Wednesday Jan 13, 2010

Faviki: social bookmarking for 2010

faviki logo

Faviki is simply put the next generation social bookmarking service. "A bookmarking service? You must be kidding?!" I can hear you say in worried exasperation. "How can one innovate in that space?" Not only is it possible to innovate here, let me explain why I moved all my bookmarks from delicious over to faviki.

Like delicious, digg, twitter and others... Faviki uses crowd sourcing to allow one to share interesting web pages one has found, stay up to date on a specific topic of interest, and keep one's bookmarks synchronized across computers. So there is nothing new at that level. If you know, you won't be disoriented.

What is new is that instead of this being one crowd sourced application, it is in fact two. It builds on wikipedia to help you tag your content intelligently with concepts taken from dbpedia. Instead of tagging with strings the meaning of which you only understand at that time, you can have tags that make sense, backed by a real evolving encyclopedia. Sounds simple? Don't be deceived: there is a huge potential in this.

Let us start with the basics: What is tagging for? It is here to help us find information again, to categorize our resources into groups so that we can find them again in the rapidly increasing information space. I now have close to ten years of bookmarks saved away. As a result I can no longer remember what strings I used previously to tag certain categories of resources. Was it "hadopi", "paranoia", "social web", "socialweb", "web", "security", "politics", "zensursula", "bigbrother", "1984", ... If I tag a document about a city should I tag it "Munich", "München", "capital", "Bavaria", "Germany", "town", "agglomeration", "urbanism", "living", ...? As time passed I found it necessary to add more and more tags to my bookmarks, hoping that I would be able to find a resource again in the future by accidentally choosing one of those tags. But clearly that is not the solution. Any of those tags could furthermore be used very differently by other people on delicious. Crowd sourcing only partially works, because there is no clear understanding on what is meant by a tag, and there is no space to discuss that. Is "bank" the bank of a river, or the bank you put money in? Wikipedia has a disambiguation page for this, which took some time to put together. No such mechanism exists on delicious.

Faviki neatly solves this problem by using the work done by another crowd sourced application, and allowing you to tag your entries with concepts taken from there. Before you tag a page, Faviki finds some possible dbpedia concepts that could fit the content of the page to tag. When you then choose the tags, the definition from wikipedia is made visible so that you can choose which meaning of the tag you want to use. Finally when you tag, you don't tag with a string, but with a URI: the DBPedia URI for that concept. Now you can always go back and check the detailed meaning of your tags.

But that is just the beginning of the neatness of this system. Imagine you tag a page with (the user does not see this URL of course!). Then by using the growing linked data cloud Faviki or other services will be able to start doing some very interesting inferencing on this data. So since the above resource is known to be a town, a capital, to be in Germany which is in Europe, to have more than half a million inhabitants, to be along a certain river, that contains certain museums, to have different names in a number of other languages, to be related in certain ways to certain famous people (such as the current Pope)... it will be possible to improve the service to allow you to search for things in a much more generic way: you could search by asking Faviki for resources that were tagged with some European Town and the concept Art. If you are searching for "München" Faviki will be able to enlarge the search to Munich, since they will be known to be tags for the same city...

I will leave it as an exercise to the reader to think about other interesting ways to use this structured information to make finding resources easier. Here is an image of the state of the linked data cloud 6 months ago to stimulate your thinking :-)


But think about it the other way now. Not only are you helping your future self find information bookmarked semantically - let's use the term now - you are also making that information clearly available to wikipedia editors in the future. Consider for example the article "Lateralization of Brain Function" on wikipedia. The Faviki page on that subject is going to be a really interesting place to look to find good articles on the subject appearing on the web. So with Faviki you don't have to work directly on wikipedia to participate. You just need to tag your resources carefully!

Finally I am particularly pleased by Faviki, because it is exactly the service I described on this blog 3 years ago in my post Search, Tagging and Wikis, at the time when the folksonomy meme was in full swing, threatening according to it's fiercest proponents to put the semantic web enterprise into the dustbin of history.

Try out Faviki, and see who makes more sense.

Some further links:

Wednesday Nov 25, 2009

Identity in the Browser, Firefox style

Mozilla's User Interface chief Aza Raskin just put forward some interesting thoughts on what Identity in the Browser could look like for Firefox. As one of the Knights in search of the Golden Holy Grail of distributed Social Networking, he believes to have found it in giving the browser more control of the user's identity.

The mock up picture reproduced below, shows how Firefox, by integrating identity information into the browser, could make it clear as to what persona one is logged into a site as. It would also create a common user interface for allowing one to log in to a site under a specific Identity, as well as allow one to create a new one. Looking at the Weave Identity Account Manager project site one finds that it would also make it easy to generate automatically passwords for each site/identity, to sync one's passwords across devices, as well as to change the passwords for all enabled sites simultaneously if one feared one's computer had fallen in the wrong hands. These are very appealing properties, and the UI is especially telling, so I will reproduce the main picture here:

The User Interface

One thing I very strongly support in this project is the way it makes it clear to the user, in a very visible location - the URL bar -, as what identity he is logged in as. Interestingly this is at the same location as the https information bar, when you connect to secure sites. Here is what URL bar looks like when connected securely to LinkedIn:

One enhancement the Firefox team could immediately work on, without inventing a new protocol, would be to reveal in the URL bar the client certificate used when connected to a https://... url. This could be done in a manner very similar to the way proposed by Aza Raskin in the his Weave Account manager prototype pictured above. This would allow the user to

  • know what HTTPS client cert he was using to connect to a site,
  • as well as allow him to log out of that site,
  • change the client certificate used if needed
The last two feature of TLS are currently impossible to use in browsers because of the lack of such a User Interface Handle. This would be a big step to closing the growing Firefox Bug 396441: "Improve SSL client-authentication UI".

From there it would be just a small step, but one that I think would require more investigation, to foaf+ssl enhance the drop down description about both the server and the client with information taken from the WebID. A quick reminder: foaf+ssl works simply by adding a WebID - which is just a URL to identify a foaf:Agent - as the subject alternative name of the X509 certificate in the version 3 extensions, as shown in detail in the one page description of the protocol. The browser could then GET the meaning of that URI, i.e. GET a description of the person, by the simplest of all methods: an HTTP GET request. In the case of the user himself, the browser could use the foaf:depiction of the user, to display a picture of him. In the case of the web site certificate, the browser could GET the server information at its WebId, and display the information placed there. Now if the foaf file is not signed by a CA, then the information given by the remote server about itself, should perhaps be placed on a different background or in some way to distinguish the information in the certificate, from the information gleaned from the WebId. So there are a few issues to work on here, but these just only involve well developed standards - foaf and TLS - and some user interface engineers to get them right. Easier, it seems to me, than inventing a whole protocol - even though it is perhaps every engineers desire to have developed a successful one.

The Synchronization Piece

Notice how foaf+ssl enables synchronization. Any browser can create a public/private key pair using the keygen element, and get a certificate from a WebId server, such as Such a server will then add that public key as an identifier for that WebId to the foaf file. Any browser that has a certificate whose public key matches that published on the server, will be able to authenticate to that server and download all the information it needs from there. This could be information

  • about the user (name, depiction, address, telephone number, etc, etc)
  • a link to a resource containing the bookmarks of the user
  • his online accounts
  • his preferences
Indeed you can browse all the information can glean just from my public foaf file here. You will see my bookmarks taken from delicious, my tweets and photos all collected in the Activity tab. This is just one way to display information about me. A browser could collect all that information to build up a specialized user interface, and so enable synchronization of preferences, bookmarks, and information about me.

The Security Problem

So what problem is the Weave team solving in addition to the problem solved above by foaf+ssl?

The weave synchronization of course works in a similar manner: data is stored on a remote server, and clients fetch and publish information to that server. One thing that is different is that the Weave team wish to store the passwords for each of the user's accounts onto a remote server that is not under the user's control. As a result that information needs to be encrypted. In foaf+ssl only the public key is stored on a remote server, so there is no need to encrypt that information: the private key can remain safely on the client key chain. Of course there is a danger with the simple foaf+ssl server that the owner of the remote service can both see and change the information published remotely depending on who is asking for it. So an unreliable server could add a new public key to the foaf file, and thereby allow a malicious client to authenticate as the user in a number of web sites.

It is to solve this problem that Weave was designed: to be able to publish remotely encrypted information that only the user can understand. The publication piece uses a nearly RESTful API. This allows it to store encrypted content such as passwords, identity information, or indeed any content on a remote server. The user would just need to remember that one password to be able to synchronize his various Identities from one device to another. There is a useful trick that is worth highlighting: each piece of data is encrypted using a symmetric key, which is stored on the server encrypted with a public key. As a result one can give someone access to a piece of data just by publishing the symmetric key encrypted using one of her public key.

Generalization of Weave

To make the above protocol fully RESTful, it needs to follow Roy Fielding's principle that "REST APIs must be hypertext driven". As such this protocol is failing in this respect in forcing a directory layout ahead of time. This could be fixed by creating a simple ontology for the different roles of the elements required in the protocol: such as public keys, symmetric keys, data objects, etc... This would then enable the Linked Data pattern. Allowing each of the pieces of data to be anywhere on the web. Of course nothing would stop the data from being set out the way specified in the current standard. But it immediately opens up a few interesting possibilities. For example if one wanted a group of encrypted resources to be viewed by the same group of people, one would need only one encrypted symmetric key each of those resources could point to, enabling less duplication.

By defining both a way of getting objects, and their encoding, the project is revealing its status as a good prototype. To be a standard, those should be separated. That is I can see a few sperate pieces required here:

  1. An ontology describing the public keys, the symmetric keys, the encrypted contents,...
  2. Mime types for encrypted contents
  3. Ontologies to describe the contents: such as People, bookmarks, etc...
Only (1) and (2) above would be very useful for any number of scenarios. The contents in the encrypted bodies could then be left to be completely general, and applied in many other places. Indeed being able to publish information on a remote untrusted server could be very useful in many different scenarios.

By separating the first two from (3), the Weave project would avoid inventing yet another way to describe a user for example. We already have a large number of those, including foaf, Portable Contacts, vcard, and many many more... I side for data formats being RDF based, as this separates the issues of syntax and semantics. It also allow the descriptions to be extensible, so that people can think of themselves in more complex ways that that which the current developers of Weave have been able to think of. That is certainly going to be important if one is to have a distributed social web.

Publishing files in an encrypted manner remotely does guard one from malicious servers. But it does I think also reduce the usability of the data. Every time one wants to give access to a resource to someone one needs to encrypt the symmetric key for that user. If the user looses his key, one has to re-encrypt that symmetric key. By trusting the server as foaf+ssl does, it can encrypt the information just in time, for the client requesting the information. But well, these are just different usage scenarios. For encrypting password - which we should really no longer need - then certainly the Weave solution is going in the right direction.

The Client Side Password

Finally Weave is going to need to fill out forms automatically for the user. To do this again I would develop a password ontology, and then markup the forms in such a way that the browser can deduce what pieces of information need to go where. It should be a separate effort to decide what syntax to use to markup html. RDFa is one solution, and I hear the HTML5 solution is starting to look reasonable now that they removed the reverse DNS namespace requirement. In any case such a solution can be very generic, and so the Firefox engineers could go with the flow there too.

RDF! You crazy?

I may be, but so is the world. You can get a light triple store that could be embedded in mozilla, that is open source, and that is in C. Talk to the Virtuoso folks. Here is a blog entry on their lite version. My guess is they could make it even liter. KDE is using it....

Thursday Oct 15, 2009

November 2nd: Join the Social Web Camp in Santa Clara

The W3C Social Web Incubator Group is organizing a free Bar Camp in the Santa Clara Sun Campus on November 2nd to foster a wide ranging discussion on the issues required to build the global Social Web.

Imagine a world where everybody could participate easily in a distributed yet secure social web. In such a world every individual will control their own information, and every business could enter into a conversation with customers, researchers, government agencies and partners as easily as they can now start a conversation with someone on Facebook. What is needed to go in the direction of The Internet of Subjects Manifesto? What existing technologies can we build on? What is missing? What could the W3C contribute? What could others do? To participate in the discussion and meet other people with similar interests, and push the discussion further visit the Santa Clara Social Web Camp wiki and

If you are looking for a reason to be in the Bay Area that week, then here are some other events you can combine with coming to the Bar Camp:

  • The W3C is meeting in Santa Clara for its Technical Plenary that week in Santa Clara.
  • The following day, the Internet Identity Workshop is taking place in Mountain View until the end of the week. Go there to push the discussion further by meeting up with the OpenId, OAuth, Liberty crowd, which are all technologies that can participate in the development of the Social Web.
  • You may also want to check out ApacheCon which is also taking place that week.

If you can't come to the west coast at all due to budget cuts, then not all is lost. :-) If you are on the East coast go and participate in the ISWC Building Semantic Web Applications for Government tutorial, and watch my video on The Social Web which I gave at the Free and Open Source Conference this summer. Think: if the government wants to play with Social Networks, it certainly cannot put all its citizens information on Facebook.

Monday Oct 12, 2009

One month of Social Web talks in Paris

Poster for the Social Web Bar Camp @LaCantine

As I was in Berlin preparing to come to Paris, I wondered if I would be anywhere near as active in France as I had been in Germany. I had lived for 5 years in Fontainebleau, an hour from Paris, close but just too far to be in the swing of things. And from that position, I got very little feel for what was happening in the capital. This is what had made me long to live in Paris. So this was the occasion to test it out: I was going to spend one month in the capital. On my agenda there was just a Social Web Bar Camp and a few good contacts.

The Social Web Bar Camp at La Cantine which I blogged about in detail, was like a powder keg for my stay here. It just launched the whole next month of talks, which I detail below. It led me to make a very wide range of contacts, which led to my giving talks at 2 major conferences, 2 universities, one other Bar Camp, present to a couple of companies, get one implementation of foaf+ssl in Drupal, and meet a lot of great people.

Through other contacts, I also had an interview with a journalist from Le Monde, and met the very interesting European citizen journalism agency Cafe Babel (for more on them see this article).

Here follows a short summary of each event I presented the Social Web at during my short stay in Paris.

Friday, 18 September 2009
Arrived in plane from Berlin, and met the journalists at the Paris offices of Cafe Babel, after reading an article on them in the July/August issue of Internationale Politik, "Europa aus Erster Hand".
Saturday, 19 September 2009
Went to the Social Web Bar Camp at La Cantine which I blogged about in detail. Here I met a many people, who connected me up with the right people in the Paris conference scene, where I was then able to present. A couple of these did not work out due to calendar clashes, such as an attempted meeting with engineers and users of Elgg a distributed Open Source Social Networking Platform popular at Universities here in France and the UK.
Monday, 21 September 2009
Visited the offices of Le Monde, and had lunch with a journalist there. I explain my vision of the Social Web and the functioning of foaf+ssl. He won't be writing about it directly he told me, but will develop these ideas over time in a number of articles. ( I'll post updates here, though it is sadly very difficult to link to articles in Le Monde, as they change the URLs for their articles, make them paying only after a period of time, and then don't even make an abstract available for non paying members).
Friday, 25 September 2009
I visited the new offices of a startup with a history: they participated in the building of the web site of Ségolène Royal the contender with Nicholas Sarkozi, during the last French Presidential Elections.
There I met up with Damien Tournoud, and expert Drupal Developer, explained the basics of foaf+ssl, pointed him to the Open Source project, and let him work on it. With a bit of help from Benjamin Nowack the creator of the ARC2 Semantic Web library for PHP, Damien had a working implementation the next day. We waited a bit, before announcing it the following Wednesday on the foaf-protocols mailing list.
Tuesday 29 September, 2009
La Cantine organised another Bar Camp, on a wide range of topics, which I blogged about in detail. There I met people from Google, Firefox, and reconnected up with others. We also had a more open round table discussion on the Social Web.
Thursday 1st and Friday 2nd October, 2009
I visited the Open World Forum, which started among others with a track on the Semantic Desktop "Envisioning the Open Desktop of the future", headed by Prof Stefan Decker, with examples of implementations in the latest KDE (K Desktop Environment).
I met a lot of people here, including Eric Mahé, previously Technology Advisor at Sun Microsystems France. In fact I met so many people that I missed most of the talks. One really interesting presentation by someone from a major open source code search engine, explained that close to 60% of Open Source software came from Eastern and Western Europe combined. (anyone with a link to the talk?)
Saturday, 3rd October 2009
I presented The Social Web in French at the Open Source Developer Conference France which took place in La Villette.
I was really happily surprised to find that I was part of a 3 hour track dedicated to the Semantic Web. This started with a talk by Oliver Berger "Bugtracking sur le web sémantique. Oliver has been working on the Baetle ontology as part of the 2 year government financed HELIOS project. This is something I talked about a couple of years ago and wrote about here in my presentation Connecting Software and People. It is really nice to see this evolving. I really look forward to seeing the first implementations :-)
Oliver's was followed by a talk by Jean-Marc Vanel, introducing Software and Ontology Development, who introduced many of the key Semantic Web concepts.
Tuesday 6th October, morning
Milan Stankovitch whom I had met at the European Semantic Web Conference, and again at the Social Web Bar Camp, invited me to talk to the developers of, a very interesting web platform to help problem seekers find problem solvers. The introductory video is really worth watching. I gave them the talk I keep presenting, but with a special focus on how this could help them in the longer term make it easier for people to join and use their system.
Tuesday 6th September, afternoon
I talked and participated in a couple of round table talks at the 2nd Project Accelerator on Identity at the University of Paris 1, organised by the FING. Perhaps the most interesting talk there was the one by François Hodierne , who works for the Open Source Web Applications & Platforms company, and who presented the excellent project La Distribution whose aim it is to make installing the most popular web applications as easy as installing an app on the iPhone. This is the type of software needed to make The Internet of Subjects Manifesto a reality. In a few clicks everyone should be able to get a domain name, install their favorite web software on it - Wordpress, mail, wikis, social network, photo publishing tool - and get on with their life, whilst owning their data, so that if they at a later time find the need to move, they can, and so that nobody can kick them off their network. This will require rewriting a little each of the applications so as to enable them to work with the distributed secure Social Web, made possible by foaf+ssl: an application without a social network no longer being very valuable.
Thurday 9th October, 2009
Pierre Antoine Champin from the CNRS, the National French Research organisation, had invited me to Lyon to present The Social Web. So I took the TGV from Paris at 10:54 and was there 2 hours later, which by car would have been a distance of 464km (288.3 miles) according to Google Maps. The talk was very well attended with close to 50 students showing up, and the session lasted two full hours: 1 hour of talks and by many good questions.
After a chat and a few beers, I took the train back to Paris where the train arrived just after 10pm.
Saturday October 10, 2009
I gave a talk on the Social Web at Paris-Web, on the last day of a 3 day conference. This again went very well.
After lunch I attended two very good talks that complemented mine perfectly:
  • David Larlet had a great presentation on Data Portability, which sparked a very lively and interesting discussion. Issues of Data ownership, security, confidentiality, centralization versus decentralization came up. One of his slides made the point very well: by showing the number of Web 2.0 sites that no longer exist, some of them having disappeared by acquisition, others simply technical meltdown, leaving the data of all their users lost forever. (Also see David's Blog summary of Paris-Web. )
  • Right after coffee we had a great presentation on the Semantic Web by Fabien Gandon, who managed to give in the limited amount of time available to him an overview of the Semantic Web stack from bottom to top, including OWL 1 and 2, Microformats, RDFa, and Linked data, and various very cool applications of it, that even I learned a lot. His slides are available here. He certainly inspired a lot of people.
Tuesday, 13 October 2009
Finally I presented at the hacker space La suite Logique, which takes place in a very well organized very low cost lodging space in Paris. They had presentations on a number of projects happening there:
  • One project is to build a grid by taking pieces from the remains of computers that people have brought them. They have a room stashed full of those.
  • Another projects is to add wifi to the lighting to remotely control the projectors for theatrical events taking place there.
  • There was some discussion on how to add sensors to dancers, as one Daito Manabe a Japanese artist has done, in order to create a high tech butoh dance (see the great online videos).
  • Three engineers presented the robots they are constructing for a well known robot fighting competition
Certainly a very interesting space to hang out in, meet other hackers, and get fun things done in.
All of these talks were of course framed by some great evenings out, meeting people, and much more, which I just don't have time to write down right here. Those were the highlights of my month's stay in Paris. I must admit that I really had no idea it to be so active!

Wednesday Sep 09, 2009

RDFa parser for Sesame

RDFa is the microformat-inspired standard for embedding semantic web relations directly into (X)HTML. It is being used more and more widely, and we are starting to have foaf+ssl annotated web pages, such as Alexandre Passant's home page. This is forcing me to update my foaf+ssl Identity Provider to support RDFa.

The problem was that I have been using Sesame as my semweb toolkit, and there is currently was no RDFa parser for it. Luckily I found out that Damian Steer (aka. Shellac) had written a SAX bases rdfa parser for the HP Jena toolkit, which he had put up on the java-rdfa github server. With a bit of help from Damian and the Sesame team, I adapted the code to sesame, create a git fork of the initial project, and uploaded the changes on the bblfish java-rdfa git clone. Currently all but three of the 106 tests pass without problem.

To try this out get git, Linus Torvalds' distributed version control system (read the book), and on a unix system run:

$ git clone  git://

This will download the whole history of changes of this project, so you will be able to see how I moved from Shellac's code to the Sesame rdfa parser. You can then parse Alex's home page, by running the following on the command line (thanks a lot to Sands Fish for the Maven tip in his comment to this blog):

$ mvn  exec:java -Dexec.mainClass="rdfa.parse" -Dexec.args=""

[snip output of sesame-java-rdfa compilation]

@prefix foaf: <> .
@prefix geo: <> .
@prefix rel: <> .
@prefix cert: <> .
@prefix rsa: <> .
@prefix rdfs: <> .

<> <> <> ;
        <> <> , 
                     <> .

<> rdfs:label "About"@en .

<> a foaf:Person ;
        foaf:name "Alexandre Passant"@en ;
        foaf:workplaceHomepage <> , 
                               <> ;
        foaf:schoolHomepage <> , 
                            <> ;
        foaf:topic_interest <> ,
                            <> ;
        foaf:currentProject <> , 
                <> ;
        <> """
\\nDr. Alexandre Passant is a postdoctoral researcher at the Digital Enterprise Research Institute, National University
of Ireland, Galway. His research activities focus around the Semantic Web and Social Software: in particular, how these
fields can interact with and benefit from each other in order to provide a socially-enabled machine-readable Web,
leading to new services and paradigms for end-users. Prior to joining DERI, he was a PhD student at Université 
Paris-Sorbonne and carried out applied research work on \\"Semantic Web technologies for Enterprise 2.0\\" at
Electricité De France. He is the co-author of SIOC, a model to represent the activities of online communities on the
Semantic Web, the author of MOAT, a framework to let people tag their content using Semantic Web technologies, and
is also involved in various related applications as well as standardization activities.\\n"""@en ;
        foaf:based_near <> ;
        geo:locatedIn <> ;
        rel:spouseOf <> ;
        foaf:holdsAccount <> ,
                          <> ,
                          <> , 
                          <> , 
                          <> .

<> a rsa:RSAPublicKey ;
        cert:identity <> .

_:node14efunnjjx1 cert:decimal "65537"@en .

<> rsa:public_exponent _:node14efunnjjx1 .

_:node14efunnjjx2 cert:hex "8af4cb6d6ec004bd28c08d37f63301a3e63ddfb812475c679cf073c4dc7328bd20dadb9654d4fa588f155ca05e7ca61a6898fbace156edb650d2109ecee65e7f93a2a26b3928d3b97feeb7aa062e3767f4fadfcf169a223f4a621583a7f6fd8992f65ef1d17bc42392f2d6831993c49187e8bdba42e5e9a018328de026813a9f"@en .

<> rsa:modulus _:node14efunnjjx2 .


This graph can then be queried with SPARQL, merged with other graphs, and just as it links to other resources, those can in turn link back to it, and to elements defined therein. As a result Alexandre Passant can then use this in combination with an appropriate X509 certificate to log into foaf+ssl enabled web sites in one click, without needing to either remember a password or a URL.

Tuesday Apr 07, 2009

Sun Initiates Social Web Interest Group

I am very pleased to announce that Sun Microsystems is one of the initiating members of the Social Web Incubator Group launched at the W3C.

Quoting from the Charter:

The mission of the Social Web Incubator Group, part of the Incubator Activity, is to understand the systems and technologies that permit the description and identification of people, groups, organizations, and user-generated content in extensible and privacy-respecting ways.

The topics covered with regards to the emerging Social Web include, but are not limited to: accessibility, internationalization, portability, distributed architecture, privacy, trust, business metrics and practices, user experience, and contextual data. The scope includes issues such as widget platforms (such as OpenSocial, Facebook and W3C Widgets), as well as other user-facing technology, such as OpenID and OAuth, and mobile access to social networking services. The group is concerned also with the extensibility of Social Web descriptive schemas, so that the ability of Web users to describe themselves and their interests is not limited by the imagination of software engineers or Web site creators. Some of these technologies are independent projects, some were standardized at the IETF, W3C or elsewhere, and users of the Web shouldn't have to care. The purpose of this group is to provide a lightweight environment designed to foster and report on collaborations within the Social Web-related industry or outside which may, in due time affect the growth and usability of the Social Web, rather than to create new technology.

I am glad we are supporting this along with these other prestigious players:

This should certainly help create a very interesting forum for discussing what I believe is one of the most important issue on the web today.

Friday Apr 03, 2009

Global Identity in the iPhone browser

Typing user name/passwords on cell phones is extreemly tedious. Here we show how identification & authentication can be done in two clicks. No URL to type in, no changes to the iPhone, just using bog standard SSL technology tied into a distributed global network of trust, which is known as foaf+ssl.

After having installed a foaf+ssl certificate on my phone (which I will explain how to do in my next post), I directed Safari to, which is a foaf+ssl enabled web site. This brought up the following screen:

empty page

This is a non personalised page. In the top right is a simple foaf+ssl login button. This site was not designed for the iPhone, or it would have been a lot more prominent. (This is easy to change for of course). So I the zoomed onto the login link as shown in the following snapshot. Remember that I don't have an account on This could be the first time ever I go there. But nevertheless I can sign up: just click that link.

login link

So clicking on this foaf+ssl enabled link brings up the following window in Safari. Safari warns me first that the site requires a certificate. The link I clicked on sent me to a page that is requesting my details.

certificate warning

As I do in fact want to login, I click the continue button. The iPhone then presents me with an identity selector, asking me which of my two certificates I want to use to log in:

certificate selection

Having selected the second one, the certificate containing my WebId is sent to the server, which authenticates me. The information from my foaf file is then used to personalise my experience. Here gives me a nice human readable view of my foaf file. I can even explore my social network right there and then, by clicking on the links to my friends. Again, this will work even if you never did go to before. All you need is of course a well filled out foaf file, which services such as are making very easy to do. Anyway, here is the personalised web page. It really knows a lot about me after just 2 clicks!


The site currently has another tab, showing my activity stream of all the chats I have on the web, which it can piece together since I linked all my accounts together in my foaf file, as I explained in the post "Personalising my Blog" a few months ago.

activity stream

Other web sites could use this information very differently. My web server itself may also decide to show selected information to selected servers... Implementing this is it turns out quite easy. More on that on this blog and on the foaf-protocols mailing list.

Thursday Jan 15, 2009

The W3C Workshop on the Future of Social Networking Position Papers

picture by Salvadore Dali

I am in Barcelona, Spain (the country of Dali) for the W3C Workshop on the Future of Social Networking. To prepare for this I decided to read through the 75 position papers. This is the conference I have been the best prepared for ever. It really changes the way I can interact with other attendees. :-)

I wrote down a few notes on most paper I read through, to help me remember what I read. This took me close to a week, a good part of which I spent trying to track down the authors on the web, find their pictures, familiarise myself with their work, and fill out my Address Book. Anything I could do to help me find as many connections as possible to help me remember the work. I used delicious to save some subjective notes, which can be found on under the w3csn tag. I was going to publish this on Wednesday, but had not quite finished reading through all the papers. I got back to my hotel this evening to find that Libby Miller, who co-authored the foaf ontology, had beat me to it with the extend and quality of her reviews which she published in a two parts:

Amazing work Libby!

70 papers is more than most people can afford to read. If I were to recommend just a handful of papers that stand out in my mind for now these would be:

  • Paper 36 by Ching-man Au Yeung, Laria Liccardi, Kanghao Lu, Oshani Seneviratne and Tim Berners Lee wrote the must read paper entitled "Decentralization: The Future of Online Social Networking". I completely agree with this outlook. It also mentions my foaf+ssl position paper, which of course gives it full marks :-) I would use "distribution" perhaps over "decentralisation", or some word that better suggests that the social network should be able to be as much of a peer to peer system as the web itself.
  • "Leveraging Web 2.0 Communities in Professional Organisations" really prooves why we need distributed social networks. The paper focuses on the problem faced by Emergency Response organisation. Social Networks can massively improove the effectiveness of such responses, as some recent catastrophes have shown. But ER teams just cannot expect everyone they deal with to be part of just one social network silo. They need to get help from anywhere it can come from. From professional ER teams, from people wherever they are, from infromation wherever it finds itself. Teams need to be formed ad hoc, on the spot. Not all data can be made public. Distributed Open Secure Social Networks are what is needed in such situations. Perhaps the foaf+ssl proposal (wiki page) can help to make this a reality.
  • In "Social networking across devices: opportunity and risk for the disabled and older community", Henni Swan explains how much social networking information could be put to use to help make better user interface for the disabled. Surprisingly enough none of the web sites, so taken by web 2.0 technologies, seem to put any serious, effort in this space. Aparently though this can be done with web 2.0 technologies, as Henny explains in her blog. The semantic Web could help even further I suggested to her at her talk today, by splitting the data from the user interface. Specialised browsers for the disabled could adapt the information for their needs, making it easy for them to navigate the graph.
  • "Trust and Privacy on the Social Web" starts the discussion in this very important space. If there are to be distributed social networks, they have to be secure, and the privacy and trust issues need to be looked at carefully.
  • On a lighter note, Peter Ferne's very entertaining paper "Collaborative Filtering and Social Capital" comes with a lot of great links and is a pleasure to read. Did you know about the Whuffie Index or CELEBDAQ? Find out here.
  • Many of the telecoms papers, of which Telefonica's "The social network behind telecom networks" reveal the elephant in the room that nobody saw in social networking: the telecoms. Who has the most information about everyone's social network? What could they do with this information? How may people have phones, compared to internet access? Something to think about.
  • Nokia's position paper can then be seen in a different light. How can handset manufacturers help put to use the social networking and location information contemporay devices are able to access? The Address Book in cell phones is the most important application in a telephone. But do people want to only connect to other Nokia users? This has to be another reason for distributed social networks.

    I will blog about other posts as the occasion presents itself in future blogs. This is enough for now. I have to get up early and be awake for tomorrow's talks which start at 8:30 am.

    In the mean time you can follow a lively discussion of the ongoing conference on twitter under the w3csn tag.

  • Thursday Dec 04, 2008

    video on distributed social network platform NoseRub

    I just came across this video on Twitter by pixelsebi explaining Distributed social networks in a screencast, and especially a php application NoseRub. Here is the video.

    Distributed Social Networking - An Introduction from pixelsebi on Vimeo.

    On a "Read Write Web" article on his video, pixelsebi summarizes how all these technologies fit together:

    To sum it up - if I would have to describe it somebody who has no real clue about it at all:
    1. Distributed Social Networking is an architecture approach for the social web.
    2. DiSo and Noserub are implementations of this "social web architecture"
    3. OpenSocial REST API is one of many ways to provide data in this distributed environment.
    4. OpenOScial based Gadgets might run some time at any node/junction of this distributed environment and might be able to handle this distributed social web architecture.

    So I would add that foaf provides semantics for describing distributed social networks, foaf+ssl is one way to add security to the system. My guess is that the OpenSocial Javascript API can be decoupled from the OpenSocial REST API and produce widgets however the data is produced (unless they made the mistake of tying it too closely to certain URI schemes)

    Tuesday Dec 02, 2008

    foaf+ssl: adding security to open distributed social networks

    For the "W3C Workshop on the Future of Social Networking", taking place in Barcelona January 2009

    Henry Story
    Bruno Harbulot, Ian Jacobi, Toby Inkster
    Melvin Carvalho

    Semantic Web vocabularies such as foaf permit distributed hyperlinked social networks to exist. We would like to discuss a group of related ways we are exploring (mailing list) to add information and services protection to such distributed networks.

    One major criticism of open networks is that they seem to have no way of protecting the personal information distributed on the web or limiting access to resources. Few people are willing to make all their personal information public, many would like large pieces to be protected, making it available only to a select group of agents. Giving access to information is very similar to giving access to services. There are many occasions when people would like services to only be accessible to members of a group, such as allowing only friends, family members, colleagues to post a blog, photo or comment on a site. How does one do this in a maximally flexible way, without requiring any central point of access control?

    Using an intuition made popular by OpenID we show how one can tie a User Agent to a URI by proving that he has write access to it. foaf+ssl is architecturally a simpler alternative to OpenID (fewer connections), that uses X.509 certificates to tie a User Agent (Browser) to a Person identified via a URI. However, foaf+ssl can provide additional features, in particular, some trust management, relying on signing FOAF files, in conjunction with set of locally trusted keys, as well as a bridge with traditional PKIs. By using the existing SSL certificate exchange mechanism, foaf+ssl integrates more smoothly with existing browsers (pictures with Firefox) including mobile devices, and permits automated sessions in addition to interactive ones.

    The steps in the protocol can be summarised simply:

    1. A web page points to a protected resources using a https URL, e.g.
    2. The client fetches the secure http URL .
    3. As part of that exchange the server requests the client certificate. The client returns Romeo's (possible self signed) certificate, containing the little known X.509 v3 extensions section:
              X509v3 extensions:
                 X509v3 Subject Alternative Name: 
      Because the connection is encrypted, Juliet's server knows that Romeo's client knows the private key of the public key that is also passed in the certificate. Something like:
            Subject Public Key Info:
                  Public Key Algorithm: rsaEncryption
                  RSA Public Key: (1024 bit)
                      Modulus (1024 bit):
                      Exponent: 65537 (0x10001)
    4. Juliet's server dereferences the URI found in the certificate, fetching a document .
    5. The document's log:semantics is queried for information regarding the public key contained in the previously mentioned X.509. This can be done in part with a SPARQL query such as:
      PREFIX cert: <>
      PREFIX rsa: <>
      SELECT ?modulus ?exp
      WHERE { 
         ?key cert:identity <>;
              a rsa:RSAPublicKey;
              rsa:modulus [ cert:hex ?modulus; ];
              rsa:public_exponent [ cert:decimal ?exp ] .   
      If the public keys in the certificate is found to be identical to the one published in the foaf file, the server knows that the client has write access over the resource.
    6. Romeo's identity is then checked as to its position in a graph of relations (including frienship ones) in order to determine trust according to some criteria . Juliet's server can get this information by crawling the web starting from her foaf file, or by other means.
    7. Access is granted or denied .

    We have tested this on multiple platforms in a number of different languages, (Java™, Python, ...) and across a number of existing web browsers (Firefox, Safari, more to come).

    foaf+ssl is one protocol that we would like to concentrate on due to its simplicity. But there are a number of other ways of achieving the same thing, by using OpenID for example. All of them require some extra pieces:

    • An ontology to describe what can be done with the data (copied, republished,...) or what obligations incur in using a service .
    • An ontology to describe who has access to the service. This would be useful to help people decide if they should bother trying to access it, or what else they need to do such as become friends with someone, or reveal a bug in the software somewhere .
    • Other things that might come up .

    We will discuss our experience implementing this, the problems we have encountered and where we think this is leading us to next.

    Sunday Nov 30, 2008

    personalising my blog

    image of the sidebar of my blog

    Those who read me via news feeds (I wonder how many those are), may not have seen the recent additions I have made to my blog pages. I have added a view onto:

    This is quite a lot of personal info. With my friend of a friend network it should be clear how you have more and more of the type of information you could find in social networking sites such as facebook on my blog. And this could keep growing of course.

    The current personalization is mostly powered by JavaScript (with one flash application for ). Here is the code I added to my blog template, pieces of which I found here and there on the web, often in templates provided by the web services themselves.

     <h2>Recent Photos</h2><!-- see -->
        <div id="flickr"><script type="text/javascript" 
        <div class="recentposts">
         <script type="text/javascript" 
        <div id="twitter_div" class="recentposts">
        <a href="">last 5 entries:</a><br/>
    <ul id="twitter_update_list"></ul>
    <script src="" type="text/javascript"></script>
    <script src="" type="text/javascript">
      <h2>Listening To</h2>
    <!-- I am looking for something lighter than this! -->
    <style type="text/css">table.lfmWidgetchart_0bbc5b054e26d39362c0a10c7761f484 td 
      {margin:0 !important;padding:0 !important;border:0 !important;}
     table.lfmWidgetchart_0bbc5b054e26d39362c0a10c7761f484 tr.lfmHead 
         no-repeat 0 0 !important;}
     table.lfmWidgetchart_0bbc5b054e26d39362c0a10c7761f484 tr.lfmEmbed object {float:left;}
     table.lfmWidgetchart_0bbc5b054e26d39362c0a10c7761f484 tr.lfmFoot td.lfmConfig a:hover 
        {background:url( no-repeat 0px 0 !important;;}
     table.lfmWidgetchart_0bbc5b054e26d39362c0a10c7761f484 tr.lfmFoot td.lfmView a:hover 
        {background:url( no-repeat -85px 0 !important;}
     table.lfmWidgetchart_0bbc5b054e26d39362c0a10c7761f484 tr.lfmFoot td.lfmPopup a:hover 
        {background:url( no-repeat -159px 0 !important;}
    <table class="lfmWidgetchart_0bbc5b054e26d39362c0a10c7761f484" cellpadding="0" cellspacing="0" border="0" 
       style="width:184px;"><tr class="lfmHead">
       <td><a title="bblfish: Recently Listened Tracks" href="" target="_blank" 
             no-repeat 0 -20px;text-decoration:none;border:0;">
       <tr class="lfmEmbed"><td>
       <object type="application/x-shockwave-flash" data="" 
         id="lfmEmbed_210272050" width="184" height="199"> 
       <param name="movie" value="" /> 
      <param name="flashvars" value="type=recenttracks&user=bblfish&theme=blue&lang=en&widget_id=chart_0bbc5b054e26d39362c0a10c7761f484" /> 
       <param name="allowScriptAccess" value="always" /> 
        <param name="allowNetworking" value="all" /> 
        <param name="allowFullScreen" value="true" /> 
        <param name="quality" value="high" /> <param name="bgcolor" value="6598cd" /> 
        <param name="wmode" value="transparent" /> <param name="menu" value="true" /> 
        </object></td></tr><tr class="lfmFoot">
        <td style="background:url( repeat-x 0 0;text-align:right;">
        <table cellspacing="0" cellpadding="0" border="0" style="width:184px;">
        <tr><td class="lfmConfig">
       <a href="" 
        title="Get your own widget" target="_blank" 
              no-repeat 0px -20px;text-decoration:none;border:0;">
        </a></td><td class="lfmView" 
        <a href="" title="View bblfish's profile" 
         target="_blank" style="display:block;overflow:hidden;width:74px;height:20px;background:url(
            no-repeat -85px -20px;text-decoration:none;border:0;">
        </td><td class="lfmPopup"
        <a href="" 
           title="Load this chart in a pop up" 
                 no-repeat -159px -20px;text-decoration:none;border:0;" 
           onclick=" + '&resize=0','lfm_popup','height=299,width=234,resizable=yes,scrollbars=yes'); return false;"

    So that as you can see is quite a lot of extra html every time someone wants to download my web page. This would not be too bad, but the above javascript widgets themselves go and fetch a lot of html, javascript, code and other content to further slow down the responsiveness of the web pages. This data is served to everyone whether they want to see all that information or not. Well, if they don't they can subscribe to the rss feed by dragging this page into a feed reader. In which case they will just see the blog posts themselves, and not the sidebar.

    Why add this information to my blog? Well it gives people an idea of where they can find out more about me. A lot of people don't know that I have a feed, so they may not know that they can follow what I am reading over there. This gives the initial feeling of what it would be like to have a deeper view on my activities.

    But as mentioned previously, there are a few problems with this.

    • This makes this page heavier.
    • Every page view on my blog will download that information and start those applets. ( A great way for those services to track the number of people directly visiting these pages btw. )
    • This can become tedious. People who want to follow me can do so by coming to this web page from time. But with enough sites like that this is going to become a bit difficult to do. One does not want to spend all day reading the different feeds of information of one's friends. This is what Facebook does for people: it is a giant web based feed reader of social information.
    • Difficult to track change: If I switch to a different book marking service, perhaps a semantic one like faviki, I will have to redo this page, and all my friends are going to have to update their feeds.
    • If I add more of the resources I am working on this page is going to become unmaintainably long
    • People who read my feed will not notice the changes occurring here.

    So those are the problems that Web 3.0, the semantic web is going to solve. By just downloading my foaf file, you should have access to my network of friends via linked data, and via pointers to all the other resources on the web that I may be using. Whatever tool you use will be able to then keep all this data easily up to date, and with great search tools, enhance your view of the many linked networks you will be part of and tracking.

    The whole code you see above could then be replaced with one link to my foaf file. That foaf file can itself be point to further resources in case it becomes large. To give a list of some of my the most interesting accounts I have I added the following N3 to my foaf file today:

    @prefix : <> .
    @prefix foaf: <> .
    @prefix rdfs: <> .
    :me foaf:holdsAccount 
                  [ a foaf:OnlineAccount ;
                    rdfs:label "Henry Story's skype account"@en;
                    foaf:accountName "bblfish";
                    foaf:accountServiceHomepage <>
                  [ a foaf:OnlineAccount ;
                    rdfs:label "Henry Story's flickr pictures account"@en;
                    foaf:accountName "bblfish";
                    foaf:accountServiceHomepage <>
                    foaf:accountProfilePage <>
                  [ a foaf:OnlineAccount ;
                    rdfs:label "Henry Story's music account"@en;
                    foaf:accountName "bblfish";
                    foaf:accountServiceHomepage <>
                    foaf:accountProfilePage <>
                  [ a foaf:OnlineAccount ;
                    rdfs:label "Henry Story's delicious bookmarking account"@en;
                    foaf:accountName "bblfish";
                    foaf:accountServiceHomepage <>
                    foaf:accountProfilePage <>
                  [ a foaf:OnlineAccount ;
                    rdfs:label "Henry Story's developer account"@en;
                    foaf:accountName "bblfish";
                    foaf:accountServiceHomepage <>
                  [ a foaf:OnlineAccount ;
                    rdfs:label "Henry Story's twitter micro blogging account"@en;
                    foaf:accountName "bblfish";
                    foaf:accountServiceHomepage <>
                    foaf:accountProfilePage <>
                  [ a foaf:OnlineAccount ;
                    rdfs:label "Henry Story's twine semantic aggregation account"@en;
                    foaf:accountName "bblfish";
                    foaf:accountServiceHomepage <>
                    foaf:accountProfilePage <>
                  [ a foaf:OnlineAccount ;
                    rdfs:label "Henry Story's facebook social networking account"@en;
                    foaf:accountName "bblfish";
                    foaf:accountServiceHomepage <>
                  [ a foaf:OnlineAccount ;
                    rdfs:label "Henry Story's linked in business social network account"@en;
                    foaf:accountName "bblfish";
                    foaf:accountServiceHomepage <>
                    foaf:accountProfilePage <>
                  ] .

    First of all it should be clear that the above is a lot more readable that the javascript code shown earlier in this post. Secondly I listed over twice as many online accounts there than I currently have in my side bar. And finally this is in a file that a client would not need to download unless it had an interest in knowing more about me. This could easily be cached over a period of time, and need not be served up again on each page request.

    Again for one possible view on the above data it is worth installing the Tabulator Firefox extension and then clicking on my foaf icon. There are of course many more things specialized software could do with that infomation than present it like that.

    On this topic, you may want to continue by looking at the recently published, excellent and beautiful presentation on the subject of the Social Semantic Web, by John Breslin.

    variation on @timoreilly: hyperdata is the new intel outside

    Context: Tim O'Reilly said "Data is the new Intel Inside".

    Recently in a post "Why I love Twitter":

    What's different, of course, is that Twitter isn't just a protocol. It's also a database. And that's the old secret of Web 2.0, Data is the Intel Inside. That means that they can let go of controlling the interface. The more other people build on Twitter, the better their position becomes.

    The meme was launched in the well known "What is Web 2.0" paper in the section entitled "Data is the next Intel Inside"

    Applications are increasingly data-driven. Therefore: For competitive advantage, seek to own a unique, hard-to-recreate source of data.

    Most of the data is outside your database. It can only be that way, the world is huge, and you are just one small link in the human chain. Linking that data is knowledge and value creation. Hyperdata is the foundation of Web 3.0.

    Thursday Nov 20, 2008

    foaf+ssl: a first implementation

    The first very simple implementations for the foaf+ssl protocol are now out: the first step in adding simple distributed security to the global open distributed decentralized social network that is emerging.

    Update Feb 2009: I put up a service to create a foaf+ssl service in a few clicks. Try that out if you are short on time first.

    The foaf+ssl protocol has been discussed in detail in a previous blog: "FOAF & SSL: creating a global decentralised authentication protocol", which goes over the theory of what we have implemented here. For those of you who have more time I also recommend my JavaOne 2008 presentation Building Secure, Open and Distributed Social Network Applications, which explains the need for a protocol such as this, gives some background understanding of the semantic web, and covers the working of this protocol in detail, all in a nice to listen to slideshow with audio.

    In this article we are going to be rather more practical, and less theoretical, but still too technical for the likes of many. I could spend a lot of time building a nice user interface to help make this blog a point and click experience. But we are not looking for point and click users now, but people who feel at home looking at some code, working with abstract security concepts, who can be critical and find solutions to problems too, and are willing to learn some new things. So I have simplified things as much as needs be for people who fall into that category (and made it easy enough for technical managers to follow too, I hope ).

    To try this out yourself you need just download the source code in the So(m)mer repository. This can be done simply with the following command line:

    $ svn checkout sommer --username guest
    (leave the password blank)

    This is downloading a lot more code than is needed by the way. But I don't have time to spend on isolating all the dependencies, bandwidth is cheap, and the rest of the code in there is pretty interesting too, I am sure you will agree. Depending on your connection speed, this will take some time to download, so we can do something else in the meantime, such as have a quick look at the uml diagram of the foaf+ssl protocol:

    foaf+ssl uml sequence diagram

    Let us make clear who is playing what role. You are Romeo. You want your client - a simple web browser such as Firefox or Safari will do - to identify yourself to Juliette's Web server. Juliette as it happens is a semantic web expert and she trusts that if you are able to read through this blog, understand it, create your X509 certificate and set up your foaf file so that it publishes your public key information correctly then you are human, intelligent, avant-garde, and you have enough money to own a web server which is all to your advantage. As a result her semantically enabled server will give you the secret information you were looking for.

    Juliette knows of course that at a later time things won't be that simple anymore, when distributed social networks will be big enough that the proportion of fools will be large enough for their predators to take an interest in this technology, and the tools for putting up a certificate will come packaged with everyone's operating system, embedded in every tool, etc... At that point things will have moved on and Juliette will have added more criteria to give access to her secret file. Not only will your certificate have to match the information in your foaf file as it does now, but given that she knows your URL and what you have published there of your social graph, she will be able to use that and your position in the social graph of her friends to enabling her server to decide how to treat you.

    Creating a certificate and a foaf file

    So the first thing to do is for you to create yourself a certificate and a foaf file. This is quite easy. You just need to do the following in a shell.

    $ cd sommer/misc/FoafServer/
    $ java -version
    java version "1.5.0_16"
    Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_16-b06-284)
    Java HotSpot(TM) Client VM (build 1.5.0_16-133, mixed mode, sharing)
    $ ant jar

    Currently one needs at least Java 5 to run this.

    Before you create your certificate, you need to know what your foaf URL is going to be. If you allready have a foaf file, then that is easy, and the following will get you going:

    $ java -cp dist/FoafServer.jar  -shortfoaf
    Enter full URL of the person to identify (no relative urls allowed): 
    for example:
    Enter password for new keystore :enterAnewPasswordForNewStore     
    publish the triples expressed by this n3
    # you can use use cwm to merge it into an rdf file
    # or a web service such as to convert it to rdf/xml
    # Generated by
    @prefix cert: <> .
    @prefix rsa: <> .
    @prefix foaf: <> .
    <> a foaf:Person; 
        is cert:identity of [ 
              a rsa:RSAPublicKey;
              rsa:public_exponent "65537"\^cert:decimal ;
              rsa:modulus """b6bd6ce1a5ef51aaa69752c6af2e71948ab6da
    74d1eb32ced152084cfb860fb8cb5298a3c0270145c5d878f07f6417af"""\^cert:hex ;
              ] .
    the public and private keys are in the stored in cert.p12
    you can list the contents by running the command
    $ openssl pkcs12 -clcerts -nokeys -in cert.p12 | openssl x509 -noout -text

    If you do then run the openssl command you will find that the public key components should match the rdf above.

    $  openssl pkcs12 -clcerts -nokeys -in cert.p12 | openssl x509 -noout -text
    Enter Import Password:
    MAC verified OK
            Version: 3 (0x2)
            Serial Number: 1 (0x1)
            Signature Algorithm: sha1WithRSAEncryption
            Issuer: CN=
                Not Before: Nov 19 10:58:50 2008 GMT
                Not After : Nov 10 10:58:50 2009 GMT
            Subject: CN=
            Subject Public Key Info:
                Public Key Algorithm: rsaEncryption
                RSA Public Key: (1024 bit)
                    Modulus (1024 bit):
                    Exponent: 65537 (0x10001)
            X509v3 extensions:
                X509v3 Basic Constraints: critical
                X509v3 Key Usage: critical
                    Digital Signature, Non Repudiation, Key Encipherment, Key Agreement, Certificate Sign
                Netscape Cert Type: 
                    SSL Client, S/MIME
                X509v3 Subject Key Identifier: 
                X509v3 Authority Key Identifier: 
                X509v3 Subject Alternative Name: 
        Signature Algorithm: sha1WithRSAEncryption

    Notice also that the X509v3 Subject Alternative Name, is your foaf URL. The Issuer Distinguished name (starting with CN= here) could be anything.
    This by the way, is the certificate that you will be adding to your browser in the next section.

    If you don't have a foaf file, then the simplest way to do this is to:

    1. decide where you are going to place the file on your web server
    2. decide what the name of it is
    3. Put a fake file there named cert.rdf
    4. get that file with a browser by typing in the full url there
    5. your foaf url with then be

    Then you can use the following command to create your foaf file:

    $ java -cp dist/FoafServer.jar

    That is the same as the first one but without the -shortfoaf argument. You will be asked for some information to fill up your foaf file, so as to make it a little more realistic -- you might as well get something useful out of this. You can then use either cwm or a web service to convert that N3 into rdf/xml, which you can then publish at the correct location. Now entering your url into a web browser should get your foaf file.

    Adding the certificate to the browser

    The previous procedure will have created a certificate cert.p12, which you now need to import into your browser. The software that creates the certificate could I guess place it in your browser too, but that would require some of work to make it cross platform. Something to do for sure, but not now. On OSX adding certs programmatically to the Keychain application is quite easy.

    So to add the certificate to your browsers store, open up Firefox's preferences and go to the Advanced->Encryption tab as shown here

    Firefox 3.03 Advanced Preferences dialog

    Click on "View Certificates" button, and you will get the Certificate Manager window pictured here.

    Firefox 3.03 Certificate manager

    Click the import button, and import the certificate we created in the previous section. That's it.

    Starting Juliette's server

    In a few days time Ian Jacobi will have a python based server working with the new updated certificate ontology. I will point to that as soon as he has it working. In the mean time you can run Juliette's test server locally like this:

    $ ant run

    This will start her server on your computer on localhost on port 8843 where it will be listening on a secure socket.

    Connecting your client to Juliette's server

    So now you can just go to https://localhost:8843/servlet/CheckClient in your favorite browser. This is Juliette's protected resource by the way, so we have moved straight to step 2 in the above UML diagram.

    Now because this is a server running locally, and it has a secure port open that emits a certificate that is not signed by a well established security authority things get more complicated than they usually need be. So the following steps appea only because of this and so, to make it clear that this is just a result of this experiment, I have placed the following paragraph in a blue background. You will only need to do this the first time you connect in this experminent, so be weary of the blues.

    Firefox gave me the following warning the first time I tried it.

    Firefox 3.03 certificate error dialog

    This is problematic because it just warns that the server's certificate is not trusted, but does not allow you to specify that you trust it (after all, perhaps you just mailed you the public key in the certificate and you could use that information to decide that you trust the server).

    On trying again, shift reloading perhaps, I am not sure, I finally got Firefox to present me with the following secure connection failed page:

    Firefox 3.03 secure connection failed page

    Safari had done the right things first off. Since we trust localhost:8843 (having just started it and even inspected some of the code ) we just need to click the "Or you can add an exception ..." link, which brings up the dialog below:

    Firefox 3.03 secure add exception page

    They are trying to frighten users here of course. And so they should. Ahh if only we had a localhost signed certificate by a trusted CA, I would not have to write this whole part of the blog!

    So of course you go there and click "Add Exception...", and this brings up the following dialog.

    Firefox 3.03 get Certificate dialog

    So click "Get Certificate" and get the server certificate. When done you can see the certificate

    Firefox 3.03 get Certificate dialog

    And confirm the security Exception.

    Again all of this need not happen. But since it also makes clear what is going on, it can be helpful to show it.

    Choose your certificate

    Having accepted the server's certificate, it will now ask you for yours. As a result of this Firefox opens up the following dialog.

    Firefox 3.03 Server requesting Client Certificate

    Since you only have one client certificate this is an easy choice. If you had a number of them, you could choose which persona to present to the site. When you click Ok, the certificate will be sent back to the server. This is the end of stage 2 in the UML diagram above. At that point Juliette's server ( on localhost ) will go and get your foaf file (step 3), and compare the information about your public key to the one in the certificate you just presented (step 4) by making the following query on your foaf file, as shown in the CheckClient class:

          TupleQuery query = rep.prepareTupleQuery(QueryLanguage.SPARQL,
                                    "PREFIX cert: " +
                                    "PREFIX rsa: " +
                                    "SELECT ?mod ?exp " +
                                    "WHERE {" +
                                    "   ?sig cert:identity ?person ." +
                                    "   ?sig a rsa:RSAPublicKey;" +
                                    "        rsa:modulus [ cert:hex ?mod ] ;" +
                                    "        rsa:public_exponent [ cert:decimal ?exp ] ." +
           query.setBinding("person", vf.createURI(uri.toString()));
           TupleQueryResult answer = query.evaluate();
    If the information in the certificate and the foaf file correspond, then the server will send you Juliette's secret information. In a Tabulator enabled browser this comes out like this:

    Firefox 3.03 displaying Juliette's secret info

    The source code for all that is not far, and you will see that the algorithms used are very simple. This proves that the minimal piece, which is equivalent to what OpenID does, works. Next we will need to build up the server so that it can make decisions based on a web of trust. But by then you will have your foaf file, and filled up your social network a little for this to work.

    Further Work

    Discussions on this and on a number of other protocols in the same space is currently happening on the foaf protocols mailing list. You are welcome to join the sommer project to work on the code and debug it. As I mentioned Ian Jacobi has a public server running which he should be updating soon with the new certificate ontology that we have been using here.

    Clearly it would be really good to have a number of more advanced servers running this in order to experiment with access controls that add social proximity requirements.

    Things to look at:

    • What other browsers does this work with?
    • Can anyone get this to work with Aladdin USB e-Token keys or similar tools?
    • Work on access controls that take social proximity into account
    • Does this remove the need for cookie identifiers on web sites?

    I hope to be able to present this at the W3C Workshop on the Future of Social Networking in January 2009.

    Tuesday Nov 11, 2008

    REST APIs must be hypertext driven

    Roy Fielding recently wrote in "REST APIs must be hypertext-driven"

    I am getting frustrated by the number of people calling any HTTP-based interface a REST API. Today's example is the SocialSite REST API. That is RPC. It screams RPC. There is so much coupling on display that it should be given an X rating.

    That was pretty much my thought when I saw that spec. In a comment to his post he continues.

    The OpenSocial RESTful protocol is not RESTful. It could be made so with some relatively small changes, but right now it is just wrapping RPC results in common Web media types.

    Clarification of Roy's points

    Roy then goes on to list some key criteria for what makes an application RESTful.

    • REST API should not be dependent on any single communication protocol, though its successful mapping to a given protocol may be dependent on the availability of metadata, choice of methods, etc. In general, any protocol element that uses a URI for identification must allow any URI scheme to be used for the sake of that identification.

      In section 2.2 of the O.S. protocol we have the following JSON representation for a Person.

          "id" : "",
          "displayName" : "Janey",
          "name" : {"unstructured" : "Jane Doe"},
          "gender" : "female"

      Note that the id is not a URI. Further down in the XML version of the above JSON, it is made clear that by appending "urn:guid:" you can turn this string into a URI. By doing this the protocol has in essence tied itself to a URI scheme, since there is no way of expressing another URI type in the JSON - the JSON being the key representation in this Javascript specific API by the way, the aim of the exercise being to make the writing of social network widgets interoperable. Furthermore this scheme has some serious limitations such as for example that it limits one to 1 social network per internet domain, is tied to a quite controversial XRI spec that has been rejected by OASIS, and does not provide a clear mechanism for retrieving information about it. But that is not the point. The definition of the format is tying itself unnecessarily to a URI scheme, and moreover one that ties one to what is clearly a client/server model.

    • A REST API should not contain any changes to the communication protocols aside from filling-out or fixing the details of underspecified bits of standard protocols, such as HTTP's PATCH method or Link header field.
    • A REST API should spend almost all of its descriptive effort in defining the media type(s) used for representing resources and driving application state, or in defining extended relation names and/or hypertext-enabled mark-up for existing standard media types. Any effort spent describing what methods to use on what URIs of interest should be entirely defined within the scope of the processing rules for a media type (and, in most cases, already defined by existing media types). [Failure here implies that out-of-band information is driving interaction instead of hypertext.]

      Most of these so called RESTful APIs spend a huge amount of time specifying what response a certain resource should give to a certain message. Note for example section 2.1 entitled Responses

    • A REST API must not define fixed resource names or hierarchies (an obvious coupling of client and server). Servers must have the freedom to control their own namespace. Instead, allow servers to instruct clients on how to construct appropriate URIs, such as is done in HTML forms and URI templates, by defining those instructions within media types and link relations. [Failure here implies that clients are assuming a resource structure due to out-of band information, such as a domain-specific standard, which is the data-oriented equivalent to RPC's functional coupling].

      In section 6.3 one sees this example:

      /activities/{guid}/@self                -- Collection of activities generated by given user
      /activities/{guid}/@self/{appid}        -- Collection of activities generated by an app for a given user
      /activities/{guid}/@friends             -- Collection of activities for friends of the given user {guid}
      /activities/{guid}/@friends/{appid}     -- Collection of activities generated by an app for friends of the given user {guid}
      /activities/{guid}/{groupid}            -- Collection of activities for people in group {groupid} belonging to given user {uid}
      /activities/{guid}/{groupid}/{appid}    -- Collection of activities generated by an app for people in group {groupid} belonging to given user {uid}
      /activities/{guid}/@self/{appid}/{activityid}   -- Individual activity resource; usually discovered from collection
      /activities/@supportedFields            -- Returns all of the fields that the container supports on activity objects as an array in json and a repeated list in atom.

      For some reason it seems that this protocol does require a very precise lay out of the patterns of URLs. Now it is true that this is then meant to be specified in an XRDS document. But this document is not linked to from any of the representations as far as I can see. So there is some "out of band" information exchange that has happened and on which the rest of the protocol relies. Furthermore it ties the whole service again to one server. How open is a service which ties you to one server?

    • A REST API should never have "typed" resources that are significant to the client. Specification authors may use resource types for describing server implementation behind the interface, but those types must be irrelevant and invisible to the client. The only types that are significant to a client are the current representation's media type and standardized relation names. [ditto]

      Now clearly one does want to have URIs name resources, things, and these things have types. I think Roy is here warning against the danger that expectations are placed on types that depend on the resources themselves. This seems to be tied to the previous point that one should not have fixed resource names or hierarchies as we saw above. To see how this is possible check out my foaf file:

      $ cwm --ntriples | grep knows | head
          <>     <> <> .
          <>     <> <> .
          <>     <> <> .
          <>     <> <> .
          <>     <> <> .
          <>     <> <> .
          <>     <> <> .
          <>     <> <> .
          <>     <> <> .
          <>     <> <> .

      Notice that there is no pattern in the URIs to the right. (As it happens there are no ftp URLs there, but it would work just as well if there were). Yet the Tabulator extension for Firefox knows from the relations above alone that (if it believes my foaf file of course) the URIs to the right refer to people. This is because the foaf:knows relation is defined as

      @prefix foaf: <> .
      foaf:knows  a rdf:Property, owl:ObjectProperty;
               :comment "A person known by this person (indicating some level of reciprocated interaction between the parties).";
               :domain <>;
               :isDefinedBy <>;
               :label "knows";
               :range foaf:Person .

      This information can then be used by a reasoner (such as the javascript one in the tabulator) to deduce that the resources pointed to by the URIs to the right and to the left of the foaf:knows relation are members of the foaf:Person class.

      Note also that there is no knowledge as to how those resources are served. In many cases they may be served by simple web servers sending resources back. In other cases the RDF may be generated by a script. Perhaps the resources could be generated by java objects served up by Jersey. The point is that the Tabulator does not need to know.

      Furthermore, the ontology information above is not out of band. It is GETable at the foaf:knows URIs itself. The name of the relation links to the information about the relations, which gives us enough to be able to deduce further facts. This is hypertext - hyperdata in this case - at its best. Compare that with the JSON example given above. There is no way to tell what that JSON means outside of the context of the totally misnamed 'Open Social RESTful API'. This is a limitation of JSON, or at least this name space less version. One would have to add a mime type to the JSON to make it clear that the JSON had to be interpreted in a particular manner for this application, but I doubt most JSON tools would know what to do with mime typed JSON versions. And do you really want to go through a mime type registration process every time a social networking application wants to add a new feature or interact with new types of data?

      as Roy summarizes in one one of the replies to this blog post:

      When representations are provided in hypertext form with typed relations (using microformats of HTML, RDF in N3 or XML, or even SVG), then automated agents can traverse these applications almost as well as any human. There are plenty of examples in the linked data communities. More important to me is that the same design reflects good human-Web design, and thus we can design the protocols to support both machine and human-driven applications by following the same architectural style.

      To get a feel of this it really helps to play with other hyperdata applications, other than ones residing in web browsers The semantic address book is one such, that I spent some time writing.

    • A REST API should be entered with no prior knowledge beyond the initial URI (bookmark) and set of standardized media types that are appropriate for the intended audience (i.e., expected to be understood by any client that might use the API). From that point on, all application state transitions must be driven by client selection of server-provided choices that are present in the received representations or implied by the user‚Äôs manipulation of those representations. The transitions may be determined (or limited by) the client's knowledge of media types and resource communication mechanisms, both of which may be improved on-the-fly (e.g., code-on-demand). [Failure here implies that out-of-band information is driving interaction instead of hypertext.]

      That is the out of band point made previously, and confirms the point made about the danger of protocols that depend on URI patterns or resources that are somehow typed at the protocol level. You should be able to pick up a URI and just go from there. With the tabulator plugin you can in fact do just that on any of the URLs listen in my foaf file, or in other RDF.

    What's the point?

    Engineers under the spell of the client/server architecture, will find some of this very counter intuitive. This is indeed why Roy's thesis, and the work done by the people who engineered the web before that and whose wisdom is distilled in various writings by the Technical Architecture Group did something that was exceedingly original. These very simple principles that can feel unintuitive to someone who is not used to thinking at a global information scale, make a lot of sense when you do come to think at that level. When you do write such an Open system, that can allow people to access information globally, you want it to be such that you can send people a URI to any resource you are working with, so that both of you can speak about the same resource. Understanding what the resource that URL is about should be found by GETting the meaning of the URL. If the meaning of that URL depends on the way you accessed it, then you will no longer be able to just send a URL, but you will have to send 8 or 9 URLs with explanations on how to jump from one representation to the other. If some out of band information is needed to understand that one has to inspect the URL itself to understand what it is about, then you are not setting up an Open protocol, but a secret one. Secret protocols may indeed be very useful in some circumstances, and so as Roy points out may non RESTful ones be:

    That doesn’t mean that I think everyone should design their own systems according to the REST architectural style. REST is intended for long-lived network-based applications that span multiple organizations. If you don’t see a need for the constraints, then don’t use them. That’s fine with me as long as you don’t call the result a REST API. I have no problem with systems that are true to their own architectural style.
    but note: it is much more difficult for them to make use of the network effect: the value of information grows exponentially with its ability to be linked to other information. In another reply to a comment Roy puts this very succinctly:
    encoding knowledge within clients and servers of the other side’s implementation mechanism is what we are trying to avoid.

    Monday Nov 10, 2008

    Possible Worlds and the Web

    Tim Berner's Lee pressed to define his creation said recently (from memory): " short definition is that the web is a mapping from URI's onto meaning".

    Meaning is defined in terms of possible interpretations of sentences, also known as possible worlds. Possible Worlds under the guise of the 5th and higher dimensions are fundamental components of contemporary physics. When logic and physics meet we are in the realm of metaphysics. To find these two meet the basic architecture of the web should give anyone pause for thought.

    The following extract from RDF Semantics spec is a good starting point:

    The basic intuition of model-theoretic semantics is that asserting a sentence makes a claim about the world: it is another way of saying that the world is, in fact, so arranged as to be an interpretation which makes the sentence true. In other words, an assertion amounts to stating a constraint on the possible ways the world might be. Notice that there is no presumption here that any assertion contains enough information to specify a single unique interpretation. It is usually impossible to assert enough in any language to completely constrain the interpretations to a single possible world, so there is no such thing as 'the' unique interpretation of an RDF graph. In general, the larger an RDF graph is - the more it says about the world - then the smaller the set of interpretations that an assertion of the graph allows to be true - the fewer the ways the world could be, while making the asserted graph true of it.

    A few examples may help here. Take the sentence "Barack Obama is the 44th president of the U.S.A". There are many many ways the world/universe/complete 4 dimensional space time continuum from the beginning of the universe to the end if there is one, yes, there are many ways the world could be and that sentence be true. For example I could not have bothered to write this article now, I could have written it just a little later, or perhaps even not at all. There is a world in which you did not read it. There is a world in which I went out this morning to get a baguette from one of the many delicious local french bakeries. The world could be all these ways and yet still Barack Obama be the 44th president of the United States.

    In N3 we speak about the meaning of a sentence by quoting it with '{' '}'. So for our example we can write:

    @prefix dbpedia: <> .
    { dbpedia:Barack_Obama a dbpedia:President_of_the_United_States . } = :g1 .

    :g1 is the set of all possible worlds in which Obama is president of the USA. The only worlds that are not part of that set, are the worlds where Obama is not President, but say McCain or Sarah Palin is. That McCain might have become president of the United States is quite conceivable. Both those meanings are understandable, and we can speak about both of them

    @prefix dbpedia: <> .
    { dbpedia:Barack_Obama a dbpedia:President_of_the_United_States . } = :g1 .
    { dbpedia:John_McCain a dbpedia:President_of_the_United_States . } = :g2 .
    :g1 hopedBy :george .
    :g2 feardedBy :george .
    :g1 fearedBy :jane .

    Ie. we can say that George hopes Barack Obama to be the 44th president of the United States, but that Jane fears it.

    Assume wikipedia had a resource for each member of the list of presidents of the USA, and that we were pointing to the 44th element above. Then even though we can speak about :g1 and :g2, there is no world that fits them both: The intersection of both :g1 and :g2 is { } , the empty set, whose extension according to David Lewis' book on Mereology is the fusion of absolutely all possibilities. The thing that is everything and everywhere and around at all times. Ie. you don't make any distinction when you say that: you don't say anything.

    The definition of meaning in terms of possible worlds, make a few things very simple to explain. Implication being one of them. If every president has to be human, then

    @prefix log: <> .
    { dbpedia:Barack_Obama a dbpedia:President_of_the_United_States . } log:implies { dbpedia:Barack_Obama a dbpedia:Human . }

    Ie the set of possible worlds in which Obama is a president of the United States is a subset of the set of worlds in which he is Human. There are worlds after all where Barack is just living a normal Lawyer's life.

    So what is this mapping from URIs to meaning that Tim Berners Lee is talking about? I interpret him as speaking of the log:semantics relation.

    @prefix rdf: <> .
    log:semantics a rdf:Property;
             :label "semantics";
             :comment """The log:semantics of a document is the formula.
             achieved by parsing representation of the document.
              For a document in Notation3, log:semantics is the
              log:parsedAsN3 of the log:contents of the document.
              For a document in RDF/XML, it is parsed according to the
              RDF/XML specification to yield an RDF formula [snip]""";
             :domain foaf:Document;
             :range log:Formula .

    Of course it is easier to automate the mapping from resources that return RDF based representations, but log:semantics can be applied to any document. Any web page, even those written in natural languages, have some semantics. It is just that they currently require very advanced wetware processors to interpret them. These can indeed be very specialised wetware processors, as for example those that one meets at air ports.

    Wednesday Nov 05, 2008

    The coming postmodern era

    Kevin Kelly argued convincingly that the growth in technology is creating a new world wide super organism, something Nova Spivack likes to call One Mind (OM). I argue here that this One Mind will have to be a postmodern mind: it will have to take points of view as a fundamental given. In other words it is a world of Many Many Minds (MMM) that is being born.

    Concepts can take a long time from their birth to their acceptance by society. Democritus reasoned in 400BC that the earth was round, that there were other stars, and that they had planets which had life. It took a 2400 years, a trip to the moon, satellite television, mass air travel to turn these deep insights into common sense.

    I think one can make the case that the massive intrusion of the Personal Computer in the 1980ies into huge numbers of household and businesses led to the strengthening of the concepts of 'efficiency' and the self. The metaphor of the brain as computer took hold silencing previous behaviorist intuitions. The computer could be programmed. It could think. Some could think faster than others. Every year they became more efficient. The PC was the icon of the age. It was alone and did not communicate. It was the era of selfish competition: the 'me' generation. As Margaret Thatcher, prime minister of Britain at the time said: "There is no such thing as society".

    In the 1990ies the internet entered public consciousness, and with it the realization of how the network was overtaking the PC in importance. Information moved from being mostly on a computer to being mostly in the network cloud. The network was slow, so the experience people had was primarily of being connected to information and commerce. The experience of globalization of commerce and information blended with a modernistic view of the future unity of humanity moving towards one end: the end of history.

    Behind the growth of the web and the internet, hidden to many, lay the strength of community. Unix, Linux, Apache, Open Source software, that had been the cause of the huge growth of the Network became more apparent, and became visible to the majority in the form of the read/write web under the banner of blogging. The last 8 years have been the discovery of the web as a platform for each individual voice to be heard, of community and mostly protected social networks. The end of the 20th century was also the end of the read only society as Lawrence Lessig argues so well. Millions of different points of view came to express themselves on innumerable topics.

    Where next? What will happen as we move from a human readable read/write web to a machine readable one? What happens when we manage to break through the autism of current tools? What happens when software becomes widely available that can ask you if you want to reason over data you believe, or if you'd rather look at what your parents believe, or what republicans tend to believe, or what your children believe? This is as I argued recently the fundamentally new thing the semantic web is making possible; something unlike anything that humanity has ever witnessed before. The first tools that can make the step out of autism.

    Of course, we mostly all come to understand around the age of 4 that other people believe different things from us, and that different people may think incompatible things about the world. But what happens when this everyday intuition becomes mechanized, objectified in tools that each year become more efficient? Most people always knew that society was very important, but the growth of the PC in the 1980ies created a strong icon in public discourse around which concepts of the self could cluster. In a similar way the growth of software that can point out contradictions between different points of views expressed in a distributed way around the web, would by doing this place a huge emphasis on the notion of points of views. If it were to make exploring these views easy, easier than it is for a normal human being living a normal life nowadays, then we can imagine that people may start exploring points of views much more often, more easily, in more detail, without thinking too much of it. Just like people now may drive 35 miles to work because they can, we can imagine people thinking more about others because some of the hard work has now been automated for them. Discovering conflicts in belief before they lead to conflicting actions could remove a lot of problems before they occur. ( Hopefully it won't lead us into some crazy world such as that described in the movie Being John Malkovitch ).

    So how does this fit in with Post Modernism? Well, post modernism is a fuzzy concept, possibly even fuzzier than Web 2.0 or for that matter Web 3.0. It arose out of the disillusionment with all deterministic explanations of the future given by many of the western schools of thought, from christian evangelism to Marxism, Futurism, Consumerism ... Weary of all totalitarian explanations of everything, baffled by their sheer number, thinkers came to look at the different theories not from the inside, but from the outside, Instead of looking for a theory in which to believe trying to find a theory that would subsume all others, postmodernism, as I understand it, accepted the multiplicity of viewpoints, and found it more interesting to understand their differences. By putting more emphasis on understanding than on Truth, it was possible to look at the multiplicity of different points of view in the world. The pygmy in his tribe was no longer someone in need of conversion to the Truth, but someone one should try to understand in his context. This was felt by many to lead to a dangerous relativism, where the notion of truth itself seemed like it was loosing its meaning. In fact truth has never been better and more precisely defined: It is at its core a disquotation mechanism. According to Tarski's definition of truth:

    "Snow is white" is true, in English if and only if snow is white .
    Or in N3
      @prefix log: <> .
      { { ?s ?r ?o } a log:Truth } <=> { ?s ?r ?o } .
    or in SPARQL
    PREFIX log: <>
    CONSTRUCT { ?subject ?relation ?object }
    WHERE {
       GRAPH ?g { ?subject ?relation ?object }
       ?g a log:Truth .

    Ie, if you hear someone say something, and you believe what they said to be true then you believe what they said. That is so simple it is self evident. So what has it got us? Well believing something is not neutral. Because we infer things from what we believe, and because we act on what we believe, to believe something is also to act and to be predisposed to act. And that is where the contact with reality ends up being felt at some point or another. If someone shouts "Une voiture arrive a ta gauche" in French and you understand it then you might add the following to your database:

    { _:c a :Car; 
          :moving [ :closeProximityTo :you ] .
      _:c positionleftOf :you .
    } saidBy :joe .

    At that point you just believe that Joe believes this. It makes a big difference when you come to believe the same content, namely

    [] a :Car;
       :moving [ :closeProximityTo :you ] .
      _:c positionleftOf :you .

    The disquotation mechanism (In N3 the removing of the '{' '}' ) is therefore an essential part of communication. One should not believe everything one hears - one may after all have misunderstood what was said. To remember who said what, and when one heard it is essential to good thinking. And sometimes who is right is really not that important anyway. Sometimes understanding is more important still. And that means putting oneself into other person's shoes, trying to look at things from their point of view - in essence, realizing that there are many many minds (MMM). So again what will happen when all tools we use every day make it as easy for us to explore points of view as it is to look at a web page, or take the car to work?

    And where does this leave the absolute conception of Truth? Metcalf's Law gives a good explanation of the value of such a conception. Remember that this law states that the value of a network grows exponentially with the size of the network. The search for the Truth was always the search for an explanation that could explain as many things as possible: i.e. to create the biggest possible network, to predict as much as possible, to englobe all points of view, to create a framework that could link all of them together.

    But what if the largest possible network has to take into account points of views as basic constitutive elements of the network?

    Wednesday Sep 24, 2008

    Serialising Java Objects to RDF with Jersey

    Jersey is the reference implementation of JSR311 (JAX-RS) the Java API for RESTful Web Services. In short JSR311 makes it easy to publish graphs of Java Objects to the web, and implement update and POST semantics - all this using simple java annotations. It makes it easy for Java developers to do the right thing when writing data to the web.

    JAX-RS deals with the mapping of java objects to a representation format - any format. Writing a good format, though, is at least as tricky as building RESTful services. So JAX-RS solves only half the problem. What is needed is to make it easy to serialize any object in a manner that scales to the web. For this we have RDF, the Resource Description Framework. By combining JAX-RS and the So(m)mer's @rdf annotation one can remove remove the hurdle of having to create yet another format, and do this in a way that should be really easy to understand.

    I have been wanting to demonstrate how this could be done, since the JavaOne 2007 presentation on Jersey. Last week I finally got down to writing up some initial code with the help of Paul Sandoz whilst in Grenoble. It turned out to be really easy to do. Here is a description of where this is heading.


    The code to do this available from the so(m)mer subversion repository, in the misc/Jersey directory. I will refer and link to the online code in my explanations here.

    Annotate one's classes

    First one needs to annotate one's model classes with @rdf annotations on the classes and fields. This is a way to give them global identifiers - URIs. After all if you are publishing to the web, you are publishing to a global context so global names are the only way to remove ambiguity. So for example our Person class can be written out like this:

    public class Person extends Agent {
        static final String foaf = "";
        @rdf(foaf+"surname") private Collection<String> surnames = new HashSet<String>();
        @rdf(foaf+"family_name") private Collection<String> familynames = new HashSet<String>();
        @rdf(foaf+"plan") private Collection<String> plans = new HashSet<String>();
        @rdf(foaf+"img") private Collection<URL> images = new HashSet<URL>();
        @rdf(foaf+"myersBriggs") private Collection<String> myersBriggss = new HashSet<String>();
        @rdf(foaf+"workplaceHomepage") private Collection<FoafDocument> workplaceHomePages = new HashSet<FoafDocument>();

    This just requires one to find existing ontologies for the classes one has, or to publish new ones. (Perhaps this framework could be extended so as to automate the publishing of ontologies as deduced somehow form Java classes? - Probably a framework that could be built on top of this)

    Map the web resources to the model

    Next one has to find a mapping for web resources to objects. This is done by subclassing the RdfResource<T> template class, as we do three times in the Main class. Here is a sample:

       public static class PersonResource extends RdfResource<Employee> {
          public PersonResource(@PathParam("id") String id) {
              t = DB.getPersonWithId(id);

    This just tells Jersey to publish any Employee object on the server at the local /person/{id} url. When a request for some resource say /person/155492 is made, a PersonResource object will be created whose model object can be found by querying the DB for the person with id 155492. For this of course one has to somehow link the model objects ( Person, Office,... in our example ) to some database. This could be done by loading flat files, querying an ldap server, or an SQL server, or whatever... In our example we just created a simple hard coded java class that acts as a DB.

    Map the Model to the resource

    An object can contain pointers to other objects. In order for the serialiser to know what the URL of objects are one has to map model objects to web resources. This is done simply with the static code in the same Main class [ looking for improovements here too ]

       static {
          RdfResource.register(Employee.class, PersonResource.class);
          RdfResource.register(Room.class, OfficeResource.class);
          RdfResource.register(Building.class, BuildingResource.class);              

    Given an object the serialiser (RdfMessageWriter) can then look up the resource URL pattern, and so determine the object's URL. So to take an example, consider an instance of the Room class. From the above map, the serialiser can find that it is linked to the OfficeResource class from which it can find the /building/{buildingName}/{roomId} URI pattern. Using that it can then call the two getters on that Room object, namely getBuildingName() and getRoomId() to build the URL referring to that object. Knowing the URL of an object means that the serialiser can stop its serialisation at that point if the object is not the primary topic of the representation. So when serialising /person/155492 the serialiser does not need to walk through the properties of /building/SCA22/3181. The client may already have that information and if not, the info is just a further GET request away.

    Running it on the command line

    If you have downloaded the whole repository you can just run

    $ ant run
    from the command line. This will build the classes, recompile the @rdf annotated classes, and start the simple web server. You can then just curl for a few of the published resources like this:
    hjs@bblfish:0$ curl -i http://localhost:9998/person/155492
    HTTP/1.1 200 OK
    Date: Wed, 24 Sep 2008 14:37:38 GMT
    Content-type: text/rdf+n3
    Transfer-encoding: chunked
    <> <> </person/155492#HS> .
    </person/155492#HS> <> <> .
    </person/155492#HS> <> </person/528#JG> .
    </person/155492#HS> <> "29_07" .
    </person/155492#HS> <> "Henry Story" .

    The representation returned not a very elegant serialisation of the Turtle subset of N3. This makes the triple structure of RDF clear- subject relation object - and it uses relative URLs to refer to local resources. Other serialisers could be added, such as for rdf/xml. See the todo list at the end of this article.

    The represenation says simple that this resource <> has as primary topic the entity named by #HS in the document. That entity's name is "Henry Story" and knows a few people, one of which is refered to via a global URL, and the other via a local URL /person/528#JG.

    We can find out more about the /person/528#JG thing by making the following request:

    hjs@bblfish:0$ curl -i http://localhost:9998/person/528#JG
    HTTP/1.1 200 OK
    Date: Wed, 24 Sep 2008 14:38:10 GMT
    Content-type: text/rdf+n3
    Transfer-encoding: chunked
    <> <> </person/528#JG> .
    </person/528#JG> <> </person/155492#HS> .
    </person/528#JG> <> </person/29604#BT> .
    </person/528#JG> <> <> .
    </person/528#JG> <> </building/SCA22/3181#it> .
    </person/528#JG> <> "19-05" .
    </person/528#JG> <> "James Gosling" .

    ... where we find out that the resource named by that URL is James Gosling. We find that James has an office named by a further URL, which we can discover more about with yet another request

    hjs@bblfish:0$ curl -i http://localhost:9998/building/SCA22/3181#it
    HTTP/1.1 200 OK
    Date: Wed, 24 Sep 2008 14:38:38 GMT
    Content-type: text/rdf+n3
    Transfer-encoding: chunked
    <> <> </building/SCA22/3181#it> .
    </building/SCA22/3181#it> <> _:2828781 .
    _:2828781 a <> .
    _:2828781 <> "3181" .
    _:2828781 <> "4220 Network Circle" .
    _:2828781 <> "CA" .
    _:2828781 <> "Santa Clara" .
    _:2828781 <> "USA" .
    _:2828781 <> "95054" .

    Here we have a Location that has an Address. The address does not have a global name, so we give it a document local name, _:2828781 and serialise it in the same representation, as shown above.

    Because every resource has a clear hyperlinked representation we don't need to serialise the whole virtual machine in one go. We just publish something close to the Concise Bounded Description of the graph of objects.

    Browsing the results

    Viewing the data through a command line interface is nice, but it's not as fun as when viewing it through a web interface. For that it is best currently to install the Tabulator Firefox plugin. Once you have that you can simply click on our first URL http://localhost:9998/person/155492. This will show up something like this:

    picture of tabualator on loading /person/155492

    If you then click on JG you will see something like this:

    picture tabulator showing James Gosling

    This it turns out is a resource naming James Gosling. James knows a few people including a BT. The button next to BT is in blue, because that resource has not yet been loaded, whereas the resource for "Henry Story" has. Load BT by clicking on it, and you get

    picture of tabulator showing Henry Story knowning Bernard Traversat

    This reveals the information about Bernard Traversat we placed in our little Database class. Click now on the i and we get

    Tabulator with info about Tim Berners Lee

    Now we suddenly have a whole bunch of information about Tim Berners Lee, including his picture, some of the people he has listed as knowing, where he works, his home page, etc... This is information we did not put in our Database! It's on the web of data.

    One of the people Tim Berner's Lee knows is our very own Tim Bray.

    tabulator showing info from dbpedia on Tim Bray

    And you can go on exploring this data for an eternity. All you did was put a little bit of data on a web server using Jersey, and you can participate in the global web of data.


    There are of course a lot of things that can be done to improove this Jersey/so(m)mer mapper. Here are just a few I can think of now:

    • Improove the N3 output. The code works with the examples but it does not deal well with all the literal types, nor does it yet deal with relations to collections. The output could also be more human readable by avoiding repetiations.
    • Refine the linking between model and resources. The use of getters sounds right, but it could be a bit fragile if methods are renamed....
    • Build serialisers for rdf/xml and other RDF formats.
    • Deal with publication of non information resources, such as http:// which names the class of Persons. When you GET it, it redirects you to an information resources:
      hjs@bblfish:1$ curl -i
      HTTP/1.1 303 See Other
      Date: Wed, 24 Sep 2008 15:30:14 GMT
      Server: Apache/2.0.61 (Unix) PHP/4.4.7 mod_ssl/2.0.61 OpenSSL/0.9.7e mod_fastcgi/2.4.2 Phusion_Passenger/2.0.2 DAV/2 SVN/1.4.2
      Vary: Accept-Encoding
      Content-Length: 234
      Content-Type: text/html; charset=iso-8859-1
      <title>303 See Other</title>
      <h1>See Other</h1>
      <p>The answer to your request is located <a href="">here</a>.</p>
      This should also be made easy and foolproof for Java developers.
    • make it industrial strength...
    • my current implementation is tied much too strongly to so(m)mer. The @rdf annotated classes get rewritten to create getters and setters for every field, that links to the sommer mappers. This is not needed here. All we need is to automatically add the RdfSerialiser interface to make it easy to access the private fields.
    • One may want to add support for serialising @rdf annotated getters
    • Add some basic functionality for POSTing to collections or PUTing resources. This will require some thought.

    Bookmarks: digg+, reddit+,, dzone+, facebook+

    Wednesday Sep 17, 2008

    Are OO languages Autistic?

    illustration of a simple play

    One important criterion of Autism is the failure to develop a proper theory of mind.

    A standard test to demonstrate mentalizing ability requires the child to track a character's false belief. This test can be done using stories, cartoons, people, or, as illustrated in the figure, a puppet play, which the child watches. In this play, one puppet, called, Sally, leaves her ball in her basket, then goes out to play. While she is out, naughty Anne moves the ball to her own box. Sally returns and wants to play with her ball. The child watching the puppet play is asked where Sally will look for her ball (where does Sally think it is?). Young children aged around 4 and above recognize that Sally will look in the basket, where she (wrongly) thinks the ball is.
    Children with autism will tend to answer that Sally will look for the ball in the box.

    Here are two further descriptions of autism from today's version of the Wikipedia article:

    The main characteristics are of Autism are impairments in social interaction, impairments in communication, restricted interests and repetitive behavior.
    Sample symptoms include lack of social or emotional reciprocity, stereotyped and repetitive use of language or idiosyncratic language, and persistent preoccupation with parts of objects.

    In order to be able to have a mental theory one needs to be able to understand that other people may have a different view of the world. On a narrow three dimensional understanding of 'view', this reveals itself in that people at different locations in a room will see different things. One person may be able to see a cat behind a tree that will be hidden to another. In some sense though these two views can easily be merged into a coherent description. They are not contradictory. But we can do the same in higher dimensions. We can think of people as believing themselves to be in one of a number of possible worlds. Sally believes she is in a world where the ball is in the basket, whereas Ann believes she is in a world where the ball is in the box. Here the worlds are contradictory. They cannot both be true of the actual world.

    To be able to make this type of statement one has to be able to do at least the following things:

    • Speak of ways the world could be
    • Refer to objects across these worlds
    • Compare these worlds
    The ability to do this is present in none of the well known Object Oriented (OO) languages by default. One can add it, just as one can add garbage collection to C, but it requires a lot of discipline and care. It does not come naturally. Perhaps a bit like a person with Asperger's syndrome can learn to interact socially with others, but in a reflective awkward way.

    Let us illustrate this with a simple example. Let us see how one could naively program the puppet play in Java. Let us first create the objects we will need:

    Person sally = new Person("Sally");
    Person ann = new Person("Ann");
    Container basket = new Container("Basket");
    Container box = new Container("Box");
    Ball ball = new Ball("b1");
    Container room = new Container("Room");
    So far so good. We have all the objects. We can easily imagine code like the following to add the ball into the basket, and the basket into the room.
    Perhaps we have methods whereby the objects can ask what their container is. This would be useful for writing code to make sure that a thing could not be in two different places at once - in the basket and in the box, unless the basket was in the box.
    Container c = ball.getImmediateContainer();
    Assert.true(c == basket);
    try {
    } catch (InTwoPlacesException e) {
    All that is going to be tedious coding, full of complicated issues of their own, but it's the usual stuff. Now what about the beliefs of Sally and Ann? How do we specify those? Perhaps we can think of sally and ann as being small databases of objects they are conscious of. Then one could just add them like this:
    But the problem should be obvious now. If we move the ball from the basket to the box, the state of the objects in sally and ann's database will be exactly the same! After all they are the same objects!
    Ball sb = sally.get(Ball.class,"b1");
    //that is because
    Ball ab = ann.get(Ball.class,"b1");
    There is really no way to change the state of the ball for one person and not for the other,... unless perhaps we give both people different objects. This means that for each person we would have to make a copy of all the objects that they could think of. But then we would have a completely different problem: namely deciding when these two objects were the same. For it is usually understood that the equality of two objects depends on their state. So one usually would not think that an physical object could be the same if it was in two different physical places. Certainly if we had a ball b1 in a box, and another ball b2 in a basket, then what on earth would allow us to say we were speaking of the same ball? Perhaps their name, if it we could guarantee that we had unique names for things. But we would still have some pretty odd things going on then, we would have objects that would somehow be equal, but would be in completely different states! And this is just the beginning of our problems. Just think of the dangers involved here in taking an object from ann's belief database, and how easy it would be to by mistake allow it to be added to sally's belief store.

    These are not minor problems. These are problems that have dogged logicians for the last century or more. To solve it properly then one should look for languages that were inspired by the work of such logicians. The most serious such project is now knows as the Semantic Web.

    Using N3 notation we can write the state of affairs described by our puppet show, and illustrated by the above graph, out like this:

    @prefix : <> .
    :Ann :believes { :ball :in :box . } .
    :Sally :believes { :ball in :basket } .

    N3 comes with a special notation for grouping statements by placing them inside of { }. We could then easily ask who believes the ball is in the basket using SPARQL

    PREFIX : <>
    SELECT ?who
    WHERE {
         GRAPH ?g1 { :ball :in :basket }
         ?who :believes ?g1 .

    The answer would bind ?who to :Sally, but not to :Ann.

    RDF therefore gives us the basic tools to escape from the autism of simpler languages:

    • One can easily refer to the same objects across contexts, as URIs are the basic building block of RDF
    • The basic unit of meaning are sets of relations - graphs - and these are formally described.
    The above allows query for objects across contexts and so to compare, merge and work with contexts.

    It is quite surprising once one realizes this, to think how many languages claim to be web languages, and yet fail to have any default space for the basic building blocks of the web: URIs and the notion of different points of views. When one fetches information from a remote server one just has to take into account the fact that the server's view of the world may be different and incompatible in some respects with one's own. One cannot in an open world just assume that every body agrees with everything. One is forced to develop languages that enable a theory of mind. A lot of failures in distributed programming can probably be traced down to working with tools that don't.

    Of course tools can be written in OO languages to work with RDF. Very good ones have been written in Java, such as Sesame, making it possible to query repositories for beliefs across contexts (see this example). But they bring to bear concepts that don't sit naturally with Java, and one should be aware of this. OO languages are good for building objects such as browsers, editors, simple web servers, transformation tools, etc... But they don't make it easy to develop tools that require just the most basic elements of a theory of mind, and so most things to do with communication. For that one will have to use the work done in the semantic web space and familiarize oneself with the languages and tools developed for working with them.

    Finally the semantic web also has its OO style with the Web Ontology Language (OWL). This is just a set of relations to describe classes and relations. Notice though that it is designed for intra context inference, ie all inferences that you can make within a world. So in that sense thinking in OO terms does even at the Semantic Web layer seem to not touch on thinking across contexts, or mentally. Mind you, since people deal with objects, it is also important to think about objects to understand people. But it is just one part of the problem.

    vote on reddit and follow the discussion
    vote on dzone

    Friday Sep 12, 2008

    RDF: Reality Distortion Field

    Here is Kevin Kelly's presentation on the next 5000 days on the web, in clear easy English that every member of the family can watch and understand. It explains what the semantic web, also known as Web 3.0, is about and how it will affect technology and life on earth. Where is the web going? I can find no fault in this presentation.

    This is a great introduction. He explains how Metcalf's law brought us to the web of documents and is leading us inexorably to a web of things, in which we will be the eyes and the hands of this machine called the internet that never stops running.
    For those with a more technical mind, who want to see how this is possible, follow this up with a look at the introductory material to RDF.

    Warning: This may change the way you think. Don't Panic! Things will seem normal after a while.

    Thursday Sep 04, 2008

    Building Secure, Open and Distributed Social Network Applications

    Current Social Networks don't allow you to have friends outside their network. When on Facebook, you can't point to your friend on LinkedIn. They are data silos. This audio enhanced slide show explains how a distributed decentralized social network is being built, how it works, and how to make is secure using the foaf+ssl protocol (a list of pointers on the esw wiki).

    It is licenced under a CC Attribution ShareAlike Licence.
    My voice is a bit odd on the first slide, but it gets better I think as I go along.

    Building Secure Open & Distributed Social Networks( Viewing this slide show requires a flash plugin. Sorry I only remembered this limitation after having put it online. If you know of a good Java substitute let me know. The other solution would have been to use Slidy. PDF and Annotated Open Document Format versions of this presentation are available below. (why is this text visible in Firefox even when the plugin works?) )

    This is the presentation I gave at JavaOne 2008 and at numerous other venues in the past four months.

    The slidecast works a lot better as a presentation format, than my previous semantic web video RDF: Connecting Software and People which I published as a h.264 video over a couple of years ago, and which takes close to 64MB of disk space. The problem with that format is that it is not easy to skip through the slides to the ones that interest you, or to go back and listen to a passage carefully again. Or at least it feels very clunky. My mp3 sound file only takes 17MB of space in comparison, and the graphics are much better quality in this slide show.

    It is hosted by the excellent slideshare service, which translated my OpenOffice odp document ( once they were cleaned up a little: I had to make sure it had no pointers to local files remaining accessible from the Edit>Links menu (which otherwise choked their service)). I used the Audacity sound editor to create the mp3 file which I then place on my server. Syncing the sound and the slides was then very easy using SlideShare's SlideCast application. I found that the quality of the slides was a lot better once I had created an account on their servers. The only thing missing would be a button in addition to the forward and backward button that would allow one to show the text of the audio, for people with hearing problems - something equivalent to the Notes view in Open Office.

    You can download the OpenOffice Presentation which contains my notes for each slide and the PDF created from it too. These are all published under a Creative Commons Attribution, Share Alike license. If you would like some of the base material for the slides, please contact me. If you would like to present them in my absence feel free to.




    « July 2016