[OpenID] cryptographics web of trust

Story Henry henry.story at bblfish.net
Fri Aug 17 16:34:37 UTC 2007 

On 17 Aug 2007, at 17:12, Peter Williams wrote:

> 5 line memo:
>
> Used the method from your blog to sign FOAF files and include the  
> wot relations.

Have you placed it somewhere?
I describe how to set things up with Apache here:
http://blogs.sun.com/bblfish/entry/i_have_a_foaf_file


> Now, I want my OpenID-Consumer robot to merge a signed/wot FOAF  
> file that it _pulls_ ...with its own FOAF file (and its wot).

What kind of robot would this be? Something like Baetnik
http://blogs.sun.com/bblfish/entry/beatnik_change_your_mind

That article explains some of the complexities in writing an Address  
Book that both can keep track of where it gets information, merge it,  
and undo those merges later if need be. It helps to have a database  
that has the notion of "named graphs".

> Do you know of some SPARQL or other query set...that can answer:  
> "Can the robot verify the signature of the inbound FOAF file, once  
> the 2 wots are merged?"

If you don't keep a byte by byte copy of your foaf file it will be  
difficult to verify that the signature is correct, since the  
signature I am using currently is on the byte stream. Now I can see  
your problem with this, since to read the foaf file one has to first  
deserialise it, then find the contents, see that it was in fact  
signed, and poof, by then one may have discarded the byte stream.

I can now see the point of  Jeremy Caroll's algorithm for encrypting  
named graphs
http://www.hpl.hp.com/techreports/2003/HPL-2003-142.html

My guess is that it would not be so difficult to write a little  
library that could implement that algorithm.


> Is there an existing worked example of this, or a similar query set  
> I can use to merge two classical FOAF relationship-chains?

If you have named graphs you can use the SPARQL UNION operator I  
believe. How to do that will depend on the framework you have. Named  
graph frameworks allow you to union graphs usually. Simpler ones  
automatically union everything.

There are a lot of examples around. One is an AJAXy javascript one  
called Tabulator which Tim Berners Lee is working on directly

http://www.w3.org/2005/ajar/tab

>
> Doesn't this seem a very appropriate use of RDF/FOAF - merging  
> wots.. and/or wot vocabularies?
>

very much so.



Home page: http://bblfish.net/
Sun Blog: http://blogs.sun.com/bblfish/
Foaf name: http://bblfish.net/people/henry/card#me

More information about the general mailing list