[Freedombox-discuss] FOAF developers taking FreedomBox into their equation
Jonas Smedegaard
dr at jones.dk
Thu Mar 10 11:18:32 UTC 2011
On Thu, Mar 10, 2011 at 12:50:43AM +0000, Clint Adams wrote:
>On Thu, Mar 10, 2011 at 12:11:01AM +0100, Melvin Carvalho wrote:
>> > WebID use SSL certificates, but do not require _centralized_
>> > certificate authorities, Actually, due to requiring an unusual
>> > additional hint, some centralized CA autorities including
>> > CAcert.org cannot currently provide WebID compatible certificates.
>>
>> Traditionally we've always 'self signed' our WebID certificates. So
>> there's no CA that needs to be in the loop. In fact, I dont know of
>> any instance WebID has *ever* been used with a CA, but I suppose it
>> is possible too. :)
>
>Okay, so if I control the hostname me.fb2fb in a hypothetical
>decentralized naming scheme, I generate a WebID at
>http://me.fb2fb/webid#me or something, and you can validate that the
>person who controls http://me.fb2fb/webid#me is the same person that
>claims to control me.fb2fb, correct?
>
>Now if I lose control over me.fb2fb, and someone else generates a new
>WebID at that URL, has that person now acquired my identity and
>credentials?
>If so, does WebID have any features that would mitigate this?
FOAF to the rescue!
The technical name for WebID is FOAF+SSL. A central FOAF mechanism is
to tie a personal identity to a URL - which is then the magic little
trick to add to an SSL certificate to initiate trust in that claim.
This is comparable to generating a PGP key to write encryptet and/or
signed emails: It _is_ to be trusted, but only for those directly handed
the public key, there is no network effect - no centralized "hierarchy
of trust" as in classic use of SSL certificates and no decentralized
"ring of trust" as in PGP either.
But wait! The thing which was assured was not only the URL but an RDF
document called a "FOAF file". Which contains other info than just the
URL.
I each own a FreedomBox and decide to trust each other. So we exchange
WebIDs (i.e. public keys) and teach our boxes this new relationship:
* I store your WebID into my local RDF storage (i.e. using the
newly packaged 4store), classified as "friend".
* I also store the context of this relationship - i.e. with what
RDF ACL I want to share the knowledge of this friendship
(perhaps I only want to share this leaf of my relationship tree
with other "friends" or "close friends", not "world or "family"
(except those that are _also_ "friends").
* You do similar.
* I then try test if it works, by storing e.g. a blog entry in my
"friends" context on my box, and ask you to test that you can
only read it when logging in using your WebID.
* You surf (from your laptop, independently from your FreedomBox)
into my website (served by my FreedomBox) and into the "Friends"
section. You are served a short page telling that this area is
for friends only, and is accessible from [this URL] (which is
the exact same address, just using the https protocol).
* You try again, now using https. Your browser pops up an
authentication dialog, you hit escape, and am served a similar
page, but now telling that you are not a known friend to me,
referring you to some page on how you may try become a friend.
* You try again, select your WebID as client certificate, and hit
enter. My webserver now notices that you use SSL _and_ provide a
client certificate. My auth agent makes a so-called SPARQL query
against my local RDF store, finds that indeed this WebID is a
known and tagged as ok to serve this data, and it is delivered.
This is first-hand knowledge. Comparable to PGP key-signing.
Then you give your girlfriend a FreedomBox, and she persuades her sister
to buy one herself. Each time a new box was setup, above "dance" was
done - but only for the _direct_ relation.
Well, We all hang out together, so I actually know your sister and her
girlfriend pretty well, and now want to establish a different
relationship with her regarding a certain [stamp collection]. I want to
communicate with the friend of your sister without you or your sister
able to listen in!
I ask my FreedomBox to "think" hard about my relations (or I wait some
ours and it might do the thinkin on its own): It looks up that URL
embedded in the WebID that you gave me - a location on your server
containing your FOAF file (i.e. data about you and about who you claim
to be your friends). You might be cautious and not share friendship
details with the whole world, so my FreedomBox connects using SSL and an
own WebID (my box is not me, only an agent claiming to serve me!). Your
FreedomBox has no knowledge about this WebID in its RDF storage, so
makes a lookup to its source FOAF which declares that it is an agent of
me (and my 2 brothers). Then your FreedomBox does a local SPARQL query
to resolve what knowledge this "agent of multiple persons, among those a
friend of mine" is permitted gain access on - - and then serves a
dynamically generated FOAF file containing your relationship with me,
and your relationship with your sister. Your FreedomBox also stores my
FreedomBox agent WebID in its local RDF storage both to speedup later
resolving and so that you can see what security assesments your box made
on its own later on - without requiring to query that URL again (which
may be long gone at the time of a security investigation).
My FreedomBox is setup to think _deeper_ than that. To try reach out 3
degrees of relationships. So it repeats the process to gather the FOAF
of your sister, and then that of her girlfriend.
Then I (after this pause/refresh) locate the girlfriend of your sister
in my magically self-evolving addressbook, and tell my box that I want
to create a new privacy zone (a.k.a. "context") initially containing
only (me and) her. And go write a blog entry or a chat message or
whatever, targeted that zone/context.
Above, I believe, is comparable to a ring of trust.
But I am no security expert. So go ahead and shoot it all down. Better
now than after we've shipped 5 million FreedomBoxes ;-)
- Jonas
[stamp collection] I am in a happy relationship for 10 years, so drop
those dirty thoughts, please. In fact it was some nazi stamps which we
felt you and your sister wouldn't understand the value of, ok?
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20110310/db114246/attachment-0001.pgp>
More information about the Freedombox-discuss
mailing list