[rdfweb-dev] Which Person wrote this FOAF?
Graham Klyne
GK at ninebynine.org
Tue Jul 29 14:10:08 UTC 2003
At 07:17 29/07/03 -0400, Dan Brickley wrote:
> (thinking out loud:)
> - maybe there is a relation (not sure how app-specific) along lines of
> wot:delegatesAssurance that relates PGP keys. Example: my PGP key has
> fingerprint "FA0C 0D5A 2B3F 808D AA28 2B63 3E15 EF2F 7322 8FE4". I
> could use it to PGP-sign some RDF which says that that key stands in
> a delegatesAssurance relationship to key(s) from Ecademy, TypePad.
> So I would only need a very basic PGP-signed FOAF file that said, in
> effect, 'if you see more FOAF signed by these other keys, they're
> making claims on my behalf.' (hmm, presume a different key for each
> user, rather than one key for all FOAF signed by that service?)
>
> (to feel comfortable with this, I'd want (i) time limits (ii) a
> revocation mechanism (iii) parameters for what I'm delegating, ie.
> wouldn't want this to be a blank slate for the delegated sites to
> say anything at all 'from me' forever. This is a huge problem space,
> and one we should tiptoe into rather cautiously...)
This seems to me rather like inverse certificates (the individual indicates
willingness to stand by the actions of a service provider), which when it
comes down to it is just a different way of using ordinary
certificates. As always with certificates, the challenge is figuring out
how to bootstrap the chain of trust. (e.g. suppose I sign up to Ecademy
under an assumed name... and then issue a certificate delegating assurance
to Ecademy statements about that name.)
And all your "comfort points" are exactly the kinds of features you'll find
in existing certificate designs.
#g
-------------------
Graham Klyne
<GK at NineByNine.org>
PGP: 0FAA 69FF C083 000B A2E9 A131 01B9 1C7A DBCA CB5E
More information about the foaf-dev
mailing list