[foaf-dev] how to declare that foaf+ssl should be used?

Story Henry henry.story at bblfish.net
Thu Jul 16 19:27:23 CEST 2009 

On 16 Jul 2009, at 17:42, Peter Williams wrote:

> what is a suitable means to indicate that one SHOULD use foaf+ssl  
> when accessing a given resource?

Not sure there is a NEED for such a thing to be indicated. If the  
client requests an SSL endpoint it will be asked for its certificate  
at that point.

It may be useful at some point to specify that a resource is  
accessible to a specific group only, and the manner of the  
authentication. This could help users accessing the site work out if  
there is a bug if they cannot access the resource. On the other hand  
doing so could reveal a policy decision, that would better be private:  
eg: all my friends (except George, because I want to speak to his  
girlfriend)

So it is possible to do this. But we have not yet got enough example  
services to build the right ontology yet.

This would require an Access Control ontology. We could use the one  
here:
http://esw.w3.org/topic/WebAccessControl

But I think this still needs to be looked at a bit more carefully.  
This is one of the things I would like to look at in more detail.

> we know we can access the PPD associated with an webid using foaf 
> +ssl (where resolving the trust chain between the requesting and  
> resourcing parties is delegating to sparql graph queries, where the  
> self-signed SSL client cert identifies and locates the foaf file of  
> the requesting party).
>
> And, we know that any anchored resource in that foaf file can be  
> addressed. For example,  a particular membershipClass. But, I need  
> to be able to express "by some means" that foaf+ssl MUST be used  
> when retrieving that membershipClass graph from the foaf file  
> identified by the WebID.
>
> The method should be general. Not only should it apply to accessing  
> anchored graphs from a foaf file, but it should be able to denote  
> that foaf+ssl is the required access method for any URI-identified  
> resources (for which the guard agent has a foaf file).

One could just create a class:

   acl:FoafSslProtected a owl:Class .

Then one could write things like

   <secureDoc> a acl:FoafSslProtected .

Perhaps by using the POWDER ontology ( http://www.w3.org/2007/ 
powder/ ) one could then write this out in one go to cover a lot of  
resources.




> _______________________________________________
> foaf-dev mailing list
> foaf-dev at lists.foaf-project.org
> http://lists.foaf-project.org/mailman/listinfo/foaf-dev

More information about the foaf-dev mailing list