DanConnolly/PolicyAwareWeb

From W3C Wiki

sorry for the WalledGarden... I'm moving this stuff to topics such as:

Policy Aware Web: authorization, trust... on the balance between crypto-PITA ( I want easy-to-use crypto) and valuable communications...


"peer production" -- nifty concept, from Peer production of Internet governance


Foaf... hmm...

how does foaf fit in? FoafIdentityAssurance discusses challeng-response with digital signatures and foaf files. gotta check out sharedid.com.

How can we use photographic evidence compellingly? Perhaps: fill out a form online, saying who'se in the picture and where the picture is taken, and what event the photo is part of/during; get it notarized or just compute a secure hash... then print the hash/notarization, then hold it up in the picture. And, to save OCRing the picture, put it in the JPEG comments too.

can we make foaf claims compelling by mixing with time and crypto information?

Business Cards

Can we digitize the business card effect? i.e. what physical tokens can we exchange to make later remote communication compellingly authentic? Perhaps just putting public key fingerprints on cards is enough... but... how to connect it securely with an email address? Or do we need to?

anti-bulk-message

How to say "this message is sent only to you" or "only to 10/100/1000 people" compellingly? use anti-double-spending eCash algorithms? That's another service the policy-aware-web needs: an anti-double-spending service. Hmm... how to prevent an attacker from sending a very similar but different message? need something for text messages ala musicbrainz trm for music. Or perhaps change the claim to "I'm only introducing myself to 1/10/100/1000 people today"; i.e. connect it to the sender, rather than the message.


for local stuff, a pencil is hard to beat

that paper from danny on bank web site policies shifting liability LinkMe... and on the evidentiary value of physical signtatures

case study: norm allowing me to make comments with links on his web site. hmm... I see basically 2 choices: (a) advogato-style, where there's very little crypto, but there's a centralized computation of trust and (b) in order to distribute the trust computation, use cryptography for (b), the foaf network needs to be strengthened with crypto.

existing reputation services: advogato, technocrati, planetrdf/apache/gnome/debian, debian developer certification, W3C accounts. W3C AA system (not very trustworthy), ebay sellers

debian chain of trust -- transcribe in N3?


older notes...


I'm in heaven (gnome/dashboard semweb)


Kazaa.. No central service? Not even for ads?

Degradable content. Altnet

Www.internet-magazine.com P.28 jan 2003


ProofChecking, SemanticWebBus

Re: universal languages from Dan Connolly on 2001-02-01 (www-rdf-logic@w3.org from February 2001)

"The software turns a Linux PC into a 'virtual secure coprocessor', which is able to check that none of its software is compromised and even (in a future version) prove its integrity to a remote system." -- Linux With TCPA on slashdot Sep 2003

Shibboleth Project - Internet2 Middleware

JavaScrypt: Browser-Based Cryptography Tools

Self-Certifying File System: FAQ

CommunityWiki: WikiJoiningScript