cert.rdf 14.8 KB

<!-- Processed by Id: cwm.py,v 1.197 2007/12/13 15:38:39 syosi Exp -->
<!--     using base file:///Volumes/Dev/Programming/w3.org/hg/WebID/ontologies/cert.n3-->


<rdf:RDF xmlns="http://www.w3.org/2000/01/rdf-schema#"
    xmlns:dc="http://purl.org/dc/terms/"
    xmlns:foaf="http://xmlns.com/foaf/0.1/"
    xmlns:owl="http://www.w3.org/2002/07/owl#"
    xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
    xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#"
    xmlns:skos="http://www.w3.org/2004/02/skos/core#"
    xmlns:vs="http://www.w3.org/2003/06/sw-vocab-status/ns#">

    <owl:Ontology rdf:about="http://www.w3.org/ns/auth/cert#">
        <dc:created rdf:datatype="http://www.w3.org/2001/XMLSchema#date">2008-11-13</dc:created>
        <comment xml:lang="en">
   Ontology for Certificates and crypto stuff.
   This is in development. 
   Some other ontologies to look at:
     * http://www.w3.org/2000/10/swap/crypto
        + has cwm builtins: http://www.w3.org/2000/10/swap/doc/Trust
        - a bit old perhaps. It imports daml+oil
        - would help to be more completely specified
        - uses literals as subjects a little liberally, which makes this a 
        bit difficult to work with frameworks that don't permit this
     * http://xmlns.com/wot/0.1/
        - limited very much to PGP (though on can map PGP to X509)
        - a little coarse grained, mixes up the PGP certificate with the PGP
          public key
     *
   Todo: 
     - add some classes and relations for DSA
     - should this all be in one file? Or should this be cut up a little? Say one file for the general CERT ontology, and then files for RSA, DSA, PGP, etc... Or perhaps it does not really matter?
     - expand more on the certification side of things
     - verify this by security experts
     - owl2 has some constructs for combined inverse functional properties. 
       This may be useful to use in defining an RSA key which is identified
       by two numbers.
     - also create html version of the spec by using this as a template.
     - should comments such as this be in html?
   </comment>
        <label>Ontology for Certificates and crypto stuff.</label>
        <seeAlso rdf:resource="http://lists.foaf-project.org/mailman/listinfo/foaf-protocols"/>
        <seeAlso rdf:resource="http://www.w3.org/ns/auth/X509Uml.svg"/>
        <seeAlso rdf:resource="http://www.w3.org/ns/auth/rsa"/>
        <vs:term_status>unstable</vs:term_status>
        <foaf:maker rdf:resource="http://bblfish.net/people/henry/card#me"/>
    </owl:Ontology>

    <owl:Class rdf:about="http://www.w3.org/ns/auth/cert#Certificate">
        <comment xml:lang="en">A certificate is a Document that is signed.
    As explained here http://www.pgpi.org/doc/pgpintro/#p16
    'A digital certificate consists of three things:
        * A public key.
        * Certificate information. ('Identity' information about the  
          user, such as name, user ID, and so on.)
        * One or more digital signatures.'
    </comment>
        <isDefinedBy rdf:resource="http://www.w3.org/ns/auth/cert#"/>
        <label xml:lang="en">Certificate</label>
        <subClassOf rdf:resource="http://xmlns.com/foaf/0.1/Document"/>
        <vs:term_status>unstable</vs:term_status>
    </owl:Class>

    <owl:Class rdf:about="http://www.w3.org/ns/auth/cert#Key">
        <comment xml:lang="en">the class of keys</comment>
        <isDefinedBy rdf:resource="http://www.w3.org/ns/auth/cert#"/>
        <vs:term_status>unstable</vs:term_status>
    </owl:Class>

    <owl:Class rdf:about="http://www.w3.org/ns/auth/cert#PGPCertificate">
        <comment xml:lang="en">the class of PGP Certificates</comment>
        <isDefinedBy rdf:resource="http://www.w3.org/ns/auth/cert#"/>
        <label>PGPCertificate</label>
        <subClassOf rdf:resource="http://www.w3.org/ns/auth/cert#Certificate"/>
        <owl:equivalentClass rdf:resource="http://xmlns.com/wot/0.1/PubKey"/>
        <vs:term_status>unstable</vs:term_status>
    </owl:Class>

    <owl:Class rdf:about="http://www.w3.org/ns/auth/cert#PrivateKey">
        <comment xml:lang="en">Private Key</comment>
        <isDefinedBy rdf:resource="http://www.w3.org/ns/auth/cert#"/>
        <label>PrivateKey</label>
        <subClassOf rdf:resource="http://www.w3.org/ns/auth/cert#Key"/>
    </owl:Class>

    <owl:Class rdf:about="http://www.w3.org/ns/auth/cert#PublicKey">
        <comment>Public Key</comment>
        <isDefinedBy rdf:resource="http://www.w3.org/ns/auth/cert#"/>
        <label>PublicKey</label>
        <subClassOf rdf:resource="http://www.w3.org/ns/auth/cert#Key"/>
        <vs:term_status>unstable</vs:term_status>
    </owl:Class>

    <owl:Class rdf:about="http://www.w3.org/ns/auth/cert#RSAKey">
        <comment xml:lang="en">
    The union of the public and private components of an RSAKey.
    Usually those pieces are not kept together
    </comment>
        <isDefinedBy rdf:resource="http://www.w3.org/ns/auth/cert#"/>
        <label xml:lang="en">RSA Key</label>
        <subClassOf rdf:resource="http://www.w3.org/ns/auth/cert#Key"/>
        <vs:term_status>unstable</vs:term_status>
    </owl:Class>

    <owl:Class rdf:about="http://www.w3.org/ns/auth/cert#RSAPublicKey">
        <comment xml:lang="en">
    The RSA public key.  Padded message m are encrypted by applying the function
      modulus(power(m,exponent),modulus)
    </comment>
        <isDefinedBy rdf:resource="http://www.w3.org/ns/auth/cert#"/>
        <label xml:lang="en">RSA Public Key</label>
        <seeAlso rdf:resource="http://en.wikipedia.org/wiki/RSA"/>
        <subClassOf rdf:resource="http://www.w3.org/ns/auth/cert#PublicKey"/>
        <subClassOf rdf:resource="http://www.w3.org/ns/auth/cert#RSAKey"/>
        <vs:term_status>unstable</vs:term_status>
    </owl:Class>

    <owl:Class rdf:about="http://www.w3.org/ns/auth/cert#Signature">
        <comment xml:lang="en">the class of signtatures</comment>
        <isDefinedBy rdf:resource="http://www.w3.org/ns/auth/cert#"/>
        <label>Signature</label>
        <vs:term_status>unstable</vs:term_status>
    </owl:Class>

    <owl:Class rdf:about="http://www.w3.org/ns/auth/cert#X509Certificate">
        <comment xml:lang="en">the class of X509 Certificates</comment>
        <isDefinedBy rdf:resource="http://www.w3.org/ns/auth/cert#"/>
        <label>X509Certificate</label>
        <seeAlso rdf:resource="http://en.wikipedia.org/wiki/X509"/>
        <subClassOf rdf:resource="http://www.w3.org/ns/auth/cert#Certificate"/>
        <vs:term_status>unstable</vs:term_status>
    </owl:Class>

    <owl:DatatypeProperty rdf:about="http://www.w3.org/ns/auth/cert#exponent">
        <comment xml:lang="en">
       The exponent used to encrypt the message. Number chosen between
       1 and the totient(p*q). Often named 'e' .
    </comment>
        <domain rdf:resource="http://www.w3.org/ns/auth/cert#RSAPublicKey"/>
        <isDefinedBy rdf:resource="http://www.w3.org/ns/auth/cert#"/>
        <label xml:lang="en">exponent</label>
        <range rdf:resource="http://www.w3.org/2001/XMLSchema#nonNegativeInteger"/>
        <vs:term_status>unstable</vs:term_status>
    </owl:DatatypeProperty>

    <Datatype rdf:about="http://www.w3.org/ns/auth/cert#hex">
        <comment rdf:parseType="Literal"><span xmlns="http://www.w3.org/1999/xhtml"><p>
   An encoding of a positive integer (from 0 to infinity) as a hexadecimal string that makes it easy to read and/or fun to present on the web.</p>
   <p>The purpose of this way of representing hexadecimals is to enable users to copy and paste hexadecimal notations as shown by most browsers, keychains or tools such as opensso, into their rdf representation of choice.  There are a wide variety of ways in which such strings can be presented. One finds the following:</p>
<pre>
  e1 dc d5 e1 00 8f 21 5e d5 cc 7c 7e c4 9c ad 86 
  64 aa dc 29 f2 8d d9 56 7f 31 b6 bd 1b fd b8 ee 
  51 0d 3c 84 59 a2 45 d2 13 59 2a 14 82 1a 0f 6e 
  d3 d1 4a 2d a9 4c 7e db 90 07 fc f1 8d a3 8e 38 
  25 21 0a 32 c1 95 31 3c ba 56 cc 17 45 87 e1 eb 
  fd 9f 0f 82 16 67 9f 67 fa 91 e4 0d 55 4e 52 c0 
  66 64 2f fe 98 8f ae f8 96 21 5e ea 38 9e 5c 4f 
  27 e2 48 ca ca f2 90 23 ad 99 4b cc 38 32 6d bf  
</pre>
<p>
 Or the same as the above, with ':' instead of spaces. We can't guarantee that these are the only ways such tools will present hexadecimals, so we are very lax.</p>
 <p>The letters can be uppercase or lowercase, or mixed.  </p>
 <p>Some strings may start with initial 00's, and can be stripped in this notation as they often are. Doing this could, in complement of 2 notation turn a positive number into a negative one, if the first hexadecimal character happens to be one of  the set {'8', '9', 'a', 'A', 'b', 'B', 'c', 'C', 'd', 'D', 'e', 'E', 'f', 'F'} .  As we interpret this string as a hexadecimal number leading 00s are not important  (Complement of 2 notation and hexadecimal overlap for positive numbers)</p>
<p> In order to make this fun, we allow any unicode characters in the string. A parser should </p>
  <ol>
<li>remove all non hexadecimal characters</li>
<li>treat the resulting as a hexadecimal representation of a number</li>
</ol>
<p>
 This will allow people to make an ascii - better yet a UTF-8 - picture of their public key when publishing it on the web.
</p>
<p>
  Cert hex is also a datatype property because we used to write it out like this
</p>
 <pre>
   [] a rsa:RSAPublicKey;
     rsa:public_exponent [ cert:hex "e1 dc d5 ..."] 
 </pre> 
<p> The above notation is now deprecated. Now we prefer the literal format below.</p>
 <pre>
   [] a rsa:RSAPublicKey;
     rsa:public_exponent "e1 dc d5 ..."^^cert:hex .
 </pre> 
   </span>
        </comment>
        <isDefinedBy rdf:resource="http://www.w3.org/ns/auth/cert#"/>
        <label xml:lang="en">hexadecimal</label>
        <seeAlso rdf:resource="http://en.wikipedia.org/wiki/Hexadecimal"/>
        <owl:equivalentClass rdf:resource="http://www.w3.org/2001/XMLSchema#nonNegativeInteger"/>
        <vs:term_status>archaic</vs:term_status>
        <skos:editorialNote xml:lang="en">&#60;span xmlns="http://www.w3.org/1999/xhtml"&#62;&#60;p&#62; 
     This relation should slowly be transited to just being a datatype.&#60;/p&#62;
     &#60;p&#62;Being a datatype and a property is legal as explained here
  &#60;a href="http://lists.w3.org/Archives/Public/semantic-web/2010Mar/0037.html"&#62;on the semantic web mailing list in March 2010&#60;/a&#62;. 
 But it may be somewhat confusing, especially if it goes against a pattern - still to be set - by the xsd datatypes as the follow up email makes clear. &#60;/p&#62;&#60;/span&#62;
   </skos:editorialNote>
    </Datatype>

    <rdf:Property rdf:about="http://www.w3.org/ns/auth/cert#identity">
        <rdf:type rdf:resource="http://www.w3.org/2002/07/owl#ObjectProperty"/>
        <comment xml:lang="en">
    the identity of the public key. This is the entity that knows the private key and 
    so can decrypt messages encrypted with the public key, or encrypt messages that can 
    be decrypted with the public key. 
    </comment>
        <domain rdf:resource="http://www.w3.org/ns/auth/cert#PublicKey"/>
        <isDefinedBy rdf:resource="http://www.w3.org/ns/auth/cert#"/>
        <label xml:lang="en">identity</label>
        <owl:inverseOf rdf:resource="http://www.w3.org/ns/auth/cert#key"/>
        <vs:term_status>archaic</vs:term_status>
        <skos:editorialNote xml:lang="en">
         It turns out that this relation is unintuitive to write out and to name.
         One should instead use cert:key
    </skos:editorialNote>
    </rdf:Property>

    <rdf:Property rdf:about="http://www.w3.org/ns/auth/cert#key">
        <rdf:type rdf:resource="http://www.w3.org/2002/07/owl#InverseFunctionalProperty"/>
        <rdf:type rdf:resource="http://www.w3.org/2002/07/owl#ObjectProperty"/>
        <comment xml:lang="en">relates an agent to a key - most often the public key.</comment>
        <domain rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <isDefinedBy rdf:resource="http://www.w3.org/ns/auth/cert#"/>
        <label xml:lang="en">key</label>
        <range rdf:resource="http://www.w3.org/ns/auth/cert#Key"/>
        <range rdf:resource="http://www.w3.org/ns/auth/cert#PublicKey"/>
        <owl:inverseOf rdf:resource="http://www.w3.org/ns/auth/cert#identity"/>
        <vs:term_status>unstable</vs:term_status>
    </rdf:Property>

    <owl:DatatypeProperty rdf:about="http://www.w3.org/ns/auth/cert#modulus">
        <comment xml:lang="en">    
   &#60;p&#62;The modulus of an RSA public and private key. 
   Or the modulus of a DSA Key.
   The modulus is encoded as a hex binary. The binary is the same as the one encoded in the 
  &#60;a href="http://www.w3.org/TR/xmldsig-core/#sec-CryptoBinary"&#62;XML DSIG CryptoBinary&#60;/a&#62;
  &#60;/p&#62;
  &#60;blockquote&#62;
   This specification defines the ds:CryptoBinary simple type for representing arbitrary-length integers (e.g. "bignums") in XML as octet strings. The integer value is first converted to a "big endian" bitstring. The bitstring is then padded with leading zero bits so that the total number of bits == 0 mod 8 (so that there are an integral number of octets). If the bitstring contains entire leading octets that are zero, these are removed (so the high-order octet is always non-zero).
  &#60;/blockquote&#62;
 &#60;p&#62;The only difference is that the octet string is then encoded using either xsd:base64Binary or xsd:hexBinary. Currently for all usages of this relation, the xsd:hexBinary datatype should be used until the SPARQL working group specifies specifies in its &#60;a href="http://www.w3.org/TR/sparql11-entailment/#DEntRegime"&#62;D-Entailment&#60;/a&#62; that those two types are equivalent.&#60;/p&#62;
 &#60;p&#62;It would have been better had there been a hexInteger datatype that was standard and supported by all tools.&#60;/p&#62;
   </comment>
        <domain rdf:resource="http://www.w3.org/ns/auth/cert#DSAKey"/>
        <domain rdf:resource="http://www.w3.org/ns/auth/cert#RSAKey"/>
        <isDefinedBy rdf:resource="http://www.w3.org/ns/auth/cert#"/>
        <label xml:lang="en">modulus</label>
        <range rdf:resource="http://www.w3.org/2001/XMLSchema#base64Binary"/>
        <range rdf:resource="http://www.w3.org/2001/XMLSchema#hexBinary"/>
        <vs:term_status>unstable</vs:term_status>
    </owl:DatatypeProperty>

    <owl:DatatypeProperty rdf:about="http://www.w3.org/ns/auth/cert#privateExponent">
        <comment xml:lang="en">
       The exponent used to decrypt the message
       calculated as 
          public_exponent*private_exponent = 1 modulo totient(p*q)
       The private exponent is often named 'd'
    </comment>
        <domain rdf:resource="http://www.w3.org/ns/auth/cert#RSAPrivateKey"/>
        <isDefinedBy rdf:resource="http://www.w3.org/ns/auth/cert#"/>
        <label xml:lang="en">private</label>
        <range rdf:resource="http://www.w3.org/2001/XMLSchema#nonNegativeInteger"/>
        <vs:term_status>unstable</vs:term_status>
    </owl:DatatypeProperty>
</rdf:RDF>