|
|
Rationale
There may be some information you want to represent in a FOAF file, but restrict it to certain people or groups of people. You can handle this via encryption.
Before reading on, you should be familiar with the procedures described in PGP Signing FOAF Files.
Implementation
Firstly, ensure you have a PGP key and it is exported to the public keyservers, as described in PGP Signing FOAF Files.
Secondly, you need to have access to the public key of the
party you wish to encrypt the data for. Import it onto
your GPG public keyring. For example, the OpenProjects #foaf channel's FOAFbot instance has a public key with ID 6C7F734E, which can be downloaded here. Save the file and import it onto your keyring with gpg --import <saved-file-name (for Unix-like systems; use the correct technique for your platform.)
Separate out the "more private" information into a separate
file, let's say foaf-private.rdf.
Here's a small example. I have included my phone number in the private file, something I wouldn't want to include for general consumption:
<?xml version="1.0"?>
<rdf:RDF
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#"
xmlns:foaf="http://xmlns.com/foaf/0.1/">
<foaf:Person>
<!-- adds more private information about me, make
sure to include my email address so it can be
linked to all the other info about me -->
<foaf:mbox rdf:resource="mailto:edd@usefulinc.com"/>
<!-- private email addr -->
<foaf:mbox rdf:resource="mailto:edd@sekretplace.com"/>
<!-- don't want my phone number in the public domain -->
<foaf:phone>+44 1234 456789</foaf:phone>
</foaf:Person>
</rdf:RDF>
Next, sign and encrypt the private file with GPG, giving the key ID with the -r option:
gpg -sea -r 6C7F734E foaf-private.rdf
This should create a foaf-private.rdf.asc file, or something named similarly.
Finally, you need to link in the new file from your existing FOAF file. If you've read Adding people into the FOAF web, you will be familiar with the rdfs:seeAlso way of linking files. We just use the same mechanism, but adding some properties to describe the encryption.
Don't forget to declare the wot namespace in your FOAF file:
xmlns:wot="http://xmlns.com/wot/0.1/"
And then add the link:
<!-- private info for authorized agents only -->
<rdfs:seeAlso>
<foaf:Document
rdf:about="http://heddley.com/edd/foaf-private.rdf.asc">
<!-- encrypted for the #foaf community -->
<wot:encryptedTo>
<wot:PubKey wot:hex_id="6C7F734E" />
</wot:encryptedTo>
</foaf:Document>
</rdfs:seeAlso>
Add this fragment into your original FOAF file, and republish (don't forget to re-sign!)
FOAF agents such as FOAFbot will be able to decrypt the private information if they hold the right key.
It's possible to encrypt for any number of keys, just add more -r arguments when encrypting, and more wot:encryptedTo properties when linking via rdfs:seeAlso.