[foaf-dev] Fwd: Re: [pedantic-web] Pedantic Web Challenge 2011 [Winner = Antoine Zimmermann]

Peter Williams pwilliams at rapattoni.com
Mon Jan 10 17:39:37 CET 2011


In my 2009-era and quite well written model of webids, I attempted to tie "following" to the notion of validity ..of a webid protocol run. One could use any suitable relation for the concept of following.



See http://yorkporc.wordpress.com/2009/12/20/modeling-foafssl/



in the security world, this tying of protocol design to security design is known generally as "audience controls". In the secure messaging world, one commonly sees constructs such as "per-recipient tokens"; that enforce the access control concept limiting access to a shared secret to only “authorized” recipients subject to some policy. In the crypto world (a subset of the security and messaging security world), audience controls are typically applied to engineers to limit access to the full theoretical search space, which if searched can undermine the security semantics of cryptosystems built on ciphers. For example, the design of DES may be susceptible to an analysis of differentials, but only if the attacker is authorized to gain from the recipient an un-authorized (say 2**(large power)) number of cases for analysis.



-----Original Message-----
From: foaf-dev-bounces at lists.foaf-project.org [mailto:foaf-dev-bounces at lists.foaf-project.org] On Behalf Of Sarven Capadisli
Sent: Sunday, January 09, 2011 11:32 AM
To: Toby Inkster
Cc: richard at cyganiak.de; foaf-dev at lists.foaf-project.org; antoine.zimmermann at gmail.com
Subject: Re: [foaf-dev] Fwd: Re: [pedantic-web] Pedantic Web Challenge 2011 [Winner = Antoine Zimmermann]



On Fri, 2011-01-07 at 16:36 +0000, Toby Inkster wrote:

> Richar Cyganiak wrote:

> > First, identi.ca doesn't seem to discourage organizations to have

> > accounts, but foaf:knows assumes that it would only be persons.

> >

> > Second, following someone on identi.ca does not imply “reciprocated

> > interaction” -- there are probably users that are followed by

> > thousands of other users, and it's very unlikely they have

> > interacted with all of them!

>

> The first point is fair criticism.

>

> The second, however, seems to be based on an incorrect assumption that

> if one identi.ca user subscribes to another, identi.ca automatically

> publishes a triple stating that the users foaf:knows each other.

>

> But that's not the case. The foaf:knows triple is only added if *both*

> users are subscribed to each other. This does imply “reciprocated

> interaction” (or at least it does in my view). If you take a look at,

> say, http://identi.ca/tobyink/foaf, you'll see the triple:

>

> </user/36737#acct> sioc:follows </user/39252#acct> .

>

> But nowhere will you find:

>

> </user/36737> foaf:knows </user/39252> .



Let me throw this up in the air:



Unless we acknowledge the act of subscribing/following an interaction, foaf:knows is not necessarily valid there. There is a (temporary) assumption here: either the two parties have interacted previously or they are about to (in which case putting foaf:knows beforehand is not a big deal). Therefore, for statements with foaf:knows to be completely trustable, where they are generated by a script, it would have to be reasoned from elsewhere e.g., see if two parties have replied to one another.



-Sarven



_______________________________________________

foaf-dev mailing list

foaf-dev at lists.foaf-project.org<mailto:foaf-dev at lists.foaf-project.org>

http://lists.foaf-project.org/mailman/listinfo/foaf-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.foaf-project.org/pipermail/foaf-dev/attachments/20110110/7f9189cf/attachment.htm 


More information about the foaf-dev mailing list