[foaf-dev] Re: privacy and open data

[Peter Williams]

"The server would then just need to get the foaf file, find the pgp =

public key, to verify that the request
does indeed come from the owner of the foaf file."
Loving to solve trust problems using public key control systems (my own dis=
cipline), I'm supportive. However, the use of "just" is a little dis-ingenu=
ous, above. 15 years of the PGP model working in other information flow sph=
ere's did not reduce the key distribution issue set down to a simple "just"=
. Nothing in the PGP model of web of trust has shown itself better than oth=
er models at scaling a wot, todate. A fair amount of highly-doctrinal argum=
ents are bandied around, tho.
What's interesting about the particular wot model referred to in foaf/semwe=
b is the notion that one relies on the public key only once its endorsed by=
 a sufficient "weighting" of those members on one or your own particular fr=
iend lists. This is a variant of the aborted IETF efforts of the SKMI WG. B=
eware, that fully generalized metric-based reliance models were properly an=
d carefully patented in the mid 90s, folks, with both the core claims and t=
he continuances set to run for a good amount of time yet. The prior art dis=
closed DARPA research reports of the early 1990s that provided for the rest=
ricted use of metrics in a specific (TTP) model of key distribution, for th=
e selection of alternative routing graphs through a key-certification space=
 starting at well-known public (vs restricted access personal) trust points.
Remember to apply your core research skills, re the literature (and G8 pate=
nt databases).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.usefulinc.com/pipermail/foaf-dev/attachments/20080325/893=
346fd/attachment.htm