[OpenID] cryptographics web of trust

Peter Williams pwilliams at rapattoni.com
Sat Aug 11 05:56:56 UTC 2007 

See below: 
 
I (counter) signed your entire file, using XML-DSIG (with SAML-defined security semantics, as signaled).  
 
I treated the FOAF file as a string-form of a (rather long) name, which bears its naming architcture, its naming contexts, its naming schema, its naming relationships, and its new name protections.
 
If one treats the FOAF file as a text stream, I dont see why one cannot similarly encode and then sign the N3 form. The XML form of the RDF seems to be adding little.

 
________________________________

From: general-bounces at openid.net on behalf of Story Henry
Sent: Fri 8/10/2007 7:11 AM
To: Steven Livingstone
Cc: foaf-dev; OpenID General
Subject: Re: [OpenID] cryptographics web of trust



Thanks for the feedback. I have extended the blog post to describe 
how one can link up to other people's public keys, sign their public 
keys, and how one can sign parts of one's foaf file, using Dan 
Brickley's and Tim Berners' Lee as examples.

This develops a very powerful web of trust.

http://blogs.sun.com/bblfish/entry/cryptographic_web_of_trust

Henry


On 9 Aug 2007, at 20:15, Steven Livingstone wrote:

> Very cool.
>
> I did some work in encrypting FOAF files a few years back (well, 
> hacked something together in a few hours).
> http://www.ecademy.com/node.php?id=4568
>
> I checked and it is still there:
> http://livz.org/encrypt/PrivateFoaf.aspx
>
> With the FOAF URL :
> http://www.ecademy.com/module.php?mod=network&op=foafrdf&uid=21584
> and searching for the name "Robert Sullivan" and a password 
> "steven", you get my decrypted FOAF file.
>
> The limiting part of it all (to make it really easy) was the fact 
> you needed an identity "Robert Sullivan" and a shared secret  
> "steven" - this is why OpenID is so powerful. With an authenticated 
> OpenID, you would be able to decrypt the FOAF file automatically.
>
> I figured at the time that some online identity (which didn't 
> really exist) could easily be mapped to a corresponding public key, 
> allowing you to encrypt parts of your FOAF files (or any other 
> file) for specific users.
>
> I hadn't spent too much time on it but i'd sure like to see it move 
> forward in some way.
>
> I know there has been other work put into this stuff as well:
> http://usefulinc.com/foaf/encryptingFoafFiles
>
> steven
> http://livz.org <http://livz.org/> 
>
>
> > To: general at openid.net; foaf-dev at lists.foaf-project.org
> > From: henry.story at bblfish.net
> > Date: Thu, 9 Aug 2007 18:31:57 +0200
> > Subject: [OpenID] cryptographics web of trust
> >
> > Hi, following some of the conversations I had on the openid 
> forums, I
> > have read up about web security and used that new gained 
> knowledge to
> > enhance my foaf file with a link to my public PGP key and used that
> > to sign my foaf file. Using this it is easy to see how one can 
> create
> > a semantic cryptographic web of trust.
> >
> > http://blogs.sun.com/bblfish/entry/cryptographic_web_of_trust
> >
> > There is a lot more to add for sure, but this is a good starting
> > point. Great fun too.
> >
> > Henry Story
> > _______________________________________________
> > general mailing list
> > general at openid.net
> > http://openid.net/mailman/listinfo/general
>
>
> See what you're getting into...before you go there See it!

_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general


 

<samlp:Response Destination="http://localhost:9030/sp/ACS.saml2" InResponseTo="_KrYhdmh3KExWfP5o0CAs7C9mfi" IssueInstant="2007-08-11T05:45:26.614Z" ID="_JbuqXO6H-BQIoeYwpd0NIE88d6" Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://www.acmemls.com/request-auth.jsp</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#_JbuqXO6H-BQIoeYwpd0NIE88d6">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>TOs5pUtgy8p2wiQjXJuRfxa2224=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
ctUDU/+NwF7GwNPlGa184G8a5BfnIi1Nmzp8uKCZ93T8gDJVKRBbJDzhhnZ8EF2Y9G+PpPvIWW7b
Oq/wmW8iYg==
</ds:SignatureValue>
</ds:Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:Assertion Version="2.0" IssueInstant="2007-08-11T05:45:26.786Z" ID="eK2qsvd9xzsmzN7Z_V8sb08fqO-" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><saml:Issuer>http://www.acmemls.com/request-auth.jsp</saml:Issuer><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">%0d%0a%3c!--+Processed+by+Id%3a+cwm.py%2cv+1.194+2007-08-06+16%3a13%3a56+syosi+Exp+--%3e%0d%0a%3c!--+++++using+base+file%3a%2f%2f%2fUsers%2fhjs%2fDocuments%2fcard%2fcard.n3--%3e%0d%0a%0d%0a%0d%0a%3crdf%3aRDF+xmlns%3d%22http%3a%2f%2fxmlns.com%2ffoaf%2f0.1%2f%22%0d%0a++++xmlns%3aawol%3d%22http%3a%2f%2fbblfish.net%2fwork%2fatom-owl%2f2006-06-06%2f%23%22%0d%0a++++xmlns%3acontact%3d%22http%3a%2f%2fwww.w3.org%2f2000%2f10%2fswap%2fpim%2fcontact%23%22%0d%0a++++xmlns%3afoaf%3d%22http%3a%2f%2fxmlns.com%2ffoaf%2f0.1%2f%22%0d%0a++++xmlns%3ageo%3d%22http%3a%2f%2fwww.w3.org%2f2003%2f01%2fgeo%2fwgs84_pos%23%22%0d%0a++++xmlns%3aiana%3d%22http%3a%2f%2fwww.iana.org%2fassignments%2frelation%2f%22%0d%0a++++xmlns%3ardf%3d%22http%3a%2f%2fwww.w3.org%2f1999%2f02%2f22-rdf-syntax-ns%23%22%0d%0a++++xmlns%3ardfs%3d%22http%3a%2f%2fwww.w3.org%2f2000%2f01%2frdf-schema%23%22%0d%0a++++xmlns%3awot%3d%22http%3a%2f%2fxmlns.com%2fwot%2f0.1%2f%22%3e%0d%0a%0d%0a++++%3cPersonalProfileDocument+rdf%3aabout%3d%22http%3a%2f%2fbblfish.net%2fpeople%2fhenry%2fcard%22%3e%0d%0a++++++++%3ciana%3aalternate+rdf%3aresource%3d%22http%3a%2f%2fbblfish.net%2fpeople%2fhenry%2fcard.n3%22%2f%3e%0d%0a++++++++%3ciana%3aalternate+rdf%3aresource%3d%22http%3a%2f%2fbblfish.net%2fpeople%2fhenry%2fcard.rdf%22%2f%3e%0d%0a++++++++%3cmaker+rdf%3aresource%3d%22http%3a%2f%2fbblfish.net%2fpeople%2fhenry%2fcard%23me%22%2f%3e%0d%0a++++++++%3cprimaryTopic+rdf%3aresource%3d%22http%3a%2f%2fbblfish.net%2fpeople%2fhenry%2fcard%23me%22%2f%3e%0d%0a++++++++%3ctitle%3eHenry+Story's+FOAF+file%3c%2ftitle%3e%0d%0a++++%3c%2fPersonalProfileDocument%3e%0d%0a%0d%0a++++%3cPerson+rdf%3aabout%3d%22http%3a%2f%2fbblfish.net%2fpeople%2fhenry%2fcard%23me%22%3e%0d%0a++++++++%3ccontact%3ahome+rdf%3aparseType%3d%22Resource%22%3e%0d%0a++++++++++++%3ccontact%3aaddress+rdf%3aparseType%3d%22Resource%22%3e%0d%0a++++++++++++++++%3ccontact%3acity%3eFontainebleau%3c%2fcontact%3acity%3e%0d%0a++++++++++++++++%3ccontact%3acountry%3eFrance%3c%2fcontact%3acountry%3e%0d%0a++++++++++++++++%3ccontact%3apostalCode%3e77300%3c%2fcontact%3apostalCode%3e%0d%0a++++++++++++++++%3ccontact%3astreet%3e21+rue+Saint+Honore%3c%2fcontact%3astreet%3e%0d%0a++++++++++++%3c%2fcontact%3aaddress%3e%0d%0a++++++++++++%3cgeo%3alat%3e48.404532%3c%2fgeo%3alat%3e%0d%0a++++++++++++%3cgeo%3along%3e2.700448%3c%2fgeo%3along%3e%0d%0a++++++++%3c%2fcontact%3ahome%3e%0d%0a++++++++%3caimChatID%3eunbabelfish%3c%2faimChatID%3e%0d%0a++++++++%3cbirthday%3e07-29%3c%2fbirthday%3e%0d%0a++++++++%3ccurrentProject+rdf%3aresource%3d%22http%3a%2f%2fbblfish.net%2fwork%2fatom-owl%2f2006-06-06%2f%22%2f%3e%0d%0a++++++++%3ccurrentProject+rdf%3aresource%3d%22https%3a%2f%2fbloged.dev.java.net%2f%22%2f%3e%0d%0a++++++++%3ccurrentProject+rdf%3aresource%3d%22https%3a%2f%2fsommer.dev.java.net%2f%22%2f%3e%0d%0a++++++++%3cdepiction+rdf%3aresource%3d%22http%3a%2f%2ffarm1.static.flickr.com%2f164%2f373663745_1801c2dddf.jpg%3fv%3d0%22%2f%3e%0d%0a++++++++%3cfamily_name%3eStory%3c%2ffamily_name%3e%0d%0a++++++++%3cgender%3emale%3c%2fgender%3e%0d%0a++++++++%3cgivenname%3eHenry%3c%2fgivenname%3e%0d%0a++++++++%3chomepage+rdf%3aresource%3d%22http%3a%2f%2fbblfish.net%2f%22%2f%3e%0d%0a++++++++%3cknows+rdf%3aresource%3d%22http%3a%2f%2fdanbri.org%2ffoaf.rdf%23danbri%22%2f%3e%0d%0a++++++++%3cknows+rdf%3aresource%3d%22http%3a%2f%2fdavelevy.info%2ffoaf.rdf%23me%22%2f%3e%0d%0a++++++++%3cknows+rdf%3aresource%3d%22http%3a%2f%2fpurl.org%2fcaptsolo%2fsemweb%2ffoaf-captsolo.rdf%23Uldis_Bojars%22%2f%3e%0d%0a++++++++%3cknows+rdf%3aresource%3d%22http%3a%2f%2ftorrez.us%2fwho%23elias%22%2f%3e%0d%0a++++++++%3cknows+rdf%3aresource%3d%22http%3a%2f%2fweb.mac.com%2fthegearons%2fpeople%2fPaulGearon%2ffoaf.rdf%23me%22%2f%3e%0d%0a++++++++%3cknows+rdf%3aresource%3d%22http%3a%2f%2fwww.w3.org%2fPeople%2fBerners-Lee%2fcard%23i%22%2f%3e%0d%0a++++++++%3cknows+rdf%3aresource%3d%22http%3a%2f%2fwww.w3.org%2fPeople%2fConnolly%2f%23me%22%2f%3e%0d%0a++++++++%3cknows+rdf%3aparseType%3d%22Resource%22%3e%0d%0a++++++++++++%3crdf%3atype+rdf%3aresource%3d%22http%3a%2f%2fxmlns.com%2ffoaf%2f0.1%2fPerson%22%2f%3e%0d%0a++++++++++++%3crdfs%3aseeAlso+rdf%3aresource%3d%22http%3a%2f%2fwww.webmink.net%2ffoaf.rdf%22%2f%3e%0d%0a++++++++++++%3cmbox_sha1sum%3eee513cd82fea84825b803a44228fd9b765baf6d5%3c%2fmbox_sha1sum%3e%0d%0a++++++++++++%3cname%3eSimon+Phipps%3c%2fname%3e%0d%0a++++++++%3c%2fknows%3e%0d%0a++++++++%3cknows+rdf%3aparseType%3d%22Resource%22%3e%0d%0a++++++++++++%3crdf%3atype+rdf%3aresource%3d%22http%3a%2f%2fxmlns.com%2ffoaf%2f0.1%2fPerson%22%2f%3e%0d%0a++++++++++++%3crdfs%3aseeAlso+rdf%3aresource%3d%22http%3a%2f%2fdannyayers.com%2fme.rdf%22%2f%3e%0d%0a++++++++++++%3cname%3eDanny+Ayers%3c%2fname%3e%0d%0a++++++++%3c%2fknows%3e%0d%0a++++++++%3clogo+rdf%3aresource%3d%22%2fpix%2fbfish.large.jpg%22%2f%3e%0d%0a++++++++%3cmbox+rdf%3aresource%3d%22mailto%3ahenry.story%40bblfish.net%22%2f%3e%0d%0a++++++++%3cmbox+rdf%3aresource%3d%22mailto%3ahenry.story%40gmail.com%22%2f%3e%0d%0a++++++++%3cmbox+rdf%3aresource%3d%22mailto%3ahenry.story%40sun.com%22%2f%3e%0d%0a++++++++%3cname%3eHenry+J.+Story%3c%2fname%3e%0d%0a++++++++%3cnick%3ebblfish%3c%2fnick%3e%0d%0a++++++++%3copenid+rdf%3aresource%3d%22http%3a%2f%2fbblfish.videntity.org%2f%22%2f%3e%0d%0a++++++++%3copenid+rdf%3aresource%3d%22http%3a%2f%2fopenid.sun.com%2fbblfish%22%2f%3e%0d%0a++++++++%3cpastProject+rdf%3aresource%3d%22http%3a%2f%2fbabelfish.altavista.com%2f%22%2f%3e%0d%0a++++++++%3cphone+rdf%3aresource%3d%22tel%3a%2b1-510-931-5491%22%2f%3e%0d%0a++++++++%3cphone+rdf%3aresource%3d%22tel%3a%2b33-8-70-44-86-64%22%2f%3e%0d%0a++++++++%3cschoolHomepage+rdf%3aresource%3d%22http%3a%2f%2fwww.bbk.ac.uk%2fphil%2f%22%2f%3e%0d%0a++++++++%3cschoolHomepage+rdf%3aresource%3d%22http%3a%2f%2fwww.doc.ic.ac.uk%2f%22%2f%3e%0d%0a++++++++%3cschoolHomepage+rdf%3aresource%3d%22http%3a%2f%2fwww.kcl.ac.uk%2fkis%2fschools%2fhums%2fphilosophy%2f%22%2f%3e%0d%0a++++++++%3ctitle%3eMr%3c%2ftitle%3e%0d%0a++++++++%3cweblog+rdf%3aresource%3d%22http%3a%2f%2fbblfish.net%2fblog%2f%22%2f%3e%0d%0a++++++++%3cweblog+rdf%3aresource%3d%22http%3a%2f%2fblogs.sun.com%2fbblfish%2f%22%2f%3e%0d%0a++++++++%3cweblog+rdf%3aresource%3d%22http%3a%2f%2fdel.icio.us%2fbblfish%22%2f%3e%0d%0a++++++++%3cworkplaceHomepage+rdf%3aresource%3d%22http%3a%2f%2fsun.com%22%2f%3e%0d%0a++++%3c%2fPerson%3e%0d%0a%0d%0a++++%3crdf%3aDescription+rdf%3aabout%3d%22http%3a%2f%2fbblfish.net%2fpeople%2fhenry%2fcard.n3%22%3e%0d%0a++++++++%3cawol%3atype%3etext%2frdf%2bn3%3c%2fawol%3atype%3e%0d%0a++++++++%3cwot%3aassurance+rdf%3aresource%3d%22http%3a%2f%2fbblfish.net%2fpeople%2fhenry%2fcard.n3.asc%22%2f%3e%0d%0a++++%3c%2frdf%3aDescription%3e%0d%0a%0d%0a++++%3crdf%3aDescription+rdf%3aabout%3d%22http%3a%2f%2fbblfish.net%2fpeople%2fhenry%2fcard.rdf%22%3e%0d%0a++++++++%3cawol%3atype%3eapplication%2frdf%2bxml%3c%2fawol%3atype%3e%0d%0a++++++++%3cwot%3aassurance+rdf%3aresource%3d%22http%3a%2f%2fbblfish.net%2fpeople%2fhenry%2fcard.rdf.asc%22%2f%3e%0d%0a++++%3c%2frdf%3aDescription%3e%0d%0a%0d%0a++++%3crdf%3aDescription+rdf%3aabout%3d%22http%3a%2f%2fdanbri.org%2fdanbri-pubkey.txt%22%3e%0d%0a++++++++%3cwot%3aassurance+rdf%3aresource%3d%22danbri.pubkey.asc.asc%22%2f%3e%0d%0a++++%3c%2frdf%3aDescription%3e%0d%0a%0d%0a++++%3cPerson+rdf%3aabout%3d%22http%3a%2f%2fdanbri.org%2ffoaf.rdf%23danbri%22%3e%0d%0a++++++++%3cname%3eDan+Brickley%3c%2fname%3e%0d%0a++++%3c%2fPerson%3e%0d%0a%0d%0a++++%3cPerson+rdf%3aabout%3d%22http%3a%2f%2fdavelevy.info%2ffoaf.rdf%23me%22%3e%0d%0a++++++++%3cname%3eDave+Levy%3c%2fname%3e%0d%0a++++%3c%2fPerson%3e%0d%0a%0d%0a++++%3cPerson+rdf%3aabout%3d%22http%3a%2f%2fpurl.org%2fcaptsolo%2fsemweb%2ffoaf-captsolo.rdf%23Uldis_Bojars%22%3e%0d%0a++++++++%3cname%3eUldis+Bojars%3c%2fname%3e%0d%0a++++%3c%2fPerson%3e%0d%0a%0d%0a++++%3cPerson+rdf%3aabout%3d%22http%3a%2f%2ftorrez.us%2fwho%23elias%22%3e%0d%0a++++++++%3cname%3eElias+Torres%3c%2fname%3e%0d%0a++++%3c%2fPerson%3e%0d%0a%0d%0a++++%3cPerson+rdf%3aabout%3d%22http%3a%2f%2fweb.mac.com%2fthegearons%2fpeople%2fPaulGearon%2ffoaf.rdf%23me%22%3e%0d%0a++++++++%3cname%3ePaul+Gearon%3c%2fname%3e%0d%0a++++%3c%2fPerson%3e%0d%0a%0d%0a++++%3cPerson+rdf%3aabout%3d%22http%3a%2f%2fwww.w3.org%2fPeople%2fBerners-Lee%2fcard%23i%22%3e%0d%0a++++++++%3cname%3eTim+Berners+Lee%3c%2fname%3e%0d%0a++++%3c%2fPerson%3e%0d%0a%0d%0a++++%3cPerson+rdf%3aabout%3d%22http%3a%2f%2fwww.w3.org%2fPeople%2fConnolly%2f%23me%22%3e%0d%0a++++++++%3cname%3eDan+Connolly%3c%2fname%3e%0d%0a++++%3c%2fPerson%3e%0d%0a%0d%0a++++%3crdf%3aDescription%3e%0d%0a++++++++%3crdf%3atype+rdf%3aresource%3d%22http%3a%2f%2fxmlns.com%2fwot%2f0.1%2fPubKey%22%2f%3e%0d%0a++++++++%3cwot%3afingerprint%3eE5C6CDCC5C1401B6EB2BC5EAED0BF9DBC7DEAB05%3c%2fwot%3afingerprint%3e%0d%0a++++++++%3cwot%3ahex_id%3eC7DEAB05%3c%2fwot%3ahex_id%3e%0d%0a++++++++%3cwot%3aidentity+rdf%3aresource%3d%22http%3a%2f%2fbblfish.net%2fpeople%2fhenry%2fcard%23me%22%2f%3e%0d%0a++++++++%3cwot%3alength+rdf%3adatatype%3d%22http%3a%2f%2fwww.w3.org%2f2001%2fXMLSchema%23integer%22%3e1024%3c%2fwot%3alength%3e%0d%0a++++++++%3cwot%3apubkeyAddress+rdf%3aresource%3d%22http%3a%2f%2fbblfish.net%2fpeople%2fhenry%2fhenry.pubkey.asc%22%2f%3e%0d%0a++++%3c%2frdf%3aDescription%3e%0d%0a%0d%0a++++%3crdf%3aDescription%3e%0d%0a++++++++%3crdf%3atype+rdf%3aresource%3d%22http%3a%2f%2fxmlns.com%2fwot%2f0.1%2fPubkey%22%2f%3e%0d%0a++++++++%3cwot%3ahex_id%3e9FC3D57E%3c%2fwot%3ahex_id%3e%0d%0a++++++++%3cwot%3aidentity+rdf%3aresource%3d%22http%3a%2f%2fwww.w3.org%2fPeople%2fBerners-Lee%2fcard%23i%22%2f%3e%0d%0a++++++++%3cwot%3apubkeyAddress+rdf%3aresource%3d%22timbl.pubkey.asc%22%2f%3e%0d%0a++++%3c%2frdf%3aDescription%3e%0d%0a%0d%0a++++%3crdf%3aDescription%3e%0d%0a++++++++%3crdf%3atype+rdf%3aresource%3d%22http%3a%2f%2fxmlns.com%2fwot%2f0.1%2fPubKey%22%2f%3e%0d%0a++++++++%3cwot%3ahex_id%3eB573B63A%3c%2fwot%3ahex_id%3e%0d%0a++++++++%3cwot%3aidentity+rdf%3aresource%3d%22http%3a%2f%2fdanbri.org%2ffoaf.rdf%23danbri%22%2f%3e%0d%0a++++++++%3cwot%3apubkeyAddress+rdf%3aresource%3d%22http%3a%2f%2fdanbri.org%2fdanbri-pubkey.txt%22%2f%3e%0d%0a++++%3c%2frdf%3aDescription%3e%0d%0a%3c%2frdf%3aRDF%3e</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData InResponseTo="_KrYhdmh3KExWfP5o0CAs7C9mfi" NotOnOrAfter="2007-08-11T05:50:26.833Z" Recipient="http://localhost:9030/sp/ACS.saml2"/></saml:SubjectConfirmation></saml:Subject><saml:Conditions <http://localhost:9030/sp/ACS.saml2%22/%3E%3C/saml:SubjectConfirmation%3E%3C/saml:Subject%3E%3Csaml:Conditions>  NotOnOrAfter="2007-08-11T05:50:26.817Z" NotBefore="2007-08-11T05:40:26.817Z"><saml:AudienceRestriction><saml:Audience>http://www.acmemls.com/request-auth.jsp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2007-08-11T05:45:26.770Z" SessionIndex="eK2qsvd9xzsmzN7Z_V8sb08fqO-"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement></saml:Assertion></samlp:Response>

More information about the general mailing list