I thought I'd mock up a simple example of how the details of Commons
upload process might work. But first a warning: this email is quite
long on technical detail and short on genealogical content. Obviously
in any real application these details would be happening behind the scenes.
First off, I need a GPG key. I can use an existing one if I have one,
but I imagine most applications will choose to create a new key for user
for this purpose. This key needs to uploaded to an agreed keyserver, or
maybe several. For the purpose of this example, I have created myself a
new key with ID 78B6EA81 and have uploaded it to the
keys.gnupg.net
keyserver.
Next I need to create and publish short bit of RDF/XML with a few bits
of housekeeping information about me. The contents of this are
completely extensible. For example, I might choose to link to home page
or a page of my genealogical research interests. Or if I felt so
inclined, I could put in something totally irrelevant like my favourite
single malt. We would probably wish to require a few details to be
given, and I would suggest the researcher's real name and email address
are a sensible minimum. The researcher (or his software) then publishes
this RDF/XML somewhere on the web. For my example, I have created a
minimal example which I have uploaded here:
http://commons.genmine.com/Users/Richard_Smith.foaf
Everything in this document is written using established technologies
(mostly FOAF) that are frequently used together in this manner, and so
plenty of tools and libraries exist for manipulating such files. The
document contains five pieces of information. Two are about me: my
name, and the SHA1 hash of my email address. I could have written my
actual email address (using the foaf:mbox attribute), but to avoid too
many spambots harvesting my address, I've only given a hash of it.
The other three pieces of information are about the document itself. I
state that I wrote the document and that the document (trivial though it
is) is licensed under the CC-ND licence (which says people can copy it
but not change it). And I link to a GPG signature of the file which
verifies that I (or at least someone with access to the GPG key
purporting to be mine) really produced the document. The GPG signature
was trivially generated with the following command (where 78B6EA81 is
the ID of my key):
gpg -sbau '78B6EA81' Richard_Smith.foaf
[The next three paragraphs are on arcane details of URI usage in RDF.
Feel free to jump past them to the *** marker.]
The rdf:about and rdf:resource attributes in this are actually relative
URIs, so rdf:about="" means a statement about the current document.
A subtly with RDF is that it is conventional to use http: URIs as both
URLs and URNs -- that is both as a way of referencing an additional
resource, and as a way of naming abstract or physical concepts. In this
example,
http://commons.genmine.com/Users/Richard_Smith
... is a URN that identifiers me, in my capacity as a Commons user, and
so in this piece of RDF/XML, rdf:about="Richard_Smith" means a statement
about me, the user. A further subtlety arises from the fact that it is
conventional to simultaneously be able to use this URI as a a URN to
represent me, and also as a URL to locate information about me. A first
that probably sounds horribly confused, but in practice it does work
well, *provided* that accessing the URN results in a redirect (typically
a 303 "See Other"). In this case, I have configured the server to do:
GET /Users/Richard_Smith HTTP/1.1
Host:
commons.genmine.com
HTTP/1.1 303 See Other
Location:
http://commons.genmine.com/Users/Richard_Smith.foaf
This redirection is necessary so that in Richard_Smith.foaf references
to the current document URI (by means of the empty URI reference, e.g.
in rdf:about="") resolve to the .foaf URL representing the document,
rather than the unsuffixed URI representing me. This is the standard
way of doing things, and it really isn't as ghastly as it sounds once
you've got used to it.
[*** End of discussion on URIs in RDF.]
I, or my software, would then hand pass this URL (either, it doesn't
matter) to an index server that will verify the GPG signature. You can
check this yourself by downloaing both the FOAF file and the GPG
signature and then running:
gpg --verify --keyserver-options auto-key-retrieve
--keyserver
keys.gnupg.net Richard_Smith.foaf.asc
... which will fetch my GPG key from the keyserver. This command will
also tell you that the signature was created by
Richard Smith (Genealogical Commons) <
ric...@ex-parrot.com>
The bit in parentheses is a comment and can be ignored. The first and
last bits are my name and email address as stored in the GPG key. The
index server should check that the name is the same as the one in the
FOAF, and that when you take the SHA1 hash of
mailto:
ric...@ex-parrot.com
you get the value quoted in the FOAF. (This means that machines in the
Commons can decipher your email address, but it'll should be a long time
before spambots evolve to the stage where they can addresses this way.)
There are various standard ways we can increase a confidence that the
name and email address in the key are correct -- e.g. with the standard
web of trust ideas, or with an OpenID. I don't propose to go into
details of these now, but we may wish to require additional steps to
allow us to be surer of the users' real identity. Once we're confident
the key is really owned by whoever it claims to be owned by, we can be
pretty sure that the FOAF document and any other documents signed by
that key really written by written by that user.
I may have taken a dozen or so paragraphs to describe this initial set
up, but the whole process can be hidden from the user and done in a
matter of seconds. Anyway, I'm finally ready to do some genealogy, and
I decide to start by uploading a scan of my great great grandparents'
marriage certificate:
http://commons.genmine.com/Test/Thomas_Smith_marriage.png
There's absolutely nothing special about the way I've uploaded that, and
it could be on any website, anywhere. Perhaps I didn't upload it myself
but discovered that a cousin had already uploaded it to his website.
That's fine too.
If I want to add that to the commons, the first question I should be
asking myself is: is it copyrighted? And do I have permission to copy
it into the commons. Marriage certificates are usually Crown Copyright,
and are covered by the Open Government Licence which allows people to
copy them (with a few restrictions).
http://www.nationalarchives.gov.uk/doc/open-government-licence/
(In this case, the certificate is the original one that has been in my
family for 140 years. It may be that Crown Copyright has therefore
elapsed, but for the sake of argument let's assume it still holds.)
Happy that I'm allowed to upload, it I produce a piece of RDF/XML with
some basic metadata about the scanned certificate, which I upload here:
http://commons.genmine.com/Test/Thomas_Smith_marriage.rdf
(There's no requirement for it to be in the same directory or even on
the same server as the image.) This has a number of similarities to the
earlier FOAF file I produced about me. As with the FOAF file, I state
that I (or the software I'm using) wrote the RDF and I link to a GPG
signature. When I state that I wrote the FOAF, I do it by way of the URI
http://commons.genmine.com/Users/Richard_Smith
which we noted above represents me, in my capacity as a user. When the
index server comes to read the RDF/XML, if it hasn't yet encountered me
(e.g. if I've just started using a new index server), it can use that as
a URL to fetch the FOAF file and then run through the user checks given
above. Obviously the index server will also verify the GPG signature of
the marriage certificate RDF/XML.
The interesting part of the RDF is <commons:GenealogicalResource>
element, which is a custom class introduced for this project. This is
saying that the certificate PNG, referenced in the rdf:about attributed,
is a genealogical resource of some sort. It's my current thought that
this term should be interpreted in the widest of ways. Clearly a scan
of a mid-19th century marriage certificate is a genealogical resource,
but so too is a piece of explanatory text, or a list of parishes in a
given county. Even a hoax genealogy might constitute a valid
genealogical resource if the hoax has propagated widely, simply so that
it can be included in the Commons are carefully noted as a hoax.
We also state the MIME type of the resource (image/png in this case) and
its SHA1 hash. The hash is so that we know whether or not the URL in
the rdf:about attribute is still pointing to the resource the user had
in mind.
Finally, the marriage certificate RDF contains two <xhtml:licence>
elements, one referring to the the RDF document, and one referring to
the image. (The earlier FOAF file contained one too.) This states that
the RDF itself is licensed under the CC-ND licence, meaning you can copy
but not modify it; and that the PNG is licensed under the Open
Government Licence. The index server needs to verify that the licence
is compatible with the Commons: in particular, that we are allowed to
copy the resource. This is done with a technology called CC-REL:
http://wiki.creativecommons.org/Ccrel
This allows the index server to look up the rights granted and
prohibitions imposed by the licence, and the licence will only be
accepted if the rights are sufficient and the prohibitions are all
understood and considered acceptable. (In some cases, a licence will
not support CC-REL and the index server will have to know about the
licence. But many of the common open source licences do support it,
including the Creative Commons licences, the GNU ones, and the UK Open
Government Licence.) Whenever anything is passed to the index server,
whether it is a piece of FOAF or RDF, or a genealogical resource, it
must always have a licence that permits at least copying, or it will be
rejected.
Once the index server has determined that the RDF/XML is well-formed, is
correctly signed by a verified user, and has suitable licensing
information, it will download the image, to verify that it does yield a
resource with the specified MIME type and SHA1 hash. This check is
important because it verifies that the resource is accessible without
logging in. It also checks that the resource has not changed since the
version the user intended to upload to the Commons.
The index server will store the date and time that it accepted the
upload, and the <foaf:maker> element of the RDF/XML, which references
the user who created the RDF/XML is now taken to be the user who
uploaded the contents to the Commons. In other words, by GPG signing an
<commons:GenealogicalResource> element with a key registered to a
Commons user, the user is effectively consenting to it being uploaded to
the commons, even if they themselves don't pass the RDF to the index server.
More generally, by signing a statement you are guaranteeing its truth.
This is the reason why I did not sign the marriage certificate, but
rather put a SHA1 hash into a document that I signed. Had I GPG signed
the marriage certificate, I would have been guaranteeing its contents to
be true. I don't want to do that because I'm pretty sure the groom was
actually 24, not 22, and the bride was only 19 rather than 20. Even if
I didn't know of any errors, I wouldn't wish to make a guarantee about
something so long ago.
Obviously, uploading is just one small part of the process. I've not
discussed how the index servers deal with them once they're uploaded.
I've not discussed searching or indexing. Or replicating resources
across servers. I've not discussed genealogical metadata (such as
providing the names of the parties to the marriage), or related
documents (such as transcripts). These are all topics for another day.
Complex thought this upload process may sound, the whole thing is built
from existing technologies, and implementing this process should be
quite a quick job. (And indeed, I implemented some parts of it while
writing this post in order to test them.)
--
Richard Smith