Re: New JSON-LD digital signature library for Javascript (browsers and node.js) from Melvin Carvalho on 2014-12-09 (public-credentials@w3.org from December 2014)

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Tue, 9 Dec 2014 23:37:52 +0100
To: Dave Longley <dlongley@digitalbazaar.com>
Cc: W3C Credentials Community Group <public-credentials@w3.org>
Message-ID: <CAKaEYh+uVxNGo1gk26Nkk4rrO4nWqx5d0Nq9uoZFG76Qt40sgQ@mail.gmail.com>

On 9 December 2014 at 22:44, Dave Longley <dlongley@digitalbazaar.com>
wrote:

> On 12/09/2014 03:55 PM, Melvin Carvalho wrote:
> >
> >
> > sure, I dont see any problem cases, maybe when an object is a bnode
> perhaps
>
> Actually, this is exactly the case I'm thinking of. I don't see how this
> works when there are other blank nodes involved; how do you assign them
> names? (It's repeat of the problem that is solved by the normalization
> algorithm itself).
>

Ah yes this is a complex case.  Does the object bnode have a consistent
name when the graph is normalized?  Or is it problematic when the child
bnode makes a cycle back to the parent?

I had assumed that the hashing problem was no more difficult than
normalization, and if normalization is solved, hashing may drop out for
free.

If there's some complex cases I may not have considered, I can see why that
would be an issue, though I could not initially think of a problem example.

>
> >
> > having an ID is useful on the web, ni is even more useful as it can be
> > dereferenced in a decentralized way
>
> Sure, I didn't mean to say having an ID isn't useful. I'm just saying
> that if the hash isn't meaningful, why bother with "ni" .. why not just
> do UUID or whatever else that involves a much simpler implementation?
>

I'd love to know how to do that systematically.

>
> >
> > Same way it's generated but remove the @id first.
> >
> > Verification:
> >
> > 1. remove @id
> >
> > 2. normalize
> >
> > 3. get sha256
> >
> > 4. compare hashes
>
> This only works if there are no blank nodes in the object position. I'd
> prefer to see an algorithm that works generally ... especially since
> this algorithm is about dealing with blank nodes. Saying it will only
> work when there's just one involved in the dataset seems quite limited.
>

Sure I guess it's not an issue for me as I try to avoid bnodes.  It's
possible to throw an error in that case.

Can understand if this not considered useful upstream, I could implement it
in a fork, or other library, I suppose.

>
>
> --
> Dave Longley
> CTO
> Digital Bazaar, Inc.
>
>

Received on Tuesday, 9 December 2014 22:38:19 UTC