ITGumbo: spicing IT up

A FOAF file is a mechanism to publish one's social and professional profile. It is also used to publicize one's social and professional network, the people one knows besides work duties and the people one collaborates with on project or in an organization. FOAF vocabulary properties foaf:knows and foaf:person are used to document these relationships on the web.

"The foaf:knows property relates a foaf:Person to another foaf:Person that he or she knows" [1].

If one suggests in his/her FOAF file that he/she knows this person (linked with foaf:knows property), the other person is under no obligation to accept that he/she is socially or professionally associated with the FOAF file owner (value of property foaf:name in FOAF file).

"If someone foaf:knows a person, it would be usual for the relation to be reciprocated. However this doesn't mean that there is any obligation for either party to publish FOAF describing this relationship" [1].

Advantages & risks of FOAF file

"You probably know hundreds of people, yet might only list a few in your public FOAF file. That's OK. Or you might list them all. It is perfectly fine to have a FOAF file and not list anyone else in it at all" [1].

Is it okay to create a long list of acquaintances in the FOAF file by adding foaf:knows? It may be okay to do so until no other web application is developed that may use foaf:knows links for purposes other than being informed about one's social & professional standing. As soon as FOAF becomes popular amongst masses it may be used to establish credibility of a person, to establish trust and to authenticate a person. The name FOAF is expanded to "Friend-of-a-Friend", FOAF specification suggests:

"The name was chosen to reflect our concern with social networks and the Web, urban myths, trust and connections" [1].

A hyperlink to one's FOAF file may be embedded by anybody in the web content in order to add a reference to the person. The properties such as foaf:Project and foaf:Organization may be used to find a list of collaborators for a project or an organization. It is not necessary to include these people in the FOAF file with foaf:knows property, a SPARQL query on foaf:Project may be used to find people working on the same project. Many tools can be built to take advantage of this personal information in order to build and find trustworthy connections.

Strong authentication with FOAF

If two people trust each other they can project this information in their respective FOAF file by including each other's FOAF file IRI with foaf:knows property. This reciprocation is a way of establishing trust in each other and this trustworthy connection may be used for authentication. It may be used for responsibility delegation, endorsement and collaboration, etc.

A digital certificate that is used for strong authentication constitutes more than one factor. FOAF Identity (i.e. FOAF file IRI) may be used as one of the factors in the construction of a digital certificate. If 'A' and 'B' trust each other and agree to endorse each other's communications on a certain matter they may get a digital certificate with 'A' and 'B' FOAF Identify as one of the factor for strong authentication. The certification authority shall validate the authenticity of the suggested relationship between the two with the presence of reciprocated FOAF Id with foaf:knows property in 'A' and 'B' FOAF files respectively. The suggested relationship shall be verified by the certificate authority every time it receives a request to verify and decrypt the message encrypted with the issued private key. This verification shall ensure that the suggested trust relationship between 'A' and 'B' is not broken, i.e. digital certificate is valid only until this suggested trust relationship is present in both FOAF files. Example: If either 'A' or 'B' removes foaf:knows entry for the other then the 'knows' relationship is broken; if either 'A' or 'B' changes foaf:Project value then they are not working on the same project anymore.

The relationship may be suggested by specifying other FOAF properties as well, such as: foaf:Group, foaf:Project, foaf:member, etc. The relationship may also be rendered by the user agents such as browsers and e-mail clients in the same manner as VeriSign EV SSL shows certification authority in the green highlighted browser address bar. In e-mail client 'From' bar the relationships may be shown in a drop-down menu.

Conclusion: FOAF data is public information it may be used for strong authentication. If FOAF data is included in the construction of a digital certificate, other private factors must also be included for autentication of FOAF data. The other possible factors that may be used in the construction of digital certificate are: passport number, driving license number, etc. FOAF data may add authenticity to the information by virtue of relationship between the information originator and the foaf:knows people or other FOAF properties.