The XOSig signing method has been deprecated, as I am now using Gnu Privacy Guard (GPG). My FOAF file is now signed securely using my GPG key. For more information, see PGP Signing FOAF Files. My public key may be verified using the detached signature.
XOSig stands for XML Ownership Signature. There are many digital signing technologies today which prove data integrity and security. However, there is no simple, easily-applied standard to sign something merely to reperesent ownership. XOSig intends to resolve that issue.
Within my FOAF document is an XOSig block containing two SHA1 hashes of secret text strings. The only way these particular hashes can be recreated by the SHA1 algorithm is by providing the algorithm with the original text string to work from. In effect, it is an encoded message that can only be decoded with itself as the key. I can prove my original creation of these SHA1 hashes by providing to proper legal authorities, should the need arise, the original text strings used to create the hashes.
Using server logs, backups, The Internet Archive, and search engines, I can prove first instance of any of my work as well. The train of logic then follows that a) if the first-distributed copy of the document in question was signed by this signature, and b) if I can prove that I created this signature, then c) I am the owner of the document.
A document is signed by providing a link to this page either in the comments or body, and/or the following relative link in the contents of any document to be signed:
<link rel="meta" type="application/rdf+xml" title="FOAF" href="foaf.rdf" />
Further information on the XOSig standard can be found at the XOSig namespace page.