[rdfweb-dev] Re: Parsing FOAF in perl?

[Ian Davis]

On Monday, 09 December 2002 at 14:33, Bill Kearney wrote:
> While being able to sign your own foaf is handy, there's nothing that says the
> signed foaf is any more authoritative than an unsigned one. I could serve up
> documents that were signed that made all sorts of assertions. What would make
> them any more authoritative than an unsigned one? That's to say I could make a
> foaf:Person for someone completely unrelated to myself and sign it. What's the
> method in foaf to link signatures back to an authoritative identity? I don't
> want to escalate this up into full-on PKI but there ought to be an interm
> method.
You signature only serves to prove that you wrote the RDF, not that
you stand by the accuracy of what you wrote.

> I'd think some sort of 'authoritative self description' concept is important to
> most folks. There's nothing to stop anyone from creating a foaf:Person about
> another and having it be riddled with inaccuracies. I don't know that it's
> necessary to force it into a situation that allows only 'trusted' people to
> submit data. I'd see it as being more important to have a person's own data
> signed in such a way that's detectable as having been from themselves.
I agree that most people expect an authority for a given piece of
information, but is that how it works in the real world? I may be an
authority for myself but you shouldn't trust what I say about myself
any more than you would if I met you in the pub and told you my life
story.

In one sense there is no authoritative information - I can just as
easily lie about myself as you. My personal belief is that each
application has to have its own world view. It has to decide who to
trust for itself. When it encounters contradictory statements it has
to make some decision as to how they should be reconciled.

That's a hard problem.


Ian