[rdfweb-dev] Ecademy FOAF
Bill Kearney
wkearney99 at h...
Tue Dec 31 16:10:03 UTC 2002
> First, yes, I agree with you - they don't fully understand what FOAF is/does
> which is maybe a marketing thing.
>
> However, there was a couple of valid points. The first was that it allows
> access to all of the contacts (or friends) you had in your network, which
> isn't easily accessible via the Ecademy web site ( i think you need to be a
> paid member to get them). On top of this, the pages weren't under any
> authenticaion (yes, i tried). So i could just specifiy the URL and get back
> the FOAF for any given user. I don't know that any of the users complaining
> actually knew that, but that may have been a valid argument, given that you
> can't get this kind of information simply from their web page (which is
> freely accessible).
Yes, this is why I designed the personal list feature of Syndic8 to default to
lists being private. The user would have to chose to share a list. We've
talked of making a finer level of exposure where it'd only be shown to fellow
registered users and perhaps to groups. Thus my interest in foaf.
> FOAF is a cool idea, so i guess all it needs is some security restrictions
> on it - maybe as optional. Probably this could be more of an implementation
> issue (that's certainly the esasiest option), but maybe there could be some
> guidance in FOAF as how to protect the data you have. "these can be public",
> "these are private", encrypt this... etc... Delineation is important too!
Edd's article on signed and encrypted foaf seems applicable. There's the idea
that you could indicate in a foaf that there's an external document being
referenced with a PGP public key. If a consumer of the foaf came across it's
own key it would assume that the external document should be reference, decoded
and utilized. There are ways to create public keys for groups. This is
probably more trouble that some programmers feel like tackling. It certainly
violates the simpleton's "make it human readable" rule. This and XMLDSIG are
perfectly valid ways to do it but they're not as lightweight as plain old text
streams of angle brackets.
-Bill Kearney
More information about the foaf-dev
mailing list