Experimental App’s Semantic Signature Feature Aims At Making FOAF Files Reliable Source of Identity Information
An experimental application from Safelayer, dubbed FOAF Manager, is intended to provide trust to the wealth of information on social networks – identity information in particular. Safelayer, a well-known name in the European ICT security market, develops technology for m anaging digital identification and trust in information and communication networks, with authentication, electronic signature and data protection solutions in its portfolio.
The Semantic Web Blog, which recently looked at the evolution of WebID for identity and login management, had a chance to exchange email with Helena Pujol, research project leader at Safelayer, on the company’s work in the trust arena:
Semantic Web Blog: How did the Semantic Web come to Safelayer’s attention around security/trust issues?
Pujol: Our success is based on investing heavily in R&D in order to bolster our strategy of differentiation through technology and innovation. One of our research focuses has been the Semantic Web, and in particular, how ontologies and semantic standards and tools can contribute to improve our products, conferring on them properties of intelligent inference, application interoperability and information integration.
FOAF Manager is one of the experimental applications resulting from these research activities.
Semantic Web Blog: The FOAF manager project is subsidized by the Centre for the Development of Industrial Technology (CDTI) as part of the SEGUR@ project. What can you tell us about that organization and effort?
Pujol: The Centre for the Development of Industrial Technology (CDTI) is a Spanish public organization, under the Ministry of Science and Innovation, whose objective is to help Spanish companies to intensify their technological profile.
The “Security and Trust in the Information Society” Project, also known as “Segur@”, has been promoted by the CDTI: with a budget of about 31 million Euros, a duration of three years and a half, and the participation of around 30 private and public entities, this project has been one of the biggest on security issues that have been carried out in Spain.
Semantic Web Blog: Can you explain what exactly FOAF manager does? What problem does it attempt to solve, and how?
Pujol: FOAF Manager is a web application that allows one to import, edit, merge, publish and sign one’s own FOAF files. All these features attempt to solve two problems mainly: interoperability and trust.
Nowadays our identity information is spread across multiple social network applications that allow us to share our personal and professional interests and achievements. However, on the one hand, the access to this identity information often depends on proprietary interfaces, and on the other hand we are exposed to other people making statements about our digital identity.
With the aim of providing a solution for both problems, we designed and developed FOAF Manager, that can be used to import one’s identity information from several sources and convert it into one or more FOAF files, and —what’s more important— allows one to sign these files to certify that the information comes from a reliable source, or in other words, that it is true.
So, thanks to its user-friendly graphical interface, users are able to control the identity information that they make public on the Internet with the following singularity: each FOAF file can contain different pieces of RDF independently endorsed by different third parties. Therefore, these FOAF files become a source of reliable identity information.
The Semantic Web Blog: So this goes beyond other tools out there to help generate FOAF profiles, like FOAF-a-Matic?
Pujol: While FOAF-a-Matic is a user-friendly FOAF file generator based on a form, FOAF Manager’s novelty is the semantic signature feature [a new digital signature format Safelayer developed], which allows to infer trust from the identity information that social network users share. Besides, it also provides a quick way to obtain an aggregated FOAF file from the information already stored in social network sites like LinkedIn, Twitter or Facebook, as well as from other RDF resources. Therefore, both tools complement each other as FOAF Manager provides extra features like merging contacts, and signing and publishing FOAF files.
Semantic Web Blog: Can you discuss the digital signing capabilities in more detail?
Pujol: Digital signatures provide authenticity and integrity to documents, that is, if a document is digitally signed, we can identify the person who signed it, and we are also able to detect if the document was modified after the signature. Both these qualities are crucial when we share personal information with others, and even more when we consume information from others and we expect it to be reliable.
Although there are consolidated syntactic signature standards based on XML, we wanted to go beyond them and research on a new way to sign RDF/XML documents, and with semantic signatures we have validated two aspirations: first, that different pieces of a document may be signed by different third parties, and verified independently; and second, that these pieces of the document will be valid while “the concepts” remain unaltered, regardless of the syntax and structure.
Semantic Web Blog: Tell us about the intersection between the FOAF ontology and your experimental applications, such as PKI Trust Center (which catalogs and rates digital certificates), and Interidy Identity Provider (which lets users register their personal data and generate managed information cards from it that can be used in authentication processes)?
Pujol: We chose the FOAF ontology as the common vocabulary to express identity information in all our experimental applications, as it was widely used by the Semantic Web community. Thanks to this approach, we have validated that Semantic Web standards and identity ontologies can smooth the implementation and interoperability of user-centric identity and trust management tools, which can help users gain control over their identity attributes.
Moreover, we have published the FOAF for Java library, that facilitates the creation of applications that involve the use of FOAF profiles to those who are not familiar with RDF. It can be downloaded from the SourceForge website under GNU GPL.
Semantic Web Blog: Is there any relationship to what FOAF Manager and your solutions are doing and WebID?
Pujol: WebID and [Safelyaer] semantic signature are aimed at different purposes. While the objective of the WebID protocol is to authenticate users and their RDF identifiers from their public FOAF profiles, the objective of the semantic signature implemented in the FOAF Manager application is to provide a mechanism that enhances FOAF files (and RDF files in general) with trust. That is, we enable users to validate the sources and the integrity of an RDF document while gaining trust not only in the user identifier, but in many more identity related information. Therefore, both solutions are complementary.
Semantic Web Blog: How far along is the sandbox project around FOAF Manager? What are next steps?
Pujol: Safelayer’s Semantic Web Trust Portal, where FOAF Manager takes part, is a long-term project and we are still working on the ways to improve global trust on the Internet. Obviously, our results to date encourage us to keep applying Semantic Web technologies to our research activities, and so we hope to see them in our future products.