[foaf-protocols] Standardising the foaf+ssl protocol to launch the Social Web

Kingsley Idehen kidehen at openlinksw.com
Tue Jul 6 20:23:34 CEST 2010 

Bruno Harbulot wrote:
> Hi,
>
> On 06/07/2010 08:51, Melvin Carvalho wrote:
>   
>> On 5 July 2010 20:20, Reto Bachmann-Gmür <me at farewellutopia.com
>> <mailto:me at farewellutopia.com>> wrote:
>>
>>     On Mon, Jul 5, 2010 at 7:52 PM, Nathan <nathan at webr3.org
>>     <mailto:nathan at webr3.org>> wrote:
>>      >
>>      > ps: yes that did include a pitch for Certified WebID rather than
>>     FOAF+SSL!
>>
>>     foaf+ssl is about p2p security. this decentralisation is not only
>>     requirement by w3c design guide lines it also inherently more secure.
>>     As Tyler Close explained several years ago with his httpsy proposal
>>     [1] rather than just pointing to a address on a hierarchical system as
>>     with normal links we should (also) include the public key (or its
>>     hash) in the links.
>>
>>
>> I agree security is a key aspect of FOAF+SSL
>>
>> However, more fundamentally, Linked Data can benefit enormously from an
>> authentication system.  We all know that UGC was one of the bug drivers
>> of the web of documents.  With Secure Webid, you have the "U" part
>> available to the Web of Data.  This is exciting because, it can be a
>> springboard to linked data to a new level.
>>     
>
> I think we need to put this 'security' in perspective. FOAF+SSL (or 
> Secure WebIds) has the potential to offer an increased level of security 
> compared with other similar mechanisms such as OpenID.
> However, with what we've achieved so far (verification by dereferencing, 
> without any 3rd party signing or without any RDF signing), the level of 
> security is more or less the same as that of OpenID: whoever controls 
> the hosting of the URI also controls the identity.
> At least, FOAF+SSL can address this issue using public key cryptography, 
> but that's not something we've done yet. Let's be careful in calling 
> things "secure" without extra qualifiers.
>
> The real benefit from FOAF+SSL so far has been its linked data aspect, 
> not so much its security aspect (although there's an in-built potential 
> for this).
>   

How about the verifiability of identity courtesy of Linked Data tweak.

Security like Privacy is much deeper when social factors come into play. 
This is where policies come into play. Of course, you can't construct 
meaningful data access policies without verifiable identity, courtesy of 
the kind of authentication accorded by the WebID protocol.

Kingsley
>
> Best wishes,
>
> Bruno.
> _______________________________________________
> foaf-protocols mailing list
> foaf-protocols at lists.foaf-project.org
> http://lists.foaf-project.org/mailman/listinfo/foaf-protocols
>
>   


-- 

Regards,

Kingsley Idehen	      
President & CEO 
OpenLink Software     
Web: http://www.openlinksw.com
Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca: kidehen

More information about the foaf-protocols mailing list