Lists Home |
Date Index |
Thomas B. Passin wrote:
>> How do you identify the source, associate it with the content, and
>> that the content hasdn't been modified? The classic way of doing
>> this is
>> with digital signatures; anyone in semweb area planning on doing
>> *anything* in this area?
> Oh, yes, it is on some people's minds. Signed rdf files would be one
> possibility, signatures that at least vouch for the supposed issuer of
> some rdf could fit in, etc., but it's still early days yet.
Yep, fyi, Edd Dumbill has done a little guide to PGP-signing FOAF
profiles . Note the caveat:
Of course, anyone can concoct a fake PGP key with your email address,
just as they can lie about who was the |dc:creator| of a file. What
makes the PGP signature useful is that PGP public keys hook into a web
of trust, so you can decide how much you trust what a person with
such-and-such a key asserts.
Signing alone almost certainly isn't the whole solution, but one piece
in a greater puzzle.