[OpenID] cryptographics web of trust

Peter Williams pwilliams at rapattoni.com
Mon Sep 10 08:09:18 UTC 2007 

> > Don't laugh.  I'm naturally slow. I half got my blog site to work,
> > and got a first RDF FOAF file. I may even have a persistent URI.
> 
> Nice! There's nothing like doing to understand!

 [Peter Williams] And that there is nothing that one does that actually
works to give one confidence. I'm struggling to get faufnaut code to
work, so I can compute does X knows Y (even tho it clearly can)


>     I see. That is a cool service at mfd-consult.dk you pointed to
> below. It pointed out that you are using an old version of the
> acquaintance relationship. The new ones are here:
>      http://vocab.org/relationship/
>     Nice. Thanks for pointing that out.

[Peter Williams] I updated the FOAF file, and the whines of the explorer
viewer are now gone. A little too much meta-data understanding was
getting in the way of what I care about : peter knows/associates henry.


>   - You put a lot of information about me. That is probably somewhat
> more duplication than needed. You may just want to put my name, my
> URL, and a few things of interest to you, perhaps my weblog.
> Duplication is good, it helps people verify what you think you are
> pointing to, but the more you duplicate, the more you have to keep up.

[Peter Williams] So I spent about 2 years of my life (over a decade ago)
adding security to the X.500 distributed directory. Its main application
was military, all said. What I now have from FOAF (and RDF) + OpenID is
much the same tho, with little of the overhead -- and much less
operating constraints. And, we get the inferencing and logic query
engine that simply outclasses the fixed X.500 query model. And, we get
the RDF handling of multiple domain vocabularies that simply outclasses
even the meta-directory breakthroughs that Novell and co made in the
late 90s.

I like what I see in the integration of OpenID and FOAF.

At the simple level, one can read a public directory entry. Pull a FAOF
file, much as one might have pulled an LDIF file, using presentation
syntax negotiation to choose a wire format. Parse it, explore it, and
Peter direcotyr entry can be read by anyone.

At the medium level, pull the attributes from the FOAFfile via OpenID
AX, an agent that enforces access controls. The agent can be objectclass
aware, learning the RDF schema from the FOAF file itself or its
references (a reimplementation of what X500 1992 did too)

At the high level, the wot within the LDIF/FOAF can constrain which
consumers/server agents actually trust each other, when engaging in
openID Auth+AX. This gets close to the security model of X.521, where
wot and PGP play the role of Directory naming context controls plus PKI.

[Peter Williams] 

Hopefully this is not too condensed to be comprehensible. If I think
X.500, I now understand the semweb via RDF. In fact, it's rather easy. I
just have to remember it went beyond...given what prolog has to offer.

> 

[Peter Williams] 
 I don't think you need the RDF to specify a query. You need your
> client to query the RDF, as shown in the blog.
> 
> But I may be misunderstanding.
> 
> Henry

[Peter Williams] Its pretty clear than a FOAF file with one or more PPDs
can point via a URL to a file with SPARQL queries that codify
interesting things that a client **practically** infer about info in
that PPD -- and the PPD's relationship to other PPDs.

I would have been nice if the SPARQL queries could have been store
themselves in a RDF file (and the FOAF file itself), but its not
strictly necessary.

If you think like smalltalk, the FOAF file could have had its
coded-SPARQL alongside the PPD, if only it had been possible to
represent SPARQL queries as triples.

More information about the general mailing list