ITGumbo: spicing IT up

A FOAF file is a mechanism to publish one's social and professional profile. It is also used to publicize one's social and professional network, the people one knows besides work duties and the people one collaborates with on project or in an organization. FOAF vocabulary properties foaf:knows and foaf:person are used to document these relationships on the web.

"The foaf:knows property relates a foaf:Person to another foaf:Person that he or she knows" [1].

If one suggests in his/her FOAF file that he/she knows this person (linked with foaf:knows property), the other person is under no obligation to accept that he/she is socially or professionally associated with the FOAF file owner (value of property foaf:name in FOAF file).

"If someone foaf:knows a person, it would be usual for the relation to be reciprocated. However this doesn't mean that there is any obligation for either party to publish FOAF describing this relationship" [1].

Advantages & risks of FOAF file

"You probably know hundreds of people, yet might only list a few in your public FOAF file. That's OK. Or you might list them all. It is perfectly fine to have a FOAF file and not list anyone else in it at all" [1].

Is it okay to create a long list of acquaintances in the FOAF file by adding foaf:knows? It may be okay to do so until no other web application is developed that may use foaf:knows links for purposes other than being informed about one's social & professional standing. As soon as FOAF becomes popular amongst masses it may be used to establish credibility of a person, to establish trust and to authenticate a person. The name FOAF is expanded to "Friend-of-a-Friend", FOAF specification suggests:

"The name was chosen to reflect our concern with social networks and the Web, urban myths, trust and connections" [1].

A hyperlink to one's FOAF file may be embedded by anybody in the web content in order to add a reference to the person. The properties such as foaf:Project and foaf:Organization may be used to find a list of collaborators for a project or an organization. It is not necessary to include these people in the FOAF file with foaf:knows property, a SPARQL query on foaf:Project may be used to find people working on the same project. Many tools can be built to take advantage of this personal information in order to build and find trustworthy connections.

Strong authentication with FOAF

If two people trust each other they can project this information in their respective FOAF file by including each other's FOAF file IRI with foaf:knows property. This reciprocation is a way of establishing trust in each other and this trustworthy connection may be used for authentication. It may be used for responsibility delegation, endorsement and collaboration, etc.

A digital certificate that is used for strong authentication constitutes more than one factor. FOAF Identity (i.e. FOAF file IRI) may be used as one of the factors in the construction of a digital certificate. If 'A' and 'B' trust each other and agree to endorse each other's communications on a certain matter they may get a digital certificate with 'A' and 'B' FOAF Identify as one of the factor for strong authentication. The certification authority shall validate the authenticity of the suggested relationship between the two with the presence of reciprocated FOAF Id with foaf:knows property in 'A' and 'B' FOAF files respectively. The suggested relationship shall be verified by the certificate authority every time it receives a request to verify and decrypt the message encrypted with the issued private key. This verification shall ensure that the suggested trust relationship between 'A' and 'B' is not broken, i.e. digital certificate is valid only until this suggested trust relationship is present in both FOAF files. Example: If either 'A' or 'B' removes foaf:knows entry for the other then the 'knows' relationship is broken; if either 'A' or 'B' changes foaf:Project value then they are not working on the same project anymore.

The relationship may be suggested by specifying other FOAF properties as well, such as: foaf:Group, foaf:Project, foaf:member, etc. The relationship may also be rendered by the user agents such as browsers and e-mail clients in the same manner as VeriSign EV SSL shows certification authority in the green highlighted browser address bar. In e-mail client 'From' bar the relationships may be shown in a drop-down menu.

Conclusion: FOAF data is public information it may be used for strong authentication. If FOAF data is included in the construction of a digital certificate, other private factors must also be included for autentication of FOAF data. The other possible factors that may be used in the construction of digital certificate are: passport number, driving license number, etc. FOAF data may add authenticity to the information by virtue of relationship between the information originator and the foaf:knows people or other FOAF properties.

Ubiquitous internet access and globalization of human civilization has encouraged both sellers and buyers to approach each other beyond national borders. Irrespective of language, law and culture limitations people want to know, learn and practice new ways of life.

WPA2 enabled Wi-Fi hotspot provides authentication and encryption mechanism to secure Wi-Fi network from external intrusion. WEP provides limited security due to manual or static encryption key configuration. Wireless blocking paint or RF paint is another option to build an electromagnetic fortress. Wi-Fi users may find this paint useful as it will block intrusion or leakage of RF waves across the paint layer. While it is a necessary security practice to change the default user name/password and WPA protocol dynamic encryption key thwarts any hacker attempt to decrypt the key; this paint will protect your Wi-Fi network from any unauthentic data recording. EM-SEC is one of the providers of an electromagnetic paint that can be coated on the interior walls to protect the facility from airborne hacker attacks. This paint can be applied to many types of construction materials such as concrete, wood, plastic, etc. Google for other RF paints.

Most research & development organizations use empirical data to evaluate their findings. This empirical data is collected in real-life situation analogous to paid-surveys, the participants in the study are either organization employees or public who agrees to participate in the study. Without this type of evaluation the research results cannot be deployed in the real-life situations. Most of the market research reports are also prepared by active participation of public. The participants are informed about what data will be collected and the purpose of data being collected. Recently I read some articles on Highly Dynamic Systems (HDS); HDS are systems that provide the contextual data to dynamic customers. A very simple example is Global Positioning System that provides the map of surroundings at the current position. As technology advances higher utility HDS are being built with integration of RFID, Semantic Web and Mobile Communication. I wrote a summary of the articles I had read, these are influenced by my own thoughts: Private Data Security in Highly Dynamic Systems and Data Usage Control System.

Cyberthieves could steal data from IT systems of T.J.Maxx parent company TJX. How robust is the wireless security mechanism? In a modern office all systems may work in a wireless mode, while you are working in your cabin an hacker may be sitting in a car nearby and reading all data flowing in the air. Data that was earlier contained in a wire and required physical access to the system for intrusion is suddenly insecure. The organization firewall protected all the systems behind it and the internal network was secure. Now do you need to keep a watch on what is going on outside your office. Any other cause of security failure other than insecure wireless access points must be considered an inappropriate information security policy.

Wireless Security

Risk is the possibility of a harm, loss or danger. Risk can be due to unforeseen circumstances or known threats. While concrete measures can be taken to avoid risks due to known threats, only precautions can be taken for unforeseen circumstances. Security in all aspects of life is part of risk management. While there is lot of emphasis on IT Security, it is risk management that must be focused.