OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   RE: [xml-dev] Triplets on the Internet

[ Lists Home | Date Index | Thread Index ]

> So, what's the security model for using RDF over the public Internet?

Well, it's hard to answer that without deciding which architecture to
target.  First, RDF is not very useful without a storage and query
infrastructure.  This implies you need some data access mechanism.  Jena
supports a few different models:
* GET/PUT of blobs, via URIs mapped to RDF collections
* RDF Query Language passed via POST on URIs, or via Web Services

These two architectures (REST and WS) imply their own security models.

However, I personally think it would be premature to latch onto either
REST or WS as an architecture, or onto a security model, at this point.
I think publish/subscribe is just as likely a winning architectural
model for semantic web.  For example, a model like NNTP (or RSS, or
bittorrent) could be really useful for sharing RDF with others.  I think
REST is actually wrong for semantic web, but that's for a different day.

Also, I think the philosophy of semantic web is exactly like WWW, in
that you do not publish something "on the web" unless you want everyone
to read it.  If you want to share assertions about things within a
closed and controlled domain, there are plenty of options besides RDF;
RDF is for when you want to make assertions that could be read by

On the other hand, there are certainly cases where you want to control
who gets to read your assertions, whether they can pass them on to
others, and so on.  The simplest example is contact info.  If someone
gives you their contact info, there is probably a big chunk of that info
that they do not want you to be giving out to others.  And OTOH there
may be parts they do not mind if you share.  So things could get very
complicated if you try to support every scenario that lets people
control their information.  You could lock things down through ACLs on
APIs, or through PKI, or who knows what else.  Maybe it is best (at
least for the early applications) to only focus on data that is meant to
be global.  That seemed to work pretty well for the web...


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS