[foaf-protocols] Standardising the foaf+ssl protocol to launch the Social Web
Bruno.Harbulot at manchester.ac.uk
Tue Jul 6 16:24:50 CEST 2010
On 06/07/2010 08:51, Melvin Carvalho wrote:
> On 5 July 2010 20:20, Reto Bachmann-Gmür <me at farewellutopia.com
> <mailto:me at farewellutopia.com>> wrote:
> On Mon, Jul 5, 2010 at 7:52 PM, Nathan <nathan at webr3.org
> <mailto:nathan at webr3.org>> wrote:
> > ps: yes that did include a pitch for Certified WebID rather than
> foaf+ssl is about p2p security. this decentralisation is not only
> requirement by w3c design guide lines it also inherently more secure.
> As Tyler Close explained several years ago with his httpsy proposal
>  rather than just pointing to a address on a hierarchical system as
> with normal links we should (also) include the public key (or its
> hash) in the links.
> I agree security is a key aspect of FOAF+SSL
> However, more fundamentally, Linked Data can benefit enormously from an
> authentication system. We all know that UGC was one of the bug drivers
> of the web of documents. With Secure Webid, you have the "U" part
> available to the Web of Data. This is exciting because, it can be a
> springboard to linked data to a new level.
I think we need to put this 'security' in perspective. FOAF+SSL (or
Secure WebIds) has the potential to offer an increased level of security
compared with other similar mechanisms such as OpenID.
However, with what we've achieved so far (verification by dereferencing,
without any 3rd party signing or without any RDF signing), the level of
security is more or less the same as that of OpenID: whoever controls
the hosting of the URI also controls the identity.
At least, FOAF+SSL can address this issue using public key cryptography,
but that's not something we've done yet. Let's be careful in calling
things "secure" without extra qualifiers.
The real benefit from FOAF+SSL so far has been its linked data aspect,
not so much its security aspect (although there's an in-built potential
More information about the foaf-protocols