[foaf-dev] [foaf-protocols] revisiting FOAF project goals

Peter Williams pwilliams at rapattoni.com
Mon Jun 22 01:36:01 CEST 2009


there is strong evidence that mutual authentication is vitally important - addressing the social phenomenon of phishing for secrets. Impersonation of sites is rife - and SSL (and certs) is evidently not addressing the issue. The inability to detect impersonation is a vulnerability in the core web architecture model, and evidently the "universal browser concept" is as lacking this year on this topic as it was in 1992.

Now, folks are using site (vs browser) mechanisms such as BankOf America's SiteKey scheme - to authenticate the site "visually" and personally. (If you dont see your personal image and caption shown on accessing a site via https, assume its impersonating your trusted website partner. Change your image and caption, periodically, to retain "personal control" of site authentication.).

Given  the above, consider whether "WebID" needs to address more than the Person entity (in a PPD). Perhaps it should also address a WebSite entity (in a WPD)? Then consider whether the locator for a FOAF file needs to address more than a PPD, too.



________________________________________
From: foaf-dev-bounces at lists.foaf-project.org [foaf-dev-bounces at lists.foaf-project.org] On Behalf Of Hailton Sales [hailton.sales at gmail.com]
Sent: Sunday, June 21, 2009 3:38 PM
To: Kingsley Idehen
Cc: foaf-dev at lists.foaf-project.org; foaf-protocols at lists.foaf-project.org
Subject: Re: [foaf-dev] [foaf-protocols] revisiting FOAF project goals

WebID is a very good suggestion.

On 21/06/2009, at 15:16, Kingsley Idehen <kidehen at openlinksw.com> wrote:

> Hailton Sales wrote:
>>> 1) FOAF+SSL [1] which piggy backs off SSL, to allow a client prove
>>> that they own a profile
>>> 2) OpenID ("Your global identifier throughout the web isn't
>>> "happygirl234324" or an email address, or
>>> "bradfitz at identityserver.com", but your FOAF URL" -- Brad
>>> Fitzpatrick
>>> [2] )
>>>
>> I totally agree to that, I would just use "FOAF URI" instead of "FOAF
>> URL" and make an emphatic use of the "buzzword".
>>
> Henry,
>
> Yes, it is "URI", but we need to harmonize language within the
> community so that terminology is consistent when speaking outwards.
>
> Thus, I would suggest:
>
> 1. Web ID or WebID - a HTTP URI that identifies a Person Entity that
> is typically the primary topic of a personal profile document
> 2. Personal FOAF profile document URL - a HTTP URI that identifies
> the location of a document that holds personal profile metadata (an
> RDF document that describes a Person Entity).
>
>
> btw - I don't grok Brad's use of FOAF URL, and I don't think he
> should be quoted since his statements are actually inaccurate :-(
>
> Kingsley
>> On Sat, Jun 20, 2009 at 7:50 AM, Melvin
>> Carvalho<melvincarvalho at gmail.com> wrote:
>>
>>> On Fri, Jun 19, 2009 at 1:59 PM, Dan Brickley<danbri at danbri.org>
>>> wrote:
>>>
>>>> I haven't explicitly written about goals for this project since
>>>> 2000,
>>>> when we called it RDFWeb (and before that RDFWebRing).
>>>>
>>>> That original document is here,
>>>> http://www.foaf-project.org/original-intro (with one major
>>>> change, I put
>>>> the new name everywhere that it used to say RDFWeb).
>>>>
>>>> Here's what the project website said about goals in mid 2000:
>>>>
>>>> """Goals
>>>>
>>>> We want a better way of keeping track of the scattered fragments
>>>> of data
>>>> currently represented in the Web.
>>>>
>>>> We want to be able to find documents in the Web based on their
>>>> properties and inter-relationships; we want to be able to find
>>>> information about people based on their publications, employment
>>>> details, group membership and declared interests. We want to be
>>>> able to
>>>> share annotations, ratings, bookmarks and arbitrary useful data
>>>> fragments using some common infrastructure. We want a Web search
>>>> system
>>>> that's more like a database and less like a lucky dip. We need it
>>>> to be
>>>> be distributed, decentralised, and content-neutral.
>>>>
>>>> FOAF, if successful, should help the Web do the sorts of things
>>>> that are
>>>> currently the proprietary offering of centralised services.
>>>>
>>>> RDF seems to offer a lot of promise in this area. While RDF is
>>>> defined
>>>> in terms of a rather abstract information model, our needs are
>>>> rather
>>>> practical. We want to be able to ask the Web sensible questions and
>>>> common kinds of thing (documents, organisations, people) and get
>>>> back
>>>> sensible results.
>>>>
>>>>    * "Find me today's web page recommendations made by people who
>>>> work
>>>> for Medical organisations".
>>>>    * "Find me recent publications by people I've co-authored
>>>> documents
>>>> with."
>>>>    * "Show me critiques of this web page, and the home pages of the
>>>> author of that critique"
>>>>    * etc...
>>>>
>>>> All this sounds a bit ambitious (and it is), but we think we've a
>>>> reasonable sense of how to build a linked information system with
>>>> these
>>>> capabilities. """
>>>>
>>>>
>>>> As I look at getting a revised statement of goals written, I'd
>>>> love to
>>>> hear more about what folk on the FOAF mailing lists find
>>>> interesting,
>>>> compelling or intriguing. What motivates you to spend time
>>>> working with
>>>> FOAF and RDF and linked data? Why do you care? How did you end up
>>>> on
>>>> this mailing list, or interested in RDF and Semantic Web?
>>>>
>>> Will try and give some answers to this:
>>>
>>> I've followed FOAF on a casual bases for quite some time,
>>> recognising
>>> it as an important technology, due to its open and extensible
>>> nature.
>>>
>>> However, the thing that really got me interested was when I realised
>>> you could use your FOAF profile, as a global identity, just by
>>> adding
>>> a public key to it.  As such, this allows single sign on accross the
>>> whole web.
>>>
>>> FOAF has inspired two important technologies, in this respect:
>>>
>>> 1) FOAF+SSL [1] which piggy backs off SSL, to allow a client prove
>>> that they own a profile
>>> 2) OpenID ("Your global identifier throughout the web isn't
>>> "happygirl234324" or an email address, or
>>> "bradfitz at identityserver.com", but your FOAF URL" -- Brad
>>> Fitzpatrick
>>> [2] )
>>>
>>> Both of which I find interesting, though OpenID seems to have veered
>>> off the original FOAF concept.  I like FOAF+SSL again because if
>>> it's
>>> openness and extensibility, and it also has the advantage of not
>>> requiring a 3rd party Identity Provider, you can authenticate using
>>> your browser alone.
>>>
>>> I find this an attractive model for the web, and this lead to my
>>> interest in the group.
>>>
>>> FOAF appears to be quite "grass roots" which is something I like, so
>>> one of my aims is to add some contributions to the ecosystem.
>>>
>>> I think FOAF is perhaps the sleeping giant of the internet, and may
>>> become the biggest social network.  What interests me is leveraging
>>> the power of machine readable linked data, in conjunction with a
>>> massive network, and building intelligent systems to allow people to
>>> interact, in ways not thought of before.
>>>
>>> Perhaps my only reservation about FOAF is that it can be a bit
>>> overwhelming from the point of view of a beginner.  The amount of
>>> information out there is good quality but it's hard to know where to
>>> start, and which links to follow.  Also there isnt really a book
>>> on it
>>> (though there is a section in practical RDF).  I think perhaps one
>>> of
>>> the goals of FOAF might be to try and make it more accessible to a
>>> wider audience, one idea might be in targetting and organising the
>>> wiki page [3] to be aimed at beginners, while having more advanced
>>> content on the main foaf project site
>>>
>>> Overall, I find the FOAF community to be an amazing group of people,
>>> not only in terms of the intellect and thought put into their
>>> solutions, but also the approachability and helpfulness that seems
>>> ubiquitous.  I've benefitted greatly as a beginner learning about
>>> this
>>> technology over the last year, and so would be keen to make sure I
>>> do
>>> my bit, to help others as well.  Pehaps a longer term goal might
>>> be to
>>> work in the field, or be part of a start up, but I think some more
>>> of
>>> the infrastrcutre needs to be built out before I'd consider that.
>>>
>>> I hope that explains some of my motivations, but above all, I want
>>> to
>>> be around with all this takes off! :)
>>>
>>> [1] http://esw.w3.org/topic/foaf+ssl
>>> [2] http://community.livejournal.com/lj_dev/683939.html
>>> [3] http://en.wikipedia.org/wiki/FOAF_(software)
>>>
>>>> Am interested in any and all responses to this, on-list, or
>>>> offlist,
>>>> blogged or emailed.
>>>>
>>>> Thanks for your thoughts!
>>>>
>>>> cheers,
>>>>
>>>> Dan
>>>> _______________________________________________
>>>> foaf-protocols mailing list
>>>> foaf-protocols at lists.foaf-project.org
>>>> http://lists.foaf-project.org/mailman/listinfo/foaf-protocols
>>>>
>>>>
>>> _______________________________________________
>>> foaf-dev mailing list
>>> foaf-dev at lists.foaf-project.org
>>> http://lists.foaf-project.org/mailman/listinfo/foaf-dev
>>>
>>>
>> _______________________________________________
>> foaf-dev mailing list
>> foaf-dev at lists.foaf-project.org
>> http://lists.foaf-project.org/mailman/listinfo/foaf-dev
>>
>>
>
>
> --
>
>
> Regards,
>
> Kingsley Idehen          Weblog: http://www.openlinksw.com/blog/~kidehen
> President & CEO OpenLink Software     Web: http://www.openlinksw.com
>
>
>
>
_______________________________________________
foaf-dev mailing list
foaf-dev at lists.foaf-project.org
http://lists.foaf-project.org/mailman/listinfo/foaf-dev


More information about the foaf-dev mailing list