Making relationships verifiable

(This is more of a note to myself, but you might find it interesting anyway)

Let’s say there are two people, M and D, who supposedly are mother and daughter, i.e. they are supposedly in the relationship “is parent of”.

If I come across a piece of information that expresses “M.isParentOf.D”, should I believe it? I guess it depends on who says it. There are three cases:

  • M says it, i.e. “D is my daughter”. Mothers usually know their daughters, so that sounds good, except that sometimes — like all human beings — they lie, e.g. to collect government support or smuggle somebody into a country.
  • D says it, i.e. “M is my mother”. Similar limitations apply.
  • O (the “outsider”) says it: “M and D are mother and daughter.” The trustworthiness entirely depends on O. For example, O might be the vital records office of the local government, in which case they are likely to be correct. Or some random guy who knows neither M or D and just made it up.
  • Of course, more than one entity could agree (or disagree) with the statement. For example, the records office O and the daughter D might agree, but the mother M knows better. (Well, that usually applies more to fathers.)

So it appears to me that “entity is related by some relationship type to some other entity” is an incomplete statement; it also needs to say “according to this entity”. Entity-relationship-modeling, take note!

Secondly, it seems that the “relationship is true according to this entity” assertion is subject to the same qualifications as above. Says who? “I think, late at night some time last year, after a few drinks, M told me that …” is probably insufficient.

But what if every entity had its own key pair? (Leaving out for our purposes here how we verify which keys go with which entities. Let’s just assume we know.) Then the statement “M.isParentOf.D” could be digitally signed by one or more parties, and we know for sure. Specifically, the statement could be signed by the source entity, by the destination entity, or by some other outside entity.

So I guess relationships should have an optional, potentially unlimited-size set of “backing information” associated with them, which are digital signatures by everybody who beliefs the relationship to be true. In an information system, it would just have to be a list of identifiers, possibly associated with some meta-data like when the assertion was made; assuming that the signature verification was made upon import.


Posted

in

by