OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

 


 

   Re: [xml-dev] Triplets on the Internet

[ Lists Home | Date Index | Thread Index ]

On Wed, 2004-06-16 at 10:53, Danny Ayers wrote:
> Thomas B. Passin wrote:
> 
> >> How do you identify the source, associate it with the content, and 
> >> ensure
> >> that the content hasdn't been modified?  The classic way of doing 
> >> this is
> >> with digital signatures; anyone in semweb area planning on doing
> >> *anything* in this area?
> >
> >
> > Oh, yes, it is on some people's minds.  Signed rdf files would be one 
> > possibility, signatures that at least vouch for the supposed issuer of 
> > some rdf could fit in, etc., but it's still early days yet.
> >
> 
> Yep, fyi, Edd Dumbill has done a little guide to PGP-signing FOAF 
> profiles [1]. Note the caveat:
> 
> [[
> Of course, anyone can concoct a fake PGP key with your email address, 
> just as they can lie about who was the |dc:creator| of a file. What 
> makes the PGP signature useful is that PGP public keys hook into a web 
> of trust, so you can decide how much you trust what a person with 
> such-and-such a key asserts.
> ]]
> 
> Signing alone almost certainly isn't the whole solution, but one piece 
> in a greater puzzle.
> 

This is very true. If I have a picture annotation that claims to be from
"Fred" that says "This is a picture of the summit of Everest". I have to
know:

1) Who is Fred ?
2) Did this really come from that Fred (and not some person pretending
to be Fred) ?
3) Did someone else modify it in transit ?
4) What authority does Fred have to speak about this picture ?
5) What authority does Fred have to identify pictures of the summit of
Everest ?

Certificates and signing can only really address 1, 2 and 3 and can
really only partially answer 1 in terms of information held by the
certificate authority.

I suppose that we could address 4 and 5 with more assertions (e.g. "Fred
is the creator of the picture", "Fred is a member of the UK
Mountaineering Society", "Fred is an expert on snowy wastes" etc.), but
in the general case, it is hard to know what supporting statements can
be used to vouch for the authority behind a statement.

Cheers,

Kal

-- 
Kal Ahmed <kal@techquila.com>
techquila





 

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS