Fun with FOAF
There's been a lot of discussion lately (Ben, Bill, Justin) about building secure, cross-site identity systems, much of that discussion now centering on how FOAF could be used as the core of such a system. And Eric Sigler wrote a first step towards such a system by fetching a FOAF file and extracting out name, email address, and homepage, then sticking those into Movable Type comment fields.
I got to playing around with FOAF and RDF::Core. Frankly, it took me a little while to wrap my head around how to use the API, but after I did, writing a FOAF implementation in Perl was fairly straightforward.
Here it is: XML::FOAF (heading to the CPAN currently).
Sample usage:
use XML::FOAF;
use URI;
my $foaf = XML::FOAF->new(URI->new('http://foo.com/my.foaf'));
print $foaf->person->mbox, "\n";
my $friends = $foaf->knows;
This takes care (basically) of Eric's Step 1, for a piece of software to go out and fetch a FOAF profile.
Step 2--sticking the author's public key into the FOAF file--isn't really necessary, because, given an email address or a key ID, you can use a keyserver to fetch the public key.
Step 3--signing the FOAF file with one's private key--is discussed here. It's simple: just make a detached signature, and add some RDF to the FOAF file to point to the signature:
<rdf:Description rdf:about=""> <wot:assurance rdf:resource="foaf.rdf.asc" /> </rdf:Description>
In fact, you could even use a primitive auto-discovery to look for the signature: just append .asc to the name of the FOAF file.
And to aid with Step 3: in addition to parsing FOAF files, XML::FOAF handles verification for you:
my $valid = $foaf->verify; print $valid ? "Valid signature from $valid\n" : "Invalid signature";
It's still alpha, so send me any bugs that you find.
Update: Here's mt-foaf.cgi, a Perl implementation of Eric's mt-foaf.php code, using XML::FOAF.
12 Comments
Awesome!
OK, it's a bit of a cheezy hack, but if we stick our FOAF URI into our user-agent strings, we've got a user controllable, distributed digital id system, yes? (Doing it right would require signing the user-agent and back-checking against the public key, but it's doable).
I sent an email to Ben and Mena asking that they change this post. It's not cool to say someone else supports a technology when they haven't said they do. I would never presume to speak on behalf of Ben and Mena.
*sigh*
Dave Whiner Strikes Again.
Ah, what a relief to see that this exists already. One problem, though, is that it the code in your "Sample usage" section is returning undef for me... could this be because I have an older version of perl (5.005_03)?
Visualize your FOAF. Integrate it into your site by substituting your FOAF URL into the querystring.
http://digitip.net/
So dumb question, how exactly do I use mt-foaf.cgi ? I have all the appropriate modules installed, am now lacking only clues.
I've created a similiar utility called FoafCheck, written in Python. I've also integrated it with Blosxom+writeback so that the comments "Homepage" entry field can take a FOAF URI to autofill the remaining fields.
Note that checking the FOAF-file's signature is not enough to authenticate a person (anyone can paste somebody's FOAF URI). I outline a solution on the FOAF project wiki.
women clothes
veliumonline
congrats