From W3C Wiki
sorry for the WalledGarden... I'm moving this stuff to topics such as:
Policy Aware Web: authorization, trust... on the balance between crypto-PITA ( I want easy-to-use crypto) and valuable communications...
"peer production" -- nifty concept, from Peer production of Internet governance
how does foaf fit in? FoafIdentityAssurance discusses challeng-response with digital signatures and foaf files. gotta check out sharedid.com.
How can we use photographic evidence compellingly? Perhaps: fill out a form online, saying who'se in the picture and where the picture is taken, and what event the photo is part of/during; get it notarized or just compute a secure hash... then print the hash/notarization, then hold it up in the picture. And, to save OCRing the picture, put it in the JPEG comments too.
can we make foaf claims compelling by mixing with time and crypto information?
Can we digitize the business card effect? i.e. what physical tokens can we exchange to make later remote communication compellingly authentic? Perhaps just putting public key fingerprints on cards is enough... but... how to connect it securely with an email address? Or do we need to?
How to say "this message is sent only to you" or "only to 10/100/1000 people" compellingly? use anti-double-spending eCash algorithms? That's another service the policy-aware-web needs: an anti-double-spending service. Hmm... how to prevent an attacker from sending a very similar but different message? need something for text messages ala musicbrainz trm for music. Or perhaps change the claim to "I'm only introducing myself to 1/10/100/1000 people today"; i.e. connect it to the sender, rather than the message.
for local stuff, a pencil is hard to beat
that paper from danny on bank web site policies shifting liability LinkMe... and on the evidentiary value of physical signtatures
case study: norm allowing me to make comments with links on his web site. hmm... I see basically 2 choices: (a) advogato-style, where there's very little crypto, but there's a centralized computation of trust and (b) in order to distribute the trust computation, use cryptography for (b), the foaf network needs to be strengthened with crypto.
existing reputation services: advogato, technocrati, planetrdf/apache/gnome/debian, debian developer certification, W3C accounts. W3C AA system (not very trustworthy), ebay sellers
debian chain of trust -- transcribe in N3?
Kazaa.. No central service? Not even for ads?
Degradable content. Altnet
Www.internet-magazine.com P.28 jan 2003
"The software turns a Linux PC into a 'virtual secure coprocessor', which is able to check that none of its software is compromised and even (in a future version) prove its integrity to a remote system." -- Linux With TCPA on slashdot Sep 2003