[foaf-protocols] web service idea

Toby Inkster mail at tobyinkster.co.uk
Wed Mar 10 16:05:20 CET 2010


I'll call this http://mbox-sha1sum.me/ but perhaps a better name is possible.

I go to http://mbox-sha1sum.me/ and type in my e-mail address (say,
myaddress at example.com). It e-mails me a message containing a link to:

  https://mbox-sha1sum.me/?confirm=myaddress@example.com

I click on the link and use FOAF+SSL to establish my identity (which might
be, say, http://example.com/toby#me). Having established by identity,
mbox-sha1sum.me can confidently publish the following page:

  http://mbox-sha1sum.me/data/47c016f3eea16d58698ba088cef9a953779aeec0

Containing the following triple:

  <http://example.com/toby#me> foaf:mbox_sha1sum
"47c016f3eea16d58698ba088cef9a953779aeec0" .

Reasonably sure that they're not publishing false information.

Now, say I want to use another FOAF+SSL secured service. If they want to
sign me up to their mailing list, then they need to confirm my e-mail
address. They can't just trust the e-mail address they find in my FOAF,
because I could be lying about that, right?

So they take the e-mail address they have for me, SHA1 hash it,
dereference
<http://mbox-sha1sum.me/data/47c016f3eea16d58698ba088cef9a953779aeec0> and
use that as confirmation for my address.

Yay!

Anyone want to develop such a service?

-Toby


More information about the foaf-protocols mailing list