The Sun BabelFish Blog

My Semantic Web BlogRoll

I have not had time to automate my blog roll publication yet. Here is the first step down that path. The following are the semantic web blogs I follow closely. I am sure I must be missing many others that are interesting. Though I already am way past the point of information overload. (For those in the same position here are some tips (via Danny))

AI3:::Adaptive Information - RSS

Mike Bergman on the semantic Web and structured Web

About the social semantic web - RSS

Web 2.0 - what's next?

Bnode - atom

bobdc.blog - RSS

Bob DuCharme's weblog, mostly on technology for representing and linking information.

Bill de hOra - atom

Bill de HOra's blog

captsolo weblog - RSS

CaptSolo weblog

connolly's blog - RSS

Dan Connolly's blog

Cloudlands - RSS

John Breslin's Blog

Daniel Lewis - RSS

A technological, personal, spiritual, and academic blog.

Dave Beckett - Journalblog - RSS

RDF and free software hacking

David Seth - RSS

Semantic Web & my backyard

dowhatimean.net - RSS

Richard Cyganiak's Weblog

Elastic Grid Blog - RSS

The ultimate blog about the Elastic Grid solution...

Elias Torres - RSS

I'm working on a tagline. I promise.

Inchoate Curmudgeon - RSS

I'm getting there. What's the rush? It's about the journey, right?

Internet Alchemy - RSS

Seeing the world through RDF goggles since 2007

Kashori - RSS

Kingsley Idehen's Blog Data Space - RSS

Data Space Endpoint for - Knowledge, Information, and Raw Data

Kingsley Idehen's Blog Data Space - atom

Data Space Endpoint for - Knowledge, Information, and Raw Data

Les petites cases - Fourre-tout personnel virtuel de Got - RSS

Lost Boy - RSS 1.0

A journal of no fixed aims or direction by Leigh Dodds. If you see him wandering, point him in the direction of home.

Mark Wahl, CISA - RSS

Discussions on organizing principles for identity systems

Michael Levin's Weblog and Swampcast! - RSS

Software development, technobuzz, and everything else.

Minding the Planet - RSS

Nova Spivack's Journal of Unusual News & Ideas

More News - RSS

Nodalities - RSS

From Semantic Web to Web of Data

opencontentlawyer.com - RSS

copyright, content, and you

Perspectives - RSS

Interfaces, web sémantique, hypermédia

Planet Kiwi - RSS

... where all the KiwiKnows is!

Planet RDF - RSS

It's triples all the way down

Planete Web Semantique - RSS

French Semantic Web planet

Raw - RSS

Danny's linkiness

Rinke Hoekstra - RSS

"Time is nature's way to keep everything from happening at once." - John Wheeler

S is for Semantics - RSS

Dean Allemang's Blog - Check out our new book on the Semantic Web!

Semantic Focus - RSS

On the Semantic Web, Semantic Web technology and computational semantics

Semantic Wave - RSS

News feeds and commentary maintained by semantic web developer Jamie Pitts.

Semantic Web Interest Group Scratchpad - RSS

Semantic Web Interest Group IRC scratchpad where items mentioned and commented on in IRC get collected.

Semantic Web Wire - RSS

Comprehensive News Feed for Semantic Web.

semantic weltbild 2.0 (Building the Semantic Web is easier together) - RSS

Building the Semantic Web is easier together

SemanticMetadata.net - RSS

Speaking my mind - RSS

The whole is more than the sum

TagCommons - RSS

toward a basis for sharing tag data

TechBrew - RSS

Informative geekery on software and technology

Technical Ramblings - RSS

Ramblings of a GIS Hacker

Thinking Clearly - RSS

Make lots of money through stealth in shadows

W3C Semantic Web Activity News - RSS

I automated the creation of this blogroll by transforming the opml of my blog reader with the following xquery

declare namespace loc = "http://test.org/";

declare function loc:string($t as xs:string) {
             $t
};


<html>
<body>
<dl>
{
   for $outline in //outline
   order by $outline/@title
   return 
     <span>
          <dt><a href="{ $outline/@htmlUrl}">{ loc:string($outline/@text) }</a> - <a href="{ $outline/@xmlUrl}">{ loc:string($outline/@version)}</a> </dt>
          <dd>{ loc:string($outline/@description) }</dd>
     </span>
}
</dl>
</body>
</html>

I then had to edit a bit of the generated html by hand to make it presentable.

Thanks to the Oxygen editor for making this really easy to do.

Posted at 05:52PM Jul 24, 2008 [permalink/trackback] by Henry Story in General  |  Comments[0]

NetBeans and Semantic Wikis

The Kiwi team is meeting at the Prague Sun offices for the next few days to discuss the roadmap of this cutest of all semantic wikis. I completely empathize with Jana Herwig, when she writes:

An IT project is like herding cats, they say - in our case, we’ll be herding kiwis, and if we can enjoy it only half as much as these guys, I’ll be fine:-)

And illustrates it with this video:

I like to think of us developers as being the cats, and the kiwis as the things we want to herd. Tasty :-) That would indeed also explain why I am still in France - herding cats ain't easy.

Why am I still in France and not tasting free beer in Prague? Well, last month's conferences in California has given me a conference overdose, from which I am still recovering. Also I have been speaking so much about the Address Book, that I really need to sit down, roll up my sleeves, and just work on it. I did try to write something on topic yesterday, relating the semantic web and NetBeans - since Prague is the center of NetBeans development. I hope that excuses me somewhat.

A list of on the spot updates to this meeting can be found on kiwi planet.

Posted at 04:39PM Jun 25, 2008 [permalink/trackback] by Henry Story in Java  |  Comments[0]

Webifying Integrated Development Environments

IDEs should be browsers of code on a Read Write Web. A whole revolution in how to build code editors is I believe hidden in those words. So let's imagine it. Fiction anticipates reality.

Imagine your favorite IDE, a future version of NetBeans perhaps or IntelliJ, which would make downloading a new project as easy as dragging and dropping a project url onto your IDE. The project home page would point to a description of the location of the code, the dependencies of this project on other projects, described themselves via URL references, which themselves would be set up in a similar manner. Let's imagine further: instead of downloading all the code from CVS, think of every source code document as having a URL on the web. ( Subversion is in fact designed like this, so this is not so far fetched at all.) And let's imagine that NetBeans thinks about each software component primarily via this URL.
Since every piece of code and every library has a URL, the IDE would be able to use RESTful architectural principles of the web. A few key advantages of this are

• Caching: web architecture is the ability to cache information on the network or locally without ambiguity. This is how your web browser works ( though it could work better ). To illustrate: once a day Google changes its banner image. Your browser and every browser on earth only fetches that picture once a day, even if you do 100 searches. Does Google serve one image to each browser? No! numerous caches (company, country, or other) cache that picture and send it to the browser without sending the request all the way to the search engine, reducing the load on their servers very significantly.
• Universal names: since every resource has a URL, any resource can relate in one way or another to any other resource wherever it is located. This is what enables hypertext and what is enabling hyperdata.

• No need to download libraries twice: if you have been working on open source projects at all frequently you must have noticed how often the same libraries are found in each of the projects you have downloaded. Apache logging is a good example.
• No need to download source code: it's on the web! You don't therefore need a local cache of code you have never looked at. Download what you need when you need it (and then cache it!): the Just in Time principle.
• Describe things globally: Since you have universal identifiers you can now describe how source code relates to documentation, to people working on the code, or anything else in a global way, that will be valid for all. Just describe the resources. There's a framework around just for that, that is very easy to use with the right introduction.

The above advantages may seem rather insignificant. After all, real developers are tough. They use vi. (And I do). So why should they change? Well notice that they also use Adobe Air or Microsoft Silverlight. So productivity considerations do in fact play a very important factor in the software ecosystem.
Don't normal developers just work on a few pieces of code? Well speaking for myself here, I have 62 different projects in my /Users/hjs/Programming directory, and in each of these I often have a handful of project branches. As more and more code is open source, and owned and tested by different organizations, the number of projects available on the web will continue to explode, and due to the laziness principle the number of projects using code from other projects will grow further. Already whole operating systems consisting of many tens of thousands of different modules can be downloaded and compiled. The ones I have downloaded are just the ones I have had the patience to get. Usually this means jumping through a lot of hoops:

1. I have to finding the web site of the code. And I may only have a jar name to go by. So Google helps. But that is a whole procedure in itself that should be unecessary. If you have an image in your browser you know where it is located by right-clicking over it and selecting the URL. Why not so with code?
2. Then I have to browse a web page, which may not be written in my language, and find the repository of the source code
3. Then I have to find the command line to download the source code, or the command in the IDE and also somehow guess which version number produced the jar I am using.
4. Once downloaded, and this can take some time, I may have to find the build procedure. There are a few out there. Luckily ant and maven are catching on. But some of these files can be very complicated to understand.
5. Then I have to link the source code on my local file system to the jar on my local file system my project is using. In NetBeans this is exceedingly tedious - sometimes I have found it to be close to impossible even. IntelliJ has a few little tricks to automate some of this, but it can be pretty nasty too, requiring jumping around different forms. Especially if a project has created a large number of little jar files.
6. And then all that work is only valid for me. Because all references are to files on my local file system, they cannot be published. NetBeans is a huge pain here in that it often creates absolute file URLs in its properties files. By replacing them with relative urls one can get publish some of the results, but at the cost of copying every dependency into the local repository. And working out what is local and what is remote can take up a lot of time. It will work on my system, but not on someone else's.
7. Once that project downloaded one may discover that it depends on yet another project, and so we have to go back to step 1.

So why do we have to tie together all the components on our local file system? This is because the IDE's are not referring to the resources with global identifiers. The owner of the junit project should say somewhere, in his doap file perhaps that:

 
   @prefix java: <http://java.net/ont/java#> . #made this up
   @prefix code: <http://todo.eg/#> .

   <http://project.eg/svn/lib/junit-4.0.jar> a java:Jar;
         code:builtFrom <http://junit.sourceforge.net/> .

   #what would be needed here needs to be worked out more carefully. The point is that we don't
   #at any point refer to any local file.

Because this future IDE we are imagining together will then know that it has stored a local copy of the jar somewhere on the local file system, and because it will know where it placed the local copy of the source code, it will know how the cached jar relates to the cached source code, as illustrated in the diagram above. So just as when you click on a link on your web browser you don't have to do any maintenance to find out where the images and html files are cached on your hard drive, and how one resource (you local copy of an image) relates to the web page, so we should not have to do any of this type of work in our Development Environment either.

From here many other things follow. A couple of years ago I showed how this could be used link source code to bugs, to create a distributed bug database. Recently I showed how one could use this to improve build scripts. Why even download a whole project if you are stepping through code? Why not just fetch the code that you need when you need it from the web? One HTTP GET at a time. The list of functional improvements is endless. I welcome you to list some that you come up with in the comments section below.

If you want to make a big impact in the IDE space, that will be the way to go.

Posted at 12:45PM Jun 24, 2008 [permalink/trackback] by Henry Story in Java  |  Comments[20]

My Mail.app is unstable

Mail.app is getting to be a real pain to work with. This is the 4th time in 2 months that I have to spend over 4 hours debugging it. As of writing this I can longer send or receive mail!
It used to just crash, which was useful because I could use dtrace to find all the files it had opened and just remove the directories in Library/Mail where it had last looked at. I could then re-import those folders later.
Since the 10.5.3 update it no longer crashes. A week ago it just either spent a huge amount of time thinking, using up over 100% of the cpu (there are two cores so it can use up to %200), and then finally recovered, but I had time to study a few chapters of "Semantic Web for the Working Ontologist before that happened. Today it just consumed so much cpu that all other applications became irresponsive. I reniced Mail with

$ sudo renice -20 -p 16410  #where 16410 was the process id of Mail.app at the time

I am clearly not the only one with this problem. Searching the web I found that

• Tim Bray twittered about a problem he had, though on asking him, it had a different solution, relating to removing ical entries.
• A long thread on the Apple support forum entitled "Mail Hangs". I am pretty sure none of the suggested solutions did anything for me. I spent last Saturday cleaning up my OS with OnyX (got it from somewhere else though)
• Another thread on the apple discussion forum entitled "Mail.app not restoring properly - keeps asking to import mailboxes, crashes".
• Search for "crashing mail.app" on Google limited to the last week or month, to get a feel for this.

Mail.app is really a key application of OSX. If Apple can't get this right, or don't have enough resources to dedicate to this, would it perhaps help to Open Source Mail.app? At least some of us could hunt down the problem and give them a fix. Currently I am not sure what they are doing about this. I will try once more to fix it, but I am really really close to switching to something else...

2 hours later - Solved: I had a mail folder for an internal Sun apple mailing list. I had suspected that there was a problem here as it would crash when I opened that folder. So I went to /Users/hjs/Library/Mail/IMAP-hsXXXXX@mail.sun.net and moved the apple.imapbox to a temporary folder. I then started Mail and it fetched all the threads from the server again. Having the mail on a remote server helps a lot. For one it should make moving to another client a lot easier...

Could it be that I have too many e-mails? The following seems to suggest that I have 273 thousand.

hjs@bblfish:0$ cd Library/Mail
hjs@bblfish:0$ find . -name "*.emlx" | wc
 273761  322242 17719867

Posted at 03:36PM Jun 18, 2008 [permalink/trackback] by Henry Story in General  |  Comments[2]

Firefox 3 is out

Firefox 3.0 is out. It looks really, really good! Get it here! and help set a world record :-)

Posted at 02:18PM Jun 18, 2008 [permalink/trackback] by Henry Story in General  |  Comments[1]

Blue Rays

Sixteen years ago, as I was studying philosophy in London on an empty budget, very close to living on the streets - off Kings Road, it is true, as I had decided that if I had to live in extreme poverty I would do so with style - I had one of these weird conversations around a fire with an Irish unemployed actor, and a number of other fellow travelers of fate. Reminded of the great Edinborough theater festival I decided on the spot I was going to go there. For some reason the actor I was talking to decided that I was not going to go. This surprised me somewhat. So I restated my desire to go. He doubted the seriousness of it again. How could he tell me what I was going to do, I blurted out. I had decided to go, so I would. I might have no money to go there, but I had no money to be here, so what was the difference? I had no serious appointments here, so what would stop me? "You just won't", he stubbornly affirmed. Angered by sheer nerve of his remark, but keeping my cool, I decided to come to a compromise with him. I would go but would fail twice to get there, I affirmed. The third attempt would be successful. The compromise was strange enough, that everyone around the fire nodded, and he had to accept.

Months passed and towards end of July 1992 I was reminded of the start of the festival. This was lucky as at the time I did not have any seriously way of taking notes or reminding myself of a date. Pieces of paper could all too easily get lost. And I did not have enough appointments to justify having an agenda, and if I did I could easily have missed looking at it. This was before the World Wide Web. Before internet cafes. Before widely available email. Before I even could afford a computer. All we had were libraries at the time and newspapers for sources of information. TVs also existed of course, but you had to know when to look, which was a whole skill in itself. And of course the type of TV we had access to was probably a black and white 13 inch set with poor reception. As far as books were concerned, I was reading Gareth Evans' The Varieties of Reference, and it was not there that I was going to find purely accidental information I needed.
So reminded of the start of the theater season, I decided to immediately get on my way. Early next morning, I walked to the train station bought myself a ticket with the little money I had, stepped on the train and was on my way. 45 minutes later I discovered that this was not the train to Edinburgh I was on, but some other one. So I got off in a rush and took the next train back to London. This time I made absolutely sure I was on the right train. I asked a number of people, sat down, and prepared to enjoy the journey. The train started and ran for a while. I was on my way! Then the train stopped, and turned back. Some engineering problem it seems. We had to take another train. Life is weird like that.

So as I stepped onto the third train I was reminded of my compromise many months before. I knew in my heart then that I was going to get there now. And off the train went. I had a mini magnetic go set, and taught a girl this oldest of all games along the way.
Of course arriving in Edinburgh I had absolutely no place to stay. Organizing a trip with the minimal budget I had would have been impossible at the time, and I certainly could not have afforded to rent anything there. Prices during the theater season were sky high. Many locals rent out their flats for the season, and use it to finance their holidays in warmer climates. I can't remember at what time I arrived, and how I would have slept the first night there. Perhaps on a bench somewhere, as usual...

The next morning I walked passed the film festival section. I entered and watched a couple of very nice young creators shorts. There was a session on a new digital projection technique called High Definition, which I attended. The quality of the image we were told was equivalent to that of film, after a film had been projected a few times. New film might be better, but it soon accumulates scratches, which digital film does not. And indeed if the speaker had not told me that the film we had just seen had been projected digitally I would not have known better. Pointing to the huge projector in the room he then explained in more detail what technology it required in layman's terms. I had no money. But I was sold. My first TV would be High Definition or nothing. As an undergraduate I had agreed with my conversation buddy Mark Pitt, that watching films at anything less than the quality they were designed for was sacrilege. Films shown on TV clearly were just shadows of their real self.

So to finish the Edinburgh story, that afternoon I got to speak to an attendee of the festival. Having told him that I just arrived from London, and questioning him about the difficulty of finding lodgings - I had seen some flats where thirty or so people were staying together, reeking of the sweet smell of decomposing garbage and unwashed socks - he agreed with me. His wife had not at all liked the apartment they had found initially he told me, so they had moved to another one. And now they did not know what to do with the original one, which they could not give back. I suggested I could look after it for them. He accepted, gave me the keys, and that is how I spent a whole festival season in a clean apartment, with a nice view all to myself.

16 years later, after the explosion of the internet onto the global scene, after DVDs came and never really quite worked, after the world wide web frenzy, and the dot com bust, after web2, after a High definition formats war, finally High Definition Television and their television sets have come to be affordable and worth investing it - another proof that innovation happens slowly. So for father's day my parents bought a High definition 40 inch flat panel screen, and I convinced them to replace the broken DVD drive with a new Blu-ray reader. We brought it back home, installed it, and watched Planet Earth ("Un Jour sur terre" in French) an extraordinary documentary about life on earth, with gorgeous scenes such as that of the Polar Bear, which starts with a close up of him walking on ice, the camera zooming back slowly, revealing the beauty of all the shades of polar snow, revealing the blue water through the cracking sheets of ice, revealing the many sheets of cracked ice separating slowly, the polar bear now just a spot on one of them, in one stunning image of the melting polar cap under the blue rays of the fading summer sun.

Posted at 12:35PM Jun 18, 2008 [permalink/trackback] by Henry Story in travel  |  Comments[3]

3 weeks of conferences and workshops in the Bay Area

I am in the Bay Area about to start my third week of conference/workshops with the combined themes of Java, identity, semantic web, and data portability.

The first week at JavaOne went very well. The Semantic Web Panel attracted way over 500 people by my guesstimate (no official figure yet), and Dean Allemang's talk "Semantic Web for the working Ontologist", that took place on the last day attracted well over three hundred attendees. My BOF, happened late at night at the same time as a big party, and only attracted 30 or so attendees. But on the whole JavaOne proved a great success.

Speaking to members of the liberty group at Sun, I discovered the existence of the Internet Identity Workshop in Mountain View, and decided this would be a good opportunity to learn more about this space. This was a very good use of my time, as it helped me get more familiar with many of the problems and technologies in this space. I put forward some of the ideas I had been discussing here relating the semantic web and distributed web of trust ideas using OpenId and foaf+ssl, which seemed to hold up quite well under the close scrutiny of the community. A few fun conversations with Eve Maler (aka xmlgrrl) on the relations between the semantic web and XML nicely spiced up the evenings :-)

That workshop was closely followed by a one day Data Sharing Summit, addressing issues raised by the Data Portability group, which I have been following relatively closely. This one day session was very helpful for my understanding of the types of problems that need solving. An ontology for what can be done with information in a foaf file would indeed be very helpful. This would have to allow one to specify in simple terms what relations could be republished or which ones should not be.

So next on the list is the Semantic Technology Conference in San Jose, which will bring all these threads together. For more on that see see my post on the Semantic Tech highlights.

Posted at 10:54PM May 17, 2008 [permalink/trackback] by Henry Story in travel  |  Comments[1]

Social Networks and Data Portability at Semantic Tech conference in San Jose

The upcoming semantic conference in San Jose, is getting going tomorrow, with an excellent list of speakers and subjects. Here are some highlights of the sessions relating to topics on which I blog regularly.

• The Future of Social Networks: The Need for Semantics, Monday, May 19, 2008 from 08:30 AM - 12:00 PM, will be hosted by John Breslin, Prof Stefan Decker and Uldis Bojars.
• The Semantic Web, Social Graphs and Social Verification Tom Ilube, Chief Executive Officer, Garlik Limited will present on Monday, May 19, 2008 at 05:00 PM - 06:00 PM
• Semantic Wikis: Boosting Collaborative Technology will be presented by Juergen Angele on Monday, May 19, 2008 at 05:00 PM - 06:00 PM clashing with Tom Illube's talk, sadly.
• Data Portability Interest Group will take place on Tuesday, May 20, 2008 at 07:15 AM - 08:15 AM. A bit early but well worth it. John Breslin will be hosting it.
• Linked Data Panel with Danny Ayers, Giovanni Tummarello, Nathan R Yergler of the Creative Commons, and Ralph R. Swick from the w3c will be speaking about this essential topic on Wednesday, May 21, 2008 at 08:30 AM - 09:30 AM.
• Data Availability at MySpace Jim Benedetto, Senior Vice President of Technology will explaining the Data Availability initiative.
• Developing Semantic Web Applications: Current Tools, Best Practices and Future Directions on Wednesday, May 21, 2008 at 09:45 AM - 10:45 AM, Eric Miller, Jaans Aasman, Jeroen Wester, Dean Allemang and I, will talk about various semantic web applications, the technologies needed to build them and more. In particular I will be demonstrating the Semantic Web Address Book
• Semantic Markup of Java Source Code Brian D Eubanks will talk on Wednesday, May 21, 2008 at 05:30 PM - 06:30 PM

Many more interesting talks will make sure I will spend another packed week. The full program is available online.

Posted at 10:42PM May 17, 2008 [permalink/trackback] by Henry Story in SemWeb  |  Comments[0]

Three Semantic Web talks at JavaOne 2008

Following on the success last year, JavaOne 2008 has lined up three talks on the Semantic Web, a 200% increase. The program should be an excellent way for Java enthusiasts to get a feel for how the Semantic Web is getting used in real application making money for real start ups, how to develop such apps in Java, how to build open social networks that bridge the social networking data silos, and with the help of Dean Allemang cover some theoretical grounds from a practical perspective .

Here is the timetable of the sessions at JavaOne. Highlighted in green are the three semantic web sessions. Highlighted in gray are 4 of the 5 sessions on Google's Open Social API, which reveals the importance social networks are taking in development. I don't think though that that API solves the real problem of current social networks: The Data silo problem. Only Semantic Web technologies can do that.

Below are the details of the sessions in tabular format. I believe they should complement each other very well.

Session Title:	Beatnik: Building an Open Social Network Browser
Session Time:	Thursday - 05/08/2008 - 7:30 PM-8:20 PM
Session ID:	BOF-5911
Session Description:	The recent growth of social networking sites is revealing the limits of the current ad hoc data architecture used by Web 2.0 sites. A typical example is that you cannot link to a person in a Facebook account from a LinkedIn account. What is needed to solve these problems is hyperdata, the ability to link data universally. Hyperdata is to data what hypertext is to text. Where hypertext enables text to link up to other text, hyperdata enables data to link up to other data globally. Where HTML enables open, distributed hypertext, the semantic web enables open, distributed hyperdata. Anybody can publish data that then becomes reachable by any tool crawling the web of relations. To illustrate the power of hyperdata, this session presents Beatnik, a social network browser and editor written entirely in the Java™ programming language that consumes any of the millions of available friend-of-a-friend (FOAF) files already published on the web and enables users to publish information about themselves and their own social network. It shows how you can drag and drop a FOAF URL onto Beatnik and start exploring a web of relations and find up-to-date information about where your friends live, who their friends are, and where people are currently located. With a click of a button, Beatnik will publish all your own relations to your web server in a nonintrusive way to make you part of the first globally available open social network. After a quick overview of the semantic web and FOAF, the presentation takes a detailed look at how the Beatnik client is built. This involves digging into one of the many Java technology-based semantic web frameworks, such as Sesame, and its APIs; a Java-platform-to-RDF mapper, such as so(m)mer or Elmo; and how this enables inferencing on the Java platform. On the server side, the presentation looks at how you can easily publish the contents of an LDAP database into any of the numerous RDF formats using JSR 311, the Java API for RESTful Web Services. It also covers the use of the Atom Publishing Protocol as a publication mechanism and discusses various security techniques for limiting the view of a personal graph of information by using OpenID and distributed-web-of-trust techniques.
Track:	Cool Stuff, Cool Desktop; Cool Stuff, Cool Next Gen Web; Open Source, Open Source Next Gen Web; Cool Stuff; Desktop; Next Generation Web; Open Source
Session Type:	Birds-of-a-Feather Session (BOF)
Duration:	50 minutes
Speaker(s):	Tim Boudreau, Sun Microsystems, Inc.; Henry Story, Sun Microsystems, Inc.

Session Title:	Semantic Web for the Working Ontologist
Session Time:	Friday 05/09/2008 - 1:30 PM-2:30 PM
Session ID:	TS-5555
Session Description:	This session presents the basics of practical semantic web deployment using standards-based tools on the Java™ platform. It covers the Resource Description Framework (RDF) as the fundamental mashup language of the web; SPARQL, the query language for RDF; and RDFS and OWL, which provide simple inferencing capabilities. In the distributed world of the web, information is moving from a hypertext paradigm to a hyperdata paradigm--the web today is not just a web of documents but also a web of data. But that data is available on the web and in the enterprise in a wide variety of forms: HTML, XML, RSS, spreadsheets, databases, and so on. RDF provides a uniform way to identify information in a distributed setting to form a web of data. The session demonstrates a Java technology-based platform (built on Eclipse) that uses RDF as an interlingua for merging information from multiple web sources. Java technology plays a key role in the success of the system in several ways. First, it uses the large variety of public domain semantic web software available on the Java platform as the basis of interoperability at the API level. Second, it uses the Eclipse framework as a visual editing environment for the ontologies. Finally, it uses the modularity of the Eclipse plug-in environment to enable a sort of plug-and-play architecture among semantic components. One of the basic ideas of the semantic web is that semantic models, or “ontologies,” can be used to describe how data fits together. In the context of the web of hyperdata, an ontology can describe how data in one source relates to data from another, or even which sources of data should be merged to answer a particular question or support a particular application. The idea is that, armed with these tools, a working ontologist can describe hyperdata applications without resorting to a general-purpose programming language. TopQuadrant has used these standards to construct a workbench for building semantic applications. Semantic mashups can be built by use of RDFS and OWL. TopQuadrant has also developed a visual flow editor for describing how distributed data can be merged in novel ways; it calls this editor SPARQLMotion, because it extends the standard query language SPARQL with intuitive information flow diagrams modeled in OWL. SPARQLMotion modules can be connected with a simple point-and-click interface to create novel arrangements.
Track:	Next Generation Web
Session Type:	Technical Session
Duration:	60 minutes
Speaker(s):	Dean Allemang, TopQuadrant Inc.

Posted at 07:50PM May 07, 2008 [permalink/trackback] by Henry Story in Java  |  Comments[2]

BOF-5911: Building a Web 3.0 Address Book

To give everyone a chance to try out the So(m)mer Address Book, I have made it available via Java Web Start: just click on the picture to the right, and try it out.

The Address Book is currently demoware: it shows how one can build virally an open distributed social network client that solves the social network data silo problem (video). No need to have an account on every social networking site on which you have friends, and so maintain your data on each one. You can simply belong to one network and link to all your friends wherever they are. With one click of a button you can publish your social network to your own web server, using ftp, scp, WebDAV, or even Atom. You can then link to other people who have (or not in fact), a foaf file. By pressing the space bar when selecting a friend, the Address Book with then GET their file. So you can browse your social network.

To get going you can explore my social network by dragging my foaf file icon onto the first pane of the application.

In BOF-5911 which I will be presenting on Thursday at 7:30pm I will be presenting the social networking problem, demonstrating how the So(m)mer Address Book solves it, and showing in detail how it is build, what the problems are, and what work remains. I will also discuss how this can be used to create global single sign on based on a network of trust.

Posted at 12:50AM May 07, 2008 [permalink/trackback] by Henry Story in Java  |  Comments[4]

history meme

For an hour or so I managed to forget that I had a lot of work to do. Catching up with my unread posts on my blogroll, I came across Tim Bray's History Meme post, and decided to try it out. So here are my results:

hjs@bblfish:0$ history | tr -s ' ' | cut -d ' ' -f 3 | sort | uniq -c | sort -rn | head -n 10
  115	ls 
   65	cd 
   60	ant
   42	vi 
   42	less 
   20	fg 
   17	cwm 
   15	svn 
   14	pwd 
    9	top 

ant is of course the build tool I use. I once laughed at the unintuitiveness of vi, but I later discovered it stands for virus - you just can't stop using it. cwm is the semantic web swiss army knife written in python: incredibly useful for every day semantic web hacking. And svn is the subversion command line client: I love subversion. When coding of course I spend a lot of time in either IntelliJ or NetBeans, depending on the day.

I have a number of other shells open, and the same commands tend to appear in them. Often the unix find command does. So I thought I'd try seeing what I get when I enlarge the list:

hjs@bblfish:0$ history | tr -s ' ' | cut -d ' ' -f 3 | sort | uniq -c | sort -rn | head -n 20
 113 ls
  55 vi
  54 cd
  36 less
  36 ant
  21 cwm
  20 fg
  16 pwd
  12 svn
   9 top
   9 find
   9 exit
   8 ping
   7 ssh
   7 killall
   7 defaults
   7 curl
   7 bc
   6 bzcat
   5 fink

Posted at 10:07AM Apr 22, 2008 [permalink/trackback] by Henry Story in Silly  |  Comments[1]

FOAF & SSL: creating a global decentralised authentication protocol

Following on my previous post RDFAuth: sketch of a buzzword compliant authentication protocol, Toby Inkster came up with a brilliantly simple scheme that builds very neatly on top of the Secure Sockets Layer of https. I describe the protocol shortly here, and will describe an implementation of it in my next post.

Simple global ( passwordless if using a device such as the Aladdin USB e-Token ) authentication around the web would be extremely valuable. I am currently crumbling under the number of sites asking me for authentication information, and for each site I need to remember a new id and password combination. I am not the only one with this problem as the data portability video demonstrates. OpenId solves the problem but the protocol consumes a lot of ssl connections. For hyperdata user agents this could be painfully slow. This is because they may need access to just a couple of resources per server as they jump from service to service.

As before we have a very simple scenario to consider. Romeo wants to find out where Juliette is. Juliette's hyperdata Address Book updates her location on a regular basis by PUTing information to a protected resource which she only wants her friends and their friends to have access to. Her server knows from her foaf:PersonalProfileDocument who her friends are. She identifies them via dereferenceable URLs, as I do, which themselves usually (the web is flexible) return more foaf:PersonalProfileDocuments describing them, and pointing to further such documents. In this way the list of people able to find out her location can be specified in a flexible and distributed manner. So let us imagine that Romeo is a friend of a friend of Juliette's and he wishes to talk to her. The following sequence diagram continues the story...

The stages of the diagram are listed below:

1. First Romeo's User Agent HTTP GETs Juliette's public foaf file located at http://juliette.net/. The server returns a representation ( in RDFa perhaps ) with the same semantics as the following N3:

   @prefix : <#> . 
   @prefix foaf: <http://xmlns.com/foaf/0.1/> .
   @prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
   @prefix todo: <http://eg.org/todo#> .
   @prefix openid: <http://eg.org/openid/todo#> .
   
   <> a foaf:PersonalProfileDocument;
      foaf:primaryTopic :juliette ;
      openid:server <https://aol.com/openid/service>; # see The Openid Sequence Diagram .
   
   :juliette a foaf:Person;
      foaf:name "Juliette";
      foaf:openid <>;
      foaf:blog </blog>;    
      rdfs:seeAlso <https://juliette.net/protected/location>; 
      foaf:knows <http://bblfish.net/people/henry/card#me>,
                 <http://www.w3.org/People/Berners-Lee/card#i> .
   
   <https://juliette.net/protected/location> a todo:LocationDocument .
   

   Romeo's user agent receives this representation and decides to follow the https protected resource because it is a todo:LocationDocument.

2. The todo:LocationDocument is at an https URL, so Romeo's User Agent connects to it via a secure socket. Juliette's server, who wishes to know the identity of the requestor, sends out a Certificate Request, to which Romeo's user agent responds with an X.509 certificate. This is all part of the SSL protocol.

   In the communication in stage 2, Romeo's user agent also passes along his foaf id. This can be done either by:

   • Sending in the HTTP header of the request an Agent-Id header pointing to the foaf Id of the user. Like this:

     Agent-Id: http://romeo.net/#romeo
     

     This would be similar to the current From: header, but instead of requiring an email address, a direct name of the agent would be required. (An email address is only an indirect identifier of an agent).
   • The Certificate could itself contain the Foaf ID of the Agent in the X509v3 extensions section:

             X509v3 extensions:
                ...
                X509v3 Subject Alternative Name: 
                                URI:http://romeo.net/#romeo
     

     I am not sure if it would be correct use of the X509 Alternative names field. So this would require more standardization work with the X509 community. But it shows a way where the two communities could meet. The advantage of having the id as part of the certificate is that this could add extra weight to the id, depending on the trust one gives the Certificate Authority that signed the Certificate.

3. At this point Juliette's web server knows of the requestor (Romeo in this case):
   • his alleged foaf Id
   • his Certificate ( verified during the ssl session )

   If the Certificate is signed by a CA that Juliette trusts and the foaf id is part of the certificate, then she will trust that the owner of the User Agent is the entity named by that id. She can then jump straight to step 6 if she knows enough about Romeo that she trusts him.

   Having Certificates signed by CA's is expensive though. The protocol described here will work just as well with self signed certificates, which are easy to generate.

4. Juliette's hyperdata server then GETs the foaf document associated with the foaf id, namely <http://romeo.net/> . Romeo's foaf server returns a document containing a graph of relations similar to the graph described by the following N3:

   @prefix : <#> . 
   @prefix foaf: <http://xmlns.com/foaf/0.1/> .
   @prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
   @prefix wot: <http://xmlns.com/wot/0.1/> .
   @prefix wotodo: <http://eg.org/todo#> .
   
   <> a foaf:PersonalProfileDocument;
       foaf:primaryTopic :romeo .
   
   :romeo a foaf:Person;
       foaf:name "Romeo";
       is wot:identity of [ a wotodo:X509Certificate;
                            wotodo:dsaWithSha1Sig """30:2c:02:14:78:69:1e:4f:7d:37:36:a5:8f:37:30:58:18:5a:
                                                f6:10:e9:13:a4:ec:02:14:03:93:42:3b:c0:d4:33:63:ae:2f:
                                                eb:8c:11:08:1c:aa:93:7d:71:01""" ;
                          ] ;
       foaf:knows <http://bblfish.net/people/henry/card#me> .
   

5. By querying the semantics of the returned document with a SPARQL query such as

   PREFIX wot: <http://xmlns.com/wot/0.1/> 
   PREFIX wotodo: <http://eg.org/todo#> 
   
   SELECT { ?sig }
   WHERE {
       [] a wotodo:X509Certificate;
         wotodo:signature ?sig;
         wot:identity <http://romeo.net/#romeo> .
   }
   

   Juliette's web server can discover the certificate signature and compare it with the one sent by Romeo's user agent. If the two are identical, then Juliette's server knows that the User Agent who has access to the private key of the certificate sent to it, and who claims to be the person identified by the URI http://romeo.net/#romeo, is in agreement as to the identity of the certificate with the person who has write access to the foaf file http://romeo.net/. So by proving that it has access to the private key of the certificate sent to the server, the User Agent has also proven that it is the person described by the foaf file.

6. Finally, now that Juliette's server knows an identity of the User Agent making the request on the protected resource, it can decide whether or not to return the representation. In this case we can imagine that my foaf file says that

    @prefix foaf: <http://xmlns.com/foaf/0.1/> .
   
    <http://bblfish.net/people/henry/card#me> foaf:knows <http://romeo.net/#romeo> .  
    

   As a result of the policy of allowing all friends of Juliette's friends to be able to read the location document, the server sends out a document containing relations such as the following:

   @prefix contact: <http://www.w3.org/2000/10/swap/pim/contact#> .
   @prefix : <http://juliette.org/#> .
   
   :juliette 
       contact:location [ 
             contact:address [ contact:city "Paris";
                               contact:country "France";
                               contact:street "1 Champs Elysees" ]
                        ] .
   

Todo

• Create an ontology for X509 certificates.
• test this. Currently there is some implementation work going on in the so(m)mer repository in the misc/FoafServer directory.
• Can one use the Subject Alternative name of an X509 certificate as described here?
• For self signed certificates, what should the X509 Distinguished Name (DN) be? The DN is really being replaced here by the foaf id, since that is where the key information about the user is going to be located. Can one ignore the DN in a X509 cert, as one can in RDF with blank nodes? One could I imagine create a dummy DN where one of the elements is the foaf id. These would at least, as opposed to DN, be guaranteed to be unique.
• what standardization work would be needed to make this

Discussion on the Web

• Peter Williams is very positive, in his response on the OpenId mailing list where he gives a short overview of the history of the URI Subject Alternative name in the X509 spec.
• Paul Madsen gives a short description of how this would be implemented in the Liberty stack.

Posted at 02:00PM Apr 21, 2008 [permalink/trackback] by Henry Story in SemWeb  |  Comments[1]

The OpenId Sequence Diagram

OpenId very neatly solves the global identity problem within the constraints of working with legacy browsers. It is a complex protocol though as the following sequence diagram illustrates, and this may be a problem for automated agents that need to jump around the web from hyperlink to hyperlink, as hyperdata agents tend to do.

The diagram illustrates the following scenario. Romeo wants to find the current location of Juliette. So his semantic web user agent GET's her current foaf file. But Juliette wants to protect information about her current whereabouts and reveal it only to people she trusts, so she configures her server to require the user agent to authenticate itself in order to get more information. If the user agent can prove that is is owned by one of her trusted friends, and Romeo in particular, she will deliver the information to it (and so to him).

The steps numbered in the sequence diagram are as follows:

1. A User Agent fetches a web page that requires authentication. OpenId was designed with legacy web browsers in mind, for which it would return a page containing an OpenId login box such as the one to the right. In the case of a hyperdata agent as in our use case, the agent would GET a public foaf file, which might contain a link to an OpenId authentication endpoint. Perhaps with some rdf such as the following N3:

   <> openid:login </openidAuth.cgi> .
   

   Perhaps some more information would indicate which resources were protected.
2. In current practice a human user notices the login box and types his identifying URL in it, such as http://openid.sun.com/bblfish This is the brilliant invention of OpenId: getting hundreds of millions of people to find it natural to identify themselves via a URL, instead of an email. The user then clicks the "Login button".
   In our semantic use case the hyperdata agent would notice the above openid link and would deduce that it needs to login to the site to get more information. Romeo's Id ( http://romeo.net/ perhaps ) would then be POSTed to the /openidAuth.cgi authentication endpoint.
3. The OpenId authentication endpoint then fetches the web page by GETing Romeo's url http://romeo.net/. This returned representation contains a link in the header of the page pointing Romeo's OpenId server url. If the representation returned is html then this would contain the following in the header

    <link rel="openid.server" href="https://openid.sun.com/openid/service" />
   

4. The representation returned in step 3, could contain a lot of other information too. A link to a foaf file may not be a bad idea as I described in foaf and openid. The returned representation in step 3 could even be RDFa extended html, in which case this step may not even be necessary. For a hyperdata server the information may be useful, as it may suggest a connection Romeo could have to some other people that would allow it to decide whether it wishes to continue the login process.
5. Juliette's OpenId authentication endpoint then sends a redirect to Romeo's user agent, directing it towards his OpenId Identity Provider. The redirect also contains the URL of the OpenId authentication cgi, so that in step 8 below the Identity Provider can redirect a message back.
6. Romeo user agent dutifully redirects romeo to the identity provider, which then returns a form with a username and password entry box.
7. Romeo's user agent could learn to fill the user name password pair in automatically and even skip the previous step 6 . In any case given the user name and password, the Identity Provider then sends back some cryptographic tokens to the User Agent to have it redirect to the OpenId Authentication cgi at http://juliette.net/openidAuth.cgi.
8. Romeo's Hyperdata user agent then dutifully redirects back to the OpenId authentication endpoint
9. The authentication endpoint sends a request to the Openid Identity provider to verify that the cryptographic token is authentic. If it is, a conventional answer is sent back.
10. The OpenId authentication endpoint finally sends a response back with a session cookie, giving access to various resources on Juliette's web site. Perhaps it even knows to redirect the user agent to a protected resource, though that would have required some information concerning this to have been sent in stage 2.
11. Finally Romeo's user agent can GET Juliette's protected information if Juliette's hyperdata web server permits it. In this case it will, because Juliette loves Romeo.

All of the steps above could be automatized, so from the user's point of view they may not be complicated. The user agent could even learn to fill in the user name and password required by the Identity Provider. But there are still a very large number of connections between the User Agent and the different services. If these connections are to be secure they would need to protected by SSL (as hinted at by the double line arrows). And SSL connections are not cheap. So the above may be unacceptably slow. On the other hand it would work with a protocol that is growing fast in acceptance.

It is is certainly worth comparing this sequence diagram with the very light weight one presented in "FOAF & SLL: creating a global decentralised authentication protocol".

Thanks again to Benjamin Nowack for bringing the discussion on RDFAuth to thinking about using the OpenId protocol directly as described above. See his post on the semantic web mailing list. Benjamin also pointed to the HTTP OpenID Authentication proposal, which shows how some of the above can be simplified if certain assumptions about the capabilities of the client are made. It would be worth making a sequence diagram of that proposal too.

Posted at 06:31PM Apr 18, 2008 [permalink/trackback] by Henry Story in SemWeb  |  Comments[2]

semantic camp paris

A couple of weeks ago I attended the second Semantic Bar Camp which took place at the Orange research labs at Issy les Moulineaux, near Paris. This was a great opportunity to meet many of the French researchers in the Semantic Web space, to take part in the French debate, and to help convince interested parties of the reality of the technology.

Jean Rohmer of the large French defense group Thales played the role of the devil's advocate, arguing that the Semantic Web was just pie in the sky theory without practical applications. We delved into various aspects of the theory of the Semantic Web, and I underlined how the biological/evolutionary aspect of language, the Academie Francaise notwithstanding, was a key aspect in understanding the evolution of the web of data. But the best argument was a simple demonstration of the Beatnik Address Book, which showed how hyperdata could solve the serious problem of 2008: the growing number of closed social networks. At the next camp I hope we will be able to delve much more deeply into how to build real practical applications.

Many thanks to Karima Rafes for organizing this well attended bar camp ( pictures ). Stephane Lauriere from XWiki and who is on the Nepomuk Semantic Desktop project, also posted some photos. And I would like to recommend Alexandre Passant's blog to all french speaking readers.

Posted at 11:45AM Apr 17, 2008 [permalink/trackback] by Henry Story in SemWeb  |  Comments[1]

KiWi: Knowledge in a Wiki

Last month I attended the European Union KiWi project startup meeting in Salzburg, to which Sun Microsystems Prague is contributing some key use cases.

KiWi is a project to build an Open Source Semantic Wiki. It is based on the IkeWiki [don't follow this link if you have Safari 3.1] Java wiki, which uses the Jena Semantic Web frameworks, the Dojo toolkit for the Web 2.0 functionality, and any one of the Databases Jena can connect to, such as PostgreSQL. KiWi is in many ways similar to Freebase in its hefty use of JavaScript, and its emphasis on structured data. But instead of being a closed source platform, KiWi is open source, and builds upon the Semantic Web standards. In my opinion it currently overuses JavaScript features, to the extent that all clicks lead to dynamic page rewrites that do not change the URL of the browser page. This I feel unRESTful, and the permalink link in the socialise toolbar to the right does not completely remove my qualms. Hopefully this can be fixed in this project. It would be great also if KIWI could participate fully in the Linked Data movement.

The meeting was very well organized by Sebastian Schaffert and his team. It was 4 long days of meetings that made sure that everyone was on the same page, understood the rules of the EU game, and most of all got to know each other. (see kiwiknows tagged pictures on flickr ). Many thanks also to Peter Reiser for moving and shaking the various Sun decision makers to sign the appropriate papers, and dedicate the resources for us to be part of this project.

You can follow the evolution of the project on the Planet Kiwi page.

Anyway, here is a video that shows the resourceful kiwi mascot in action:

Posted at 10:00AM Apr 17, 2008 [permalink/trackback] by Henry Story in SemWeb  |  Comments[0]

RDFAuth: sketch of a buzzword compliant authentication protocol

Here is a proposal for an authentication scheme that is even simpler than OpenId ( see sequence diagram ), more secure, more RESTful, with fewer points of failure and fewer points of control, that is needed in order to make Open Distributed Social Networks with privacy controls possible.

Update

Background

Ok, so now I have your attention, I would like to first mention that I am a great fan of OpenId. I have blogged about it numerous times and enthusiastically in this space. I came across the idea I will develop below, not because I thought OpenId needed improving, but because I have chosen to follow some very strict architectural guidelines: it had to satisfy RESTful, Resource oriented hyperdata constraints. With the Beatnik Address Book I have proven - to myself at least - that the creation of an Open Distributed Social Network (a hot topic at the moment, see the Economist's recent article on Online social network) is feasible and easy to do. What was missing is a way for people to keep some privacy, clearly a big selling point for the large Social Network Providers such as Facebook. So I went on the search of a solution to create a Open Distributed Social Network with privacy controls. And initially I had thought of using OpenId.

OpenId Limitations

But OpenId has a few problems:

• First it is really designed to work with the limitations of current web browsers. It is partly because of this that there is a lot of hopping around from the service to the Identity Provider with HTTP redirects. As the Tabulator, Knowee or Beatnik.
• Parts of OpenId 2, and especially the Attribute Exchange spec really don't feel very RESTful. There is a method for PUTing new property values in a database and a way to remove them that does not use either the HTTP PUT method or the DELETE method.
• The OpenId Attribute Exchange is nice but not very flexible. It can keep some basic information about a person, but it does not make use of hyperdata. And the way it is set up, it would only be able to do so with great difficulty. A RESTfully published foaf file can give the same information, is a lot more flexible and extensible, whilst also making use of Linked Data, and as it happens also solves the Social Network Data Silo problems. Just that!
• OpenId requires an Identity Server. There are a couple of problems with this:
  • This server provides a Dynamic service but not a RESTful one. Ie. the representations sent back and forth to it, cannot be cached.
  • The service is a control point. Anyone owning such a service will know which sites you authenticate onto. True, you can set up your own service, but that is clearly not what is happening. The big players are offering their customers OpenIds tied to particular authentication servers, and that is what most people will accept.

RDFAuth, a sketch

So following my strict architectural guidelines, I came across what I am just calling RDFAuth, but like everything else here this is a sketch and open to change. I am not a security specialist nor an HTTP specialist. I am like someone who comes to an architect in order to build a house on some land he has, with some sketch of what he would like the house to look like, some ideas of what functionality he needs and what the price he is willing to pay is. What I want here is something very simple, that can be made to work with a few perl scripts.

Let me first present the actors and the resources they wish to act upon.

• Romeo has a Semantic Web Address Book, his User Agent (UA). He is looking for the whereabouts of Juliette.
• Juliette has a URL identifier ( as I do ) which returns a public foaf representation and links to a protected resource.
• The protected resource contains information she only wants some people to know, in this instance Romeo. It contains information as to her current whereabouts.
• Romeo also has a public foaf file. He may have a protected one too, but it does not make an entrance in this scene of the play. His public foaf file links to a public PGP key. I described how that is done in Cryptographic Web of Trust.
• Romeo's Public key is RESTfully stored on a server somewhere, accessible by URL.

So Romeo wants to find out where Juliette is, but Juliette only wants to reveal this to Romeo. Juliette has told her server to only allow Romeo, identified by his URL, to view the site. She could have also have had a more open policy, allowing any of her or Romeo's friends to have access to this site, as specified by their foaf file. The server could then crawl their respective foaf files at regular intervals to see if it needed to add anyone to the list of people having access to the site. This is what the DIG group did in conjunction with OpenId. Juliette could also have a policy that decides Just In Time, as the person presents herself, whether or not to grant them access. She could use the information in that person's foaf file and relating it to some trust metric to make her decision. How Juliette specifies who gets access to the protected resource here is not part of this protocol. This is completely up to Juliette and the policies she chooses her agent to follow.

So here is the sketch of the sequence of requests and responses.

1. First Romeo's user Agent knows that Juliette's foaf name is http://juliette.org/#juliette so it sends an HTTP GET request to Juliette's foaf file located of course at http://juliette.org/
   The server responds with a public foaf file containing a link to the protected resource perhaps with the N3

     <> rdfs:seeAlso <protected/juliette> .
   

   Perhaps this could also contain some relations describing that resource as protected, which groups may access it, etc... but that is not necessary.
2. Romeo's User Agent then decides it wants to check out protected/juliette. It sends a GET request to that resource but this time receives a variation of the Basic Authentication Scheme, perhaps something like:

   HTTP/1.0 401 UNAUTHORIZED
   Server: Knowee/0.4
   Date: Sat, 1 Apr 2008 10:18:15 GMT
   WWW-Authenticate: RdfAuth realm="http://juliette.org/protected/*" nonce="ILoveYouToo"
   

   The idea is that Juliette's server returns a nonce (in order to avoid replay attacks), and a realm over which this protection will be valid. But I am really making this up here. Better ideas are welcome.
3. Romeo's web agent then encrypts some string (the realm?) and the nonce with Romeo's private key. Only an agent trusted by Romeo can do this.
4. The User Agent then sends a new GET request with the encrypted string, and his identifier, perhaps something like this

   GET /protected/juliette HTTP/1.0
   Host: juliette.org
   Authorization: RdfAuth id="http://romeo.name/#romeo" key="THE_REALM_AND_NONCE_ENCRYPTED"
   Content-Type: application/rdf+xml, text/rdf+n3
   

   Since we need an identifier, why not just use Romeos' foaf name? It happens to also point to his foaf file. All the better.
5. Because Juliette's web server can then use Romeo's foaf name to GET his public foaf file, which contains a link to his public key, as explained in "Cryptographic Web of Trust".
6. Juliette's web server can then query the returned representation, perhaps meshed with some other information in its database, with something equivalent to the following SPARQL query

   PREFIX wot: <http://xmlns.com/wot/0.1/>
   SELECT ?pgp
   WHERE {
        [] wot:identity <http://romeo.name/#romeo>;
           wot:pubkeyAddress ?pgp .
   } 
   

   The nice thing about working at the semantic layer, is that it decouples the spec a lot from the representation returned. Of course as usage grows those representations that are understood by the most servers will create a de facto convention. Intially I suggest using RDF/XML of course. But it could just as well be N3, RDFa, perhaps even some microformat dialect, or even some GRDDLable XML, as the POWDER working group is proposing to do.
7. Having found the URL of the PGP key, Juliette's server, can GET it - and as with much else in this protocol cache it for future use.
8. Having the PGP key, Juliette's server can now decrypt the encrypted string sent to her by Romeo's User Agent. If the decrypted string matches the expected string, Juliette will know that the User Agent has access to Romeo's private key. So she decides this is enough to trust it.
9. As a result Juliette's server returns the protected representation.

Advantages

It should be clear from the sketch what the numerous advantages of this system are over OpenId. (I can't speak of other authentication services as I am not a security expert).

• The User Agent has no redirects to follow. In the above example it needs to request one resource http://juliette.org/ twice (2 and 4) but that may only be necessary the first time it accesses this resource. The second time the UA can immediately jump to step 3. [but see problem with replay attacks raised in the comments by Ed Davies, and my reply] Furthermore it may be possible - this is a question to HTTP specialists - to merge step 1 and 2. Would it be possible for a request 1. to return a 20x code with the public representation, plus a WWWAuthenticate header, suggesting that the UA can get a more detailed representation of the same resource if authenticated? In any case the redirect rigmarole of OpenId, which is really there to overcome the limitations of current web browsers, in not needed.
• There is no need for an Attribute Exchange type service. Foaf deals with that in a clear and extensible RESTful manner. This simplifies the spec dramatically.
• There is no need for an identity server, so one less point of failure, and one less point of control in the system. The public key plays that role in a clean and simple manner
• The whole protocol is RESTful. This means that