Lists Home |
Date Index |
On Wed, 2004-06-16 at 10:53, Danny Ayers wrote:
> Thomas B. Passin wrote:
> >> How do you identify the source, associate it with the content, and
> >> ensure
> >> that the content hasdn't been modified? The classic way of doing
> >> this is
> >> with digital signatures; anyone in semweb area planning on doing
> >> *anything* in this area?
> > Oh, yes, it is on some people's minds. Signed rdf files would be one
> > possibility, signatures that at least vouch for the supposed issuer of
> > some rdf could fit in, etc., but it's still early days yet.
> Yep, fyi, Edd Dumbill has done a little guide to PGP-signing FOAF
> profiles . Note the caveat:
> Of course, anyone can concoct a fake PGP key with your email address,
> just as they can lie about who was the |dc:creator| of a file. What
> makes the PGP signature useful is that PGP public keys hook into a web
> of trust, so you can decide how much you trust what a person with
> such-and-such a key asserts.
> Signing alone almost certainly isn't the whole solution, but one piece
> in a greater puzzle.
This is very true. If I have a picture annotation that claims to be from
"Fred" that says "This is a picture of the summit of Everest". I have to
1) Who is Fred ?
2) Did this really come from that Fred (and not some person pretending
to be Fred) ?
3) Did someone else modify it in transit ?
4) What authority does Fred have to speak about this picture ?
5) What authority does Fred have to identify pictures of the summit of
Certificates and signing can only really address 1, 2 and 3 and can
really only partially answer 1 in terms of information held by the
I suppose that we could address 4 and 5 with more assertions (e.g. "Fred
is the creator of the picture", "Fred is a member of the UK
Mountaineering Society", "Fred is an expert on snowy wastes" etc.), but
in the general case, it is hard to know what supporting statements can
be used to vouch for the authority behind a statement.
Kal Ahmed <email@example.com>