Posted by: John Erickson | January 20, 2010

Thoughts on Securing Linked Data with OAuth and FOAF+SSL


  1. […] Readers may be interested in my new post on mechanisms for providing access control to linked data, Thoughts on Securing Linked Data with OAuth and FOAF+SSL (20 January […]

  2. Thanks for the post.

    On how one may get an OAuth effect with foaf+ssl see “Sketch of a RESTful photo printing service”

    That would allow one to log into a site, and then give that site access rights (via foaf+ssl) to certain resources that one controls. It would be interesting to see how far one can go with that. One only seems to need a couple of relations to get that to work.

    On policy awareness I am not sure, but I think you have published the links that I would start looking at myself….

    More recent talks of mine are at FroSCon are on the foaf+ssl wiki you link to.

  3. Re. FOAF+SSL, the New York Times could put a higher quality Linked Data mesh in a special Named Graph that associated with a foaf:Group for “Premium Partners”. Then it can use Organization Web IDs to create group membership. Once this is in place, FOAF+SSL will take care of the authenticated access for premium member user agents that identify themselves accordingly. Although browsers hosting private keys are used for typical FOAF+SSL demos, its use isn’t confined to User+Brower interaction pattern with HTTP accessible Resources.

    FOAF+SSL and GoodRelations are a powerful combo for unravelling the imminent reshaping of eCommerce and eBusiness in general.

    By addressing the Identity issue (FOAF+SSL) and the Description of “Buy” and “Sell Side” components of commerce in general (GoodRelations), we now have the critical data level infrastructure that has always been missing from the Web, exemplified by the mercurial nature of business models beyond advertising etc..


  4. Note, the policy aspect of this whole picture comes down to applying policies (using respective data access policy ontologies) post authentication (FOAF+SSL enhanced SSL handshake).

  5. Why is it necessary to make a choice between WebID and OAuth? Can’t the two complement each other, where WebID facilitates user logins to a website (e.g. Facebook) and OAuth is used to regulate the access of apps (e.g. Farmville) to user’s profiles?

Leave a Reply to Henry Story Cancel reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s


%d bloggers like this: