[Freedombox-discuss] FOAF developers taking FreedomBox into their equation

Jonas Smedegaard dr at jones.dk
Thu Mar 10 11:18:32 UTC 2011 

On Thu, Mar 10, 2011 at 12:50:43AM +0000, Clint Adams wrote:
>On Thu, Mar 10, 2011 at 12:11:01AM +0100, Melvin Carvalho wrote:
>> > WebID use SSL certificates, but do not require _centralized_ 
>> > certificate authorities, Actually, due to requiring an unusual 
>> > additional hint, some centralized CA autorities including 
>> > CAcert.org cannot currently provide WebID compatible certificates.
>>
>> Traditionally we've always 'self signed' our WebID certificates.  So 
>> there's no CA that needs to be in the loop.  In fact, I dont know of 
>> any instance WebID has *ever* been used with a CA, but I suppose it 
>> is possible too. :)
>
>Okay, so if I control the hostname me.fb2fb in a hypothetical 
>decentralized naming scheme, I generate a WebID at 
>http://me.fb2fb/webid#me or something, and you can validate that the 
>person who controls http://me.fb2fb/webid#me is the same person that 
>claims to control me.fb2fb, correct?
>
>Now if I lose control over me.fb2fb, and someone else generates a new 
>WebID at that URL, has that person now acquired my identity and 
>credentials?
>If so, does WebID have any features that would mitigate this?

FOAF to the rescue!

The technical name for WebID is FOAF+SSL.  A central FOAF mechanism is 
to tie a personal identity to a URL - which is then the magic little 
trick to add to an SSL certificate to initiate trust in that claim.

This is comparable to generating a PGP key to write encryptet and/or 
signed emails: It _is_ to be trusted, but only for those directly handed 
the public key, there is no network effect - no centralized "hierarchy 
of trust" as in classic use of SSL certificates and no decentralized 
"ring of trust" as in PGP either.

But wait!  The thing which was assured was not only the URL but an RDF 
document called a "FOAF file".  Which contains other info than just the 
URL.

I each own a FreedomBox and decide to trust each other. So we exchange 
WebIDs (i.e. public keys) and teach our boxes this new relationship:

   * I store your WebID into my local RDF storage (i.e. using the 
     newly packaged 4store), classified as "friend".
   * I also store the context of this relationship - i.e. with what 
     RDF ACL I want to share the knowledge of this friendship 
     (perhaps I only want to share this leaf of my relationship tree 
     with other "friends" or "close friends", not "world or "family" 
     (except those that are _also_ "friends").
   * You do similar.
   * I then try test if it works, by storing e.g. a blog entry in my 
     "friends" context on my box, and ask you to test that you can 
     only read it when logging in using your WebID.
   * You surf (from your laptop, independently from your FreedomBox)
     into my website (served by my FreedomBox) and into the "Friends" 
     section. You are served a short page telling that this area is
     for friends only, and is accessible from [this URL] (which is
     the exact same address, just using the https protocol).
   * You try again, now using https. Your browser pops up an 
     authentication dialog, you hit escape, and am served a similar
     page, but now telling that you are not a known friend to me,
     referring you to some page on how you may try become a friend.
   * You try again, select your WebID as client certificate, and hit 
     enter. My webserver now notices that you use SSL _and_ provide a
     client certificate. My auth agent makes a so-called SPARQL query
     against my local RDF store, finds that indeed this WebID is a
     known and tagged as ok to serve this data, and it is delivered.

This is first-hand knowledge. Comparable to PGP key-signing.

Then you give your girlfriend a FreedomBox, and she persuades her sister 
to buy one herself.  Each time a new box was setup, above "dance" was 
done - but only for the _direct_ relation.

Well, We all hang out together, so I actually know your sister and her 
girlfriend pretty well, and now want to establish a different 
relationship with her regarding a certain [stamp collection]. I want to 
communicate with the friend of your sister without you or your sister 
able to listen in!

I ask my FreedomBox to "think" hard about my relations (or I wait some 
ours and it might do the thinkin on its own): It looks up that URL 
embedded in the WebID that you gave me - a location on your server 
containing your FOAF file (i.e. data about you and about who you claim 
to be your friends). You might be cautious and not share friendship 
details with the whole world, so my FreedomBox connects using SSL and an 
own WebID (my box is not me, only an agent claiming to serve me!).  Your 
FreedomBox has no knowledge about this WebID in its RDF storage, so 
makes a lookup to its source FOAF which declares that it is an agent of 
me (and my 2 brothers). Then your FreedomBox does a local SPARQL query 
to resolve what knowledge this "agent of multiple persons, among those a 
friend of mine" is permitted gain access on - - and then serves a 
dynamically generated FOAF file containing your relationship with me, 
and your relationship with your sister. Your FreedomBox also stores my 
FreedomBox agent WebID in its local RDF storage both to speedup later 
resolving and so that you can see what security assesments your box made 
on its own later on - without requiring to query that URL again (which 
may be long gone at the time of a security investigation).

My FreedomBox is setup to think _deeper_ than that.  To try reach out 3 
degrees of relationships.  So it repeats the process to gather the FOAF 
of your sister, and then that of her girlfriend.

Then I (after this pause/refresh) locate the girlfriend of your sister 
in my magically self-evolving addressbook, and tell my box that I want 
to create a new privacy zone (a.k.a. "context") initially containing 
only (me and) her.  And go write a blog entry or a chat message or 
whatever, targeted that zone/context.


Above, I believe, is comparable to a ring of trust.

But I am no security expert.  So go ahead and shoot it all down.  Better 
now than after we've shipped 5 million FreedomBoxes ;-)


  - Jonas

[stamp collection] I am in a happy relationship for 10 years, so drop 
those dirty thoughts, please.  In fact it was some nazi stamps which we 
felt you and your sister wouldn't understand the value of, ok?

-- 
  * Jonas Smedegaard - idealist & Internet-arkitekt
  * Tlf.: +45 40843136  Website: http://dr.jones.dk/

  [x] quote me freely  [ ] ask before reusing  [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20110310/db114246/attachment-0001.pgp>

More information about the Freedombox-discuss mailing list