Ken MacLeod has announced a new tool, 'FOAF Check', which reads a FOAF file, checks its PGP signature and extracts portions of the RDF, eg. for inclusion in weblog comments (via. Movable Type cookies etc.).
This approach provides a way to avoid re-entering the same data over and again across multiple sites - you just point them at your FOAF document and let them read what you've already said about yourself. Ken's writeup points to previous work on FOAF/PGP-based decentralised profiles.
This is really cool, basically. Looking at the detail it does suggest we need to do a little more work on the FOAF vocabulary for clarifying which of several people mentioned in any given FOAF file is the topic of that file. There are currently several ways we could indicate this; one needs to be picked and documented more clearly in the FOAF spec. It also isn't immediately clear (to me!) how we get from knowing that a FOAF file validates against some PGP key to knowing that the PGP identity is the one that our application wants it to be. But it's a step in the right direction...
Also the combination of foafbot and tools like foaf-check provide good reason for people to actually start using PGP (or GNU Privacy Guard (GPG), the Free GNU version), That can only be a good thing.
One other topic this throws up: is it reasonable to expect people to remember and quote their FOAF URLs? Or should we ask for their homepage, and look for a LINK REL in their homepage markup pointing to their FOAF data?
Posted by danbri at June 24, 2003 06:37 PM
See also Ken's notes in the FOAF wiki, http://rdfweb.org/topic/FoafIdentityAssurance for more details on how this might be used for a challenge/response style of authentication.
Nearby, FOAF's wiki homepage (recently tidied up somewhat), http://rdfweb.org/topic/FoafProject
Posted by: Dan Brickley on June 24, 2003 09:11 PM