[foaf-dev] Privacy in FOAF

_______________________________________________
foaf-dev mailing list
foaf-dev@...
http://lists.foaf-project.org/mailman/listinfo/foaf-dev

Re: [foaf-dev] Privacy in FOAF

On Tue, Aug 5, 2008 at 8:08 PM, Juan Sequeda <juanfederico@...> wrote:
> I was wondering if FOAF has some kind of privacy settings.

No, FOAF and RDF are just data, you have to implement privacy at the
data access level. Have a look at Henry Story work,
http://blogs.sun.com/bblfish/entry/foaf_ssl_creating_a_global,
http://blogs.sun.com/bblfish/entry/the_openid_sequence_diagram or
http://blogs.sun.com/bblfish/entry/rdfauth_sketch_of_a_buzzword.

--

-- 
Olivier G.
http://www.lespacedunmatin.info/blog/

Re: [foaf-dev] Privacy in FOAF

Thanks Oliver 

Also if you publish your foaf inside a firewall, then only people  
inside that firewall can access it. So that is very similar to  
protection intranet web pages have, such as your company name finder  
web site for example. That may be enough for many (most>) use cases.

So if you gave everyone inside your firewall a foaf name, and allowed  
them to publish owl:sameAs to their external foaf, you could already  
do some very interesting things that are not possible to do with ldap.

Henry

On 6 Aug 2008, at 10:58, Olivier GENDRIN wrote:

> On Tue, Aug 5, 2008 at 8:08 PM, Juan Sequeda  
> <juanfederico@...> wrote:
>> I was wondering if FOAF has some kind of privacy settings.
>
> No, FOAF and RDF are just data, you have to implement privacy at the
> data access level. Have a look at Henry Story work,
> http://blogs.sun.com/bblfish/entry/foaf_ssl_creating_a_global,
> http://blogs.sun.com/bblfish/entry/the_openid_sequence_diagram or
> http://blogs.sun.com/bblfish/entry/rdfauth_sketch_of_a_buzzword.
>
> -- 
> Olivier G.
> http://www.lespacedunmatin.info/blog/
> _______________________________________________
> foaf-dev mailing list
> foaf-dev@...
> http://lists.foaf-project.org/mailman/listinfo/foaf-dev

_______________________________________________
foaf-dev mailing list
foaf-dev@...
http://lists.foaf-project.org/mailman/listinfo/foaf-dev

Re: [foaf-dev] Privacy in FOAF

_______________________________________________
foaf-dev mailing list
foaf-dev@...
http://lists.foaf-project.org/mailman/listinfo/foaf-dev

Re: [foaf-dev] Privacy in FOAF

> On Tue, Aug 5, 2008 at 8:08 PM, Juan Sequeda <juanfederico@...> wrote:
> > I was wondering if FOAF has some kind of privacy settings.
> 
> No, FOAF and RDF are just data, you have to implement privacy at the data access level. 

FOAF is just the data format. There is still active debate over the best way to control access to foaf data.
Hopefully, useful standards will emerge.

It's easy to think of scenarios where one user should be served a slightly different document to another -
e.g. allowed to see different data about me depending how much I trust them. Many websites implement this
kind of thing internally.

Thanks
Anthony

-----------------------------------------
Email sent from www.virginmedia.com/email
Virus-checked using McAfee(R) Software and scanned for spam

Re: [foaf-dev] Privacy in FOAF

On 6 Aug 2008, at 11:21, Juan Sequeda wrote:

> Lets say I want to have personal info and work info separate. Maybe  
> I can
> have a foaf file for work info and keep that inside my firewall, and  
> then my
> personal one public? But then I have two foaf files. Is there a  
> better way
> of doing this?

Just have

<mypublicfoaf#name> = <mycompanyfoaf#name> .

You can see me try this in my foaf file
at http://bblfish.net/people/henry/card.n3

[[
:me    a foaf:Person;
        = <http://sixiron.sfbay.sun.com:8080/FoafServer/services/people/155492#HS
 > .
]]

This can get you going easily and make some good cases to companies  
with very little infrastructure needed.

> I'm just thinking from a social network user's perspective, who has  
> this
> data portability problem. This is the question I get all the time:  
> if they
> were to control your own data, what would a normal user need to do  
> to have
> privacy control?

Well in that case have a look at the articles Oliver Gendrin referenced

>> http://blogs.sun.com/bblfish/entry/foaf_ssl_creating_a_global
>> http://blogs.sun.com/bblfish/entry/the_openid_sequence_diagram
>> http://blogs.sun.com/bblfish/entry/rdfauth_sketch_of_a_buzzword

These are not widely deployed and require some infrastructure work.  
But that would be the same as the web prior to https. Someone did  
implement it, and others followed.

Henry

_______________________________________________
foaf-dev mailing list
foaf-dev@...
http://lists.foaf-project.org/mailman/listinfo/foaf-dev

Re: [foaf-dev] Privacy in FOAF

_______________________________________________
foaf-dev mailing list
foaf-dev@...
http://lists.foaf-project.org/mailman/listinfo/foaf-dev

Re: [foaf-dev] Privacy in FOAF

2008/8/5 Juan Sequeda <juanfederico <at> gmail.com>:
> I was wondering if FOAF has some kind of privacy settings.
>
> Just like in social networks that only some kind of people can look at my
> profile, or maybe only I want part of my profile visible. Is this possible?

You may find this writeup on using FOAF with the PGP WOT (Web Of
Trust) vocab useful:

http://64.233.183.104/search?q=cache:O7bPkPEJryAJ:usefulinc.com/foaf/encryptingFoafFiles

(Google cache link due to a transient problem on the source site.)

Cheers,

Earle.

--

-- 
我歌月徘徊，我舞影零亂。
Earle Martin | http://downlode.org/

_______________________________________________
foaf-dev mailing list
foaf-dev@...
http://lists.foaf-project.org/mailman/listinfo/foaf-dev

Re: [foaf-dev] Suggestion for WOT vocab - PGP Word List fingerprints

Sorry for the delayed response, I was also in transit.

> This kind of redundancy is a little different, since the equivalency
> (like with :mbox_sha1sum) is hard to express in universally understood
> machine form. ...
> The fundamental distinction that can help us here is that of FOAF
> document versus the FOAF vocabulary. ...
> These two are often conflated, but they're not quite the same. I think
> we can be liberal about what goes into FOAF, while conservative about
> raising expectations for what people publish and find in typical FOAF
> files. It might be that the FOAF vocab for eg has :dateOfBirth, yet we
> only publish an age in years on the public Web.

Thanks for this clarification, Dan.

To address Keith's concerns, my feeling is that a FOAF document, in
the sense that most people use it, is a human artifact; so shouldn't
require rigid mathematical purity (i.e., containing only axioms from
which all other information can be derived). Hence the existence of
foaf:name, rather than a mandatory and complex attempt to model the
components of names - although foaf:givenName and foaf:surname do
exist, there is no requirement to use them, and certainly no penalty
for using them as well as the simpler property.

> Earle, how much of this data is out there in the word list form? Tools
> that produce and consume it? Evidence that people actually use this?
> (rather than it being a high class geek code?).

Well, it's not very Web-ish at present - I can't actually find any
data out there to actually be had in this format. It mainly features
as a component of ZRTP ("a protocol for media path Diffie-Hellman
exchange to agree on a session key and parameters for establishing
Secure Real-time Transport Protocol (SRTP) sessions" -
http://zfoneproject.com/docs/ietf/draft-zimmermann-avt-zrtp-07.html#SAS)
- which is used by Zfone, Phil Zimmermann's secure VOIP app. I think
its absence from the Web is probably due to the lack of tools
available to translate it, which is why I wrote one myself.
(http://downlode.org/Code/Perl/Tools/wordlist_fingerprint.cgi).

I do think it's a little more useful than the Geek Code, though, to be
honest, and I'd like to encourage its wider usage. (Incidentally, I
tried searching for FOAF files that had one in them, and didn't find
much. I also noticed that both the PGP Word List and the Geek Code
date from 1996. Funny.)

By the way, you said:
> I'm happy putting this kind of data into the FOAF vocabulary...

That would be the WOT vocabulary at present? I recall a while back you
said somewhere you'd considered incorporating the WOT stuff into FOAF
itself, but I think it's fine as is.

Cheers,

Earle.

--
我歌月徘徊，我舞影零亂。
Earle Martin | http://downlode.org/

_______________________________________________
foaf-dev mailing list
foaf-dev@...
http://lists.foaf-project.org/mailman/listinfo/foaf-dev

[foaf-dev] Privacy in FOAF

here is another very interesting approach to privacy in foaf.

http://dig.csail.mit.edu/2007/12/rep.html