[rdfweb-dev] FoaF for web forms, and FoafCheck
ken at bitsko.slc.ut.us
Fri Jun 27 15:24:51 UTC 2003
I recently wrote Python utility called FoafCheck that takes the URI of
a FoaF instance, verifies its signature, and returns the foaf:Person
that has an rdf:seeAlso with the same URI (that last bit is a subject
of discussion, below). This is similar to Eric Sigler's mt-foaf.php
and Ben Trott's Perl XML::FOAF (recently updated to 0.2!).
On my weblog, I modified the Blosxom writeback plugin to allow one to
enter the URI of the FoaF instance into the Homepage field (also
marked with a FoaF icon) to provide the information for the remaining
fields, and more! (Auto-discovery from a homepage URI to come later.)
There are two primary issues with this approach:
1) FoaF instances can describe more than one foaf:Person. Using
rdf:seeAlso is just a hack (another suggested hack was to use
dc:creator as a property of the FoaF instance).
An additional piece of unambiguous information is necessary to
select the correct foaf:Person. This could be an mbox, but it
turns out we already need another piece of unambiguous
2) A signed FoaF instance is not enough -- anyone can paste the URI
of a signed FoaF instance.
A way of doing authentication is necessary. A commonly suggested
solution is to use an MD5 password, to which I've devoted a wiki
page on WhyNotEncryptedPasswords.
A solution I see that seems better is to use challenge/response,
by having the host generate a challenge (will be an option to
FoafCheck, for example) and presenting it alongside the FoaF
icon, the user copies this to a local utility which then signs it
with their private key, then they paste the response into the
Name field (conventionally), and the host passes both on to the
FoaF library. More details on the FoafIdentityAssurance wiki
page. The potential for bookmarklets and Mozilla plugins is
The match of the signed response with one of the public keys in
the FoaF instance is an unambiguous property.
Besides auto-discovery and authentication, other ToDos for FoafCheck
include using more FoaF info in the weblog (photos!) and better error
reporting. Also used in FoafCheck is a skeleton of another project
I'm working on, a "simple RDF world" using just Python structures.
-- Ken MacLeod
More information about the foaf-dev