[foaf-protocols] Disclosing information to a web app from secret parts of our profile

Nathan nathan at webr3.org
Tue May 18 22:00:02 CEST 2010

Story Henry wrote:
> On 18 May 2010, at 20:46, Seth Russell wrote:
>> Even if foaf+ssl is still at the proof of concept stage, i'm troubled that i
>> cannot find where a user is to manage the disclosure of information from a
>> private part of their profile?    Perhaps for my simple spin to win app, i
>> don't really need it.  But i am building an entire customer relationship
>> where, in this modern TiVoed world, one should expect to provide the
>> information for say a billing form, (like
>> http://www.speaktomecatalog.com/billing.php )  only once.   How is that
>> information to be made available from a person's foaf profile in a user
>> friendly, yet secure,  manner?
>>> From a web developer's point of view, will it be quite so easy as ...
>> $foaf = new EasyRdf_Graph($_SESSION['customerIdentity']);
>> $customer = $foaf->primaryTopic();
>> $_SESSION['address']=$customer->get('foaf:address');
>> Then a window would pop up asking the customer whether she will allow the
>> disclosure of this information from her profile.
> Seth, I sketched one answer to such a solution in
>  http://blogs.sun.com/bblfish/entry/sketch_of_a_restful_photo
> You are to imagine going to a photo printing site where you have never been
> before. A relation in your foaf file points the server to a space where you
> can let your server know what photos (any resource will do) to make to the
> Photo printing service (identified also by WebId).
> The information is then returned (via a POST or drag and drop or something)
> to the photo printing service.
> We have not yet had any advanced Access controled foaf to do this. Perhaps 
> I should try it out, using the very simple Apache ACLs we have and see how that would
> work...
> Is there something there you think is fundametally broken? (before I try it out)

If it saves any trouble / work - I'm implementing pretty much everything 
covered as we speak adn will have a full working site of it all by the 
end of the month - everything from foaf management, to splitting parts 
of the profile under different access controlled resources, and many 
other things foaf+ssl needs.

I'm sure it won't be final solutions in each case, but will prove it can 
all be done and be a working real web app & most of the code (PHP 5 OO) 
will be open sourced.



More information about the foaf-protocols mailing list