[foaf-dev] how to declare that foaf+ssl should be used?
henry.story at bblfish.net
Thu Jul 16 19:27:23 CEST 2009
On 16 Jul 2009, at 17:42, Peter Williams wrote:
> what is a suitable means to indicate that one SHOULD use foaf+ssl
> when accessing a given resource?
Not sure there is a NEED for such a thing to be indicated. If the
client requests an SSL endpoint it will be asked for its certificate
at that point.
It may be useful at some point to specify that a resource is
accessible to a specific group only, and the manner of the
authentication. This could help users accessing the site work out if
there is a bug if they cannot access the resource. On the other hand
doing so could reveal a policy decision, that would better be private:
eg: all my friends (except George, because I want to speak to his
So it is possible to do this. But we have not yet got enough example
services to build the right ontology yet.
This would require an Access Control ontology. We could use the one
But I think this still needs to be looked at a bit more carefully.
This is one of the things I would like to look at in more detail.
> we know we can access the PPD associated with an webid using foaf
> +ssl (where resolving the trust chain between the requesting and
> resourcing parties is delegating to sparql graph queries, where the
> self-signed SSL client cert identifies and locates the foaf file of
> the requesting party).
> And, we know that any anchored resource in that foaf file can be
> addressed. For example, a particular membershipClass. But, I need
> to be able to express "by some means" that foaf+ssl MUST be used
> when retrieving that membershipClass graph from the foaf file
> identified by the WebID.
> The method should be general. Not only should it apply to accessing
> anchored graphs from a foaf file, but it should be able to denote
> that foaf+ssl is the required access method for any URI-identified
> resources (for which the guard agent has a foaf file).
One could just create a class:
acl:FoafSslProtected a owl:Class .
Then one could write things like
<secureDoc> a acl:FoafSslProtected .
Perhaps by using the POWDER ontology ( http://www.w3.org/2007/
powder/ ) one could then write this out in one go to cover a lot of
> foaf-dev mailing list
> foaf-dev at lists.foaf-project.org
More information about the foaf-dev