
>> Sindice is a general purpose crawler, however SWSE starts with  
>> TimBL's
>> FOAF, and crawls out using foaf:knows, thereby giving you at least
>> some trace of accountability.
>>
>> "The dataset is automatically collected from the Web -- a RDF crawl
>> six degrees from Tim Berners-Lee's FOAF file."
>>
>> Not a perfect trust metric, but maybe something relatively high?
>
> FOAF has "knows" rather than "friend", in part because we wanted to  
> make
> it low cost, low risk to express such a link. On a lot of sites that
> used "friend", it caused people a fair bit of angst, wondering if
> someone really counted, versus merely being a contact. There is no
> implied endorsement, beyond being a member of the community of humans,
> from being linked by "knows". Other constructs (eg. co-authorship,
> family tree) can provide more information about the strength of
> inter-personal relationships, but even these don't allow trust in one
> party to be computed based on trust of others they're related to;
> nevermind generalising this to multiple hops.

Even friendship, even close friendship, is not an absolute guarantee.  
Just think of Caesar and his trusted friend Brutus. The quote "God  
save me from my friends. I can protect myself from my enemies" says it  
all. As with knowledge, there just are no absolute in security. The  
skeptical position can always find a place to take hold.

So we should not be looking for absolute security. What the foaf knows  
graph can help us with is to reduce the anonymity of those connecting,  
which sometimes is a good thing. It at least gives one a contact  
person to talk to if something goes awry.

Foaf does not just permit foaf:knows. It also allows foaf:Group which  
is in the end what is needed for foaf+ssl access control. However you  
decide to put together the Group you allow access to a resource is up  
to you. So you could create the group of your classmates for a  
particular year, or the group of members of this mailing list, or the  
group of a political party,... The examples are endless. Membership of  
a group is always the first step to being giving access rights. It is  
a minimal initial step. The point is that it is always later possible  
to remove someone from a group if they don't fit the groups criteria  
of participation.

>
> For example - I've met Miguel de Icaza (I went to visit him at  
> Novell a
> few years ago). Miguel has met the journalist Robert Fisk (recorded in
> http://tirania.org/blog/archive/2005/Mar-18.html). Robert Fisk in turn
> has met and interviewed Osama Bin Laden (eg. evidenced in
> http://www.independent.co.uk/opinion/commentators/fisk/robert-fisk-on-bin-laden-at-50-438729.html) 
> .
> What does this chain of contacts tell you about my views on OBL or
> Robert Fisk? Pretty much nothing. Nor does it tell you Miguel's view  
> of
> them, or Fisk's of OBL.

yes, the further you traverse the chain, the more you are going to end  
up with all of humanity, which is well just as trustworthy as man in  
general is. If we had a war with Aliens, this could still be useful. :-)

>
> Or the co-depiction chain in http://rdfweb.org/2002/01/photo/ that  
> links
> me through a chain of photographic evidence through TimBL, Bill  
> Clinton,
> JFK to Frank Sinatra.
>
> Creating nice six-degrees-of-separation links is quite easy once  
> you've
> got a few highly connected and well known people in the graph. But it
> doesn't tell you much about trust directly, only about the general
> interconnectedness of all things.
>
> All that aside, the main reason I discourage this sort of reasoning  
> (re
> "knows" and trust) is that I see social value in strengthening the
> communicative connections between people who don't have a natural
> affinity or even trust:
>
> If we build computer systems that are structured to assume that people
> who know each other trust each other, we risk building a social system
> in which those who don't know each other, don't trust each other. Ok
> that's a bit melodramatic, but what I mean is we need systems that  
> allow
> people to associate with those that they don't (yet) trust...
>
> Re "trace of accountability", there is something to be explored there
> for sure. I recently stumbled on this old-ish piece by Robert X  
> Cringley
> - http://www.pbs.org/cringely/pulpit/2003/pulpit_20031009_000788.html
> ("I'm With Stupid: How Having Friends Might Be the Key to Both Privacy
> and Identity"):
>
> 	"[...] My system is based on a registry of friends because we all
> participate in virtual tribes that are geographically dispersed. Every
> person who wants to have credit, to make a big purchase, or to board a
> 747 has to have a list of 10 friends -- people who can vouch for their
> identity and know how to test it if needed. That takes us out of the
> realm of the mother's maiden name, replacing it with, "What was the
> nickname I called you in the fourth grade?"
>
> 	I am Bob, and these are my 10 friends.
>
> 	They don't even have to be friends -- just people who know you. You
> don't have to tell them they are on your list and you can change your
> list as often as you like."

yes, this would be something of a vouching-for group. One would need  
to establish a game with some rules  which could give some advantages  
to the people vouching for others. Presumably this would in some way  
give them access to something valuable, that they could not access  
otherwise. ... Something to think about.


> If FOAF profiles optionally included a list of such privileged friends
> who did commit to vouch for real-world identity (or perhaps other
> attributes), that might be a much stronger grounding for reasoning  
> about
> trust and suchlike....




> cheers,
>
> Dan
>
>
>
>
>
> _______________________________________________
> foaf-dev mailing list
> foaf-dev at lists.foaf-project.org
> http://lists.foaf-project.org/mailman/listinfo/foaf-dev

More information about the foaf-dev mailing list