[OpenID] cryptographics web of trust

Peter Williams pwilliams at rapattoni.com
Fri Sep 21 15:30:33 UTC 2007 

If you dont read any of what follows, at least read http://www.ietf.org/rfc/rfc4725.txt. 
 
I suspect we are getting to the limit of this openid-general list on this topic.  I dont want to ear out my welcom.
 
Would it fit foaf-dev better? Can they tolerate an extended exploration of foaf+openid+wot, on a well-identified, easy-to-blacklist, thread?
 
----------------
 

The idea here I think is that you or rather your client - say the 
Beatnik Address Book - goes and fetches
foaf files, and places them in isolated graphs in its RDF datastore 
(which would have to be a quad store)
 
PW: The sparql support in the intellidimension product is very new, with no documentation. Its completeness is unknown. its much less mature than the SebWeb library I was using earlir. But, it has all the communciation stack support! It can certainly do a few basic queries from the SPARQL W3C Rcommendation. Using the HTTP binding of the SPARLQ protocol, I can do the obvious SELECTs, though the FROM clause does not work (yet). Its way of supporting the http binding of the SPARQL protocol to access a SPARQL library API was cute.  It will be a nice complement even as-is - to US Realty's older  RETS1.x standard which was fielded with almost the same architecture, but much simpler query language and data model thant RDF!. The SPARQL server  can be a proxy, drawiing data from the older RETS servers producing XML. The SPARQL (SELECT-only) proxy can do the data merging by inference that several local property names used in each source, having the rulebase that makes them equivalent - which is the VERY PROPERTY I have customers with $$$-in-hand demanding of me RIGHT NOW.
 
PW: For now, one simulates multi graph querying using the product's own custom javascript-like scriptable-query language  (see http://www.intellidimension.com/default.rsp?topic=/pages/rdfgateway/default.rsp). I doubt this is retaining knowledge of the source of each triple. But perhaps it is! (Their model is already a (different) quad store, adding statement-level security contexts and role-based access control; they obviously have the knowhow to do this kind of trusted graph management type of work.)
 
(see the diagrams here to understand graphs:
http://blogs.sun.com/bblfish/entry/beatnik_change_your_mind )


 
PW : I assume that its the inverse functional -ness is what allowed the nice property of "Notice that I can merge the blank nodes in both graphs because they each have the same relation foaf:mbox to the resource mailto:henry.story at sun.com. Since there can only be one thing that is related to that mbox in that way, we know they are the same nodes."
 
PW: And, we get the benefit if mbox had been foaf:openid.
 
It adds relations to each graph, such as where and when it found that 
information. Then perhaps it builds some
kind of trust value for each graph. One can imagine all kinds of 
client side heuristics to do this: perhaps the user accepts the 
address in his DB, so it gets a higher value; foaf's linked to from 
foafs he has used get less value, unless they are signed, etc. etc.
 
PW: reading your comment  here and http://www.w3.org/TR/rdf-sparql-query/#specDataset made it clear.
 
PW: The ?g is not a name for the result of the match (stupid Peter's best guess); its the name of the source of the triples (which presumably matched).
 
PW: http://www.w3.org/TR/rdf-sparql-query/#specDataset was clearer than your quick example - as it shows the several FROM elements in the query missing from your quick suggestion.


So the above SPARQL query was more a way for an application to query 
its own database, not as a way to query RDF out on the web. Of course 
perhaps one such trust vocabulary will become very popular so that 
all applications could assume the relationships existed, and then 
even query remote public databases like this.

PW> I note this trend, in semweb work. Pull lots of FOAF files, then process them centrally. But Im not NSA - with a field full of optical computers and robots than can load any one of a 200M 4G DVDROMs of stored data in 15s. I have to walk the tree/web, just like ENUM walks the DNS (and how we addressed this problem in the . Read the validation/trust discussion in http://www.ietf.org/rfc/rfc4725.txt
>
> (a) is the idea that the RDF model over which the query is 
> performed is a merge of two default graphs: (i) g1 your FOAF file 
> and (ii) g2 from the Agent foaf file?

It's more like I am querying my own DB here for it's trust values.
 
PW: and I see now why. I see how the queries construction assumes a data merge (retaining src) has occured, as a precursor to doing the matching algorithm.

>
> (b) Would the file of (ii) look like

Something like this would also work.

PW: I made the assumption that the trustlevel was on a PubKey value - so built a trust store on that false assumption. Its not. the GRAPH based query is querying the trustlevel some db has in the (URL) source of the triples. I need to have some RDF file store triples assertion
 
PW: [ trust:levelhigh cardurl1, cardurl2, cardurl3, ... .]
PW: [ trust:levellow cardurl4, ... .]
 
PW: [ trust:levelhigh openid1, openid2, openid3, ... .]
PW: [ trust:levellow openid4, ... .]
 
But we are now asking people to publish their trust in public keys, 
and they are not quite understanding public keys yet. So I would not 
put too much hope in that working very soon. If people can publish 
keys in RDF and sign each others keys, we will have gone very very 
far already.

PW: Thats what Im good at. Each
 
PW: I'll play with some good libraries on the topic, at http://www.intellidimension.com/default.rsp?topic=/pages/rdfgateway/default.rsp
 
PW: May have to drop the PGP compatibility tho, for now.

>
> [ trust:levelhigh
>
> [ a <http://xmlns.com/wot/0.1/PubKey>;
>       <http://xmlns.com/wot/0.1/identity> <http://bblfish.net/ 
> people/henry/card#me>;
>       <http://xmlns.com/wot/0.1/pubkeyAddress> <http://bblfish.net/ 
> people/henry/henry.pubkey.asc> ] ,
>
> [ a <http://xmlns.com/wot/0.1/Pubkey>;
>       <http://xmlns.com/wot/0.1/identity> <http://www.w3.org/People/ 
> Berners-Lee/card#i>;
>       <http://xmlns.com/wot/0.1/pubkeyAddress> <http://bblfish.net/ 
> people/henry/timbl.pubkey.asc> ].
> ]
>
>

More information about the general mailing list