Russ Allbery <r...@debian.org> writes: > Jonas Smedegaard <d...@jones.dk> writes: >> Quoting Russ Allbery (2013-05-16 18:37:06) > >>> but it's not clear to me why we'd bother as opposed to just issuing >>> client X.509 certificates with the metadata already included. > >> Because the very separation of identifiers from the identified makes the >> identifiers usable to reliably semantically express Web of Data. > >> http://linkeddata.org/ > > Could you explain this in more concrete terms? I'm at a loss to > understand what this means, and the web site wasn't horribly helpful. >
Linked Data makes use of URIs to identify meta-data / properties of an entity. Hence, it is quite distributed: these URIs can be fragments of URLs inside documents, which can themselves be located on servers where you (try to) exercice some form of personal control, and where you may sign these documents. Dereferencing these URLs, the servers consuming RDF documents (like a FOAF profile) may then try and verify their signatures (GPG ones?) and hence trust some of the linked data discovered in there (as long as the documents speak about themselves and don't try to declare meta-data for third party entities). Let me take an example, so that things are more concrete, providing that you have vague notion of how to parse RDF (triples, etc.). Note that you may use 'rapper -o turtle URL' to wisualize the RDF/XML documents in a more human readable version, if they're not natively in Turtle format, below. My (work) FOAF profile at http://www-public.telecom-sudparis.eu/~berger_o/foaf.rdf declares that <http://www-public.it-sudparis.eu/~berger_o/foaf.rdf#me> is a person (me), and is signed by my GPG key if you check http://www-public.telecom-sudparis.eu/~berger_o/foaf.rdf.asc That person's SSL cert's public key declared in <http://www-public.it-sudparis.eu/~berger_o/foaf.rdf#me>'s properties is <http://www-public.it-sudparis.eu/~berger_o/foaf.rdf#mecert> which has a certain modulus (may or not be under my control, and/or signed by a CA). Then I declare that <http://www.olivierberger.org/foaf.rdf#me> is me too (Linked) which in turn declares that I'm also <http://people.debian.org/~obergix/foaf.rdf#obergix>, which may also link to <http://webid.debian.net/maintainers/obergix#agent>>. This is all Linked Data. Following these links may or not be performed by Linked Data applications (caching, DOS, etc.). These 3/4 FOAF profiles of mine can provide bits of meta-data from different sources, which may then be trusted, depending on whether they are signed, or available on HTTPS on a "trusted" server, etc. Maybe I'll have a single SSL cert which is only pointing to my "most personal" WebID/FOAF at <http://www.olivierberger.org/foaf.rdf#me>, so whether I can use this one to login to work's servers or to Debian's is to be disputed, depending on the level of indirection these are willing to perform, following the sameAs documents. The fact that my "identity" being described by different documents depending on the context, which are under my personal control and or under the control of organizations I work or collaborate with, can faily well describe the reality, and allows partial trusting of different aspects of "me", depending on the application context. I guess this is the best solution we have at the moment for putting identification aspects under the control of people. Hence the interest of WebID. I haven't discussed the auth aspects here, as they involved other concepts, but for Identification, I guess WebID is much better than any alternative (where your profile more or less lives under control of a (social) profile keeper). I hope this makes it a bit clearer. Best regards, -- Olivier BERGER http://www-public.telecom-sudparis.eu/~berger_o/ - OpenPGP-Id: 2048R/5819D7E8 Ingenieur Recherche - Dept INF Institut Mines-Telecom, Telecom SudParis, Evry (France) -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87d2sq9dxv....@inf-8657.int-evry.fr
