[OpenID] cryptographics web of trust

Story Henry henry.story at bblfish.net
Fri Sep 21 10:45:59 UTC 2007 

On 21 Sep 2007, at 05:10, Peter Williams wrote:
> [snip] I now have a SPARQL http endpoint, performing the above. (I  
> will extend it tomorrow to rely on an SAML assertion for WebSSO to  
> authorize execution.) This looks straightforward. My cute RDF  
> application server allows me to bind a INSERT to an HTTP request.  
> So, a webserver running a script uses querystring parsing to  
> reflect on a RDF model that results in a set of triples that I then  
> insert bind to an HTTP (using INSERT). I get to SELECT on the http  
> response.
>
By the way, SPARQL does not yet offer any solution for INSERTing data  
into a database on the web. I think the right type of solution for  
that would be to use something like the Atom Publishing protocol to  
POST data to a collection.

http://bitworking.org/projects/atom/

Anyway, not a problem for playing around with.
> [snip]
>
> > PREFIX foaf: <http://xmlns.com/foaf/0.1/>
> > PREFIX wot: <http://xmlns.com/wot/0.1/>
> > SELECT *
> > WHERE {
> >   ?g trust:level ?t .
> >   GRAPH ?g {
> >      <http://bblfish.net/people/henry/card#me>
> >         foaf:mbox ?mbox;
> >         foaf:openid ?openid .
> >      OPTIONAL {
> >         [] a wot:PubKey;
> >            wot:identity <http://bblfish.net/people/henry/card#me>;
> >            wot:pubkeyAddress ?pubKey .
> >       }
> >    }
> > }
>
> > This is just to show what one can do, though it is probably not  
> quite
> > the right way to do this.
>
> So the above I don’t understand.
>
> Let's assume the SPARQL Server has a FOAF file, documenting various  
> features about this "foaf:Agent".
>
> I think the above is saying the following:-
>
> Whatever set of triples become ?g, that particular set will be  
> "determined" to have a trustlevel.

it is (perhaps one way of) saying: for every result find me the trust  
level you have in that result.
The idea here I think is that you or rather your client - say the  
Beatnik Address Book - goes and fetches
foaf files, and places them in isolated graphs in its RDF datastore  
(which would have to be a quad store)

(see the diagrams here to understand graphs:
http://blogs.sun.com/bblfish/entry/beatnik_change_your_mind )

It adds relations to each graph, such as where and when it found that  
information. Then perhaps it builds some
kind of trust value for each graph. One can imagine all kinds of  
client side heuristics to do this: perhaps the user accepts the  
address in his DB, so it gets a higher value; foaf's linked to from  
foafs he has used get less value, unless they are signed, etc. etc.

So the above SPARQL query was more a way for an application to query  
its own database, not as a way to query RDF out on the web. Of course  
perhaps one such trust vocabulary will become very popular so that  
all applications could assume the relationships existed, and then  
even query remote public databases like this.


>
> (a) is the idea that the RDF model over which the query is  
> performed is a merge of two default graphs: (i) g1 your FOAF file  
> and (ii) g2 from the Agent foaf file?

It's more like I am querying my own DB here for it's trust values.

>
> (b) Would the file of (ii) look like

Something like this would also work.

But we are now asking people to publish their trust in public keys,  
and they are not quite understanding public keys yet. So I would not  
put too much hope in that working very soon. If people can publish  
keys in RDF and sign each others keys, we will have gone very very  
far already.


>
> [ trust:levelhigh
>
> [ a <http://xmlns.com/wot/0.1/PubKey>;
>       <http://xmlns.com/wot/0.1/identity> <http://bblfish.net/ 
> people/henry/card#me>;
>       <http://xmlns.com/wot/0.1/pubkeyAddress> <http://bblfish.net/ 
> people/henry/henry.pubkey.asc> ] ,
>
> [ a <http://xmlns.com/wot/0.1/Pubkey>;
>       <http://xmlns.com/wot/0.1/identity> <http://www.w3.org/People/ 
> Berners-Lee/card#i>;
>       <http://xmlns.com/wot/0.1/pubkeyAddress> <http://bblfish.net/ 
> people/henry/timbl.pubkey.asc> ].
> ]
>
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2429 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070921/9a6fa410/attachment-0002.bin>

More information about the general mailing list