W3C home > Mailing lists > Public > public-credentials@w3.org > February 2015

Does the 'SM' signing mechanism allow multiple signatures?

From: Nate Otto <nate@ottonomy.net>
Date: Thu, 5 Feb 2015 00:45:32 -0800
Message-ID: <CAPk0ugnTXZ23Ov+Fmh44Hpja_c56JG6mp2GsGKQ7VBOvornmLg@mail.gmail.com>
To: Credentials Community Group <public-credentials@w3.org>
Open Creds,

Either:
1. I've got poor reading comprehension that has prevented me from
understanding this for months,
2. I'm completely wrong now,
or 3. Does the signed JSON-LD technique we've been discussing ('Secure
Messaging' <http://manu.sporny.org/2013/sm-vs-jose/>) allow (or is very
close to allowing) multiple signatures on LD input without changing the
expanded JSON-LD of the signed-output-minus-signature? This is interesting
because that signed-output-minus-signature is the input to the
signature-verification function, right? At least the first step of that
algorithm is removing the signature property.


Here's an example of some signed JSON-LD:

"value": {
    "@context": "https://w3id.org/identity/v1",
    "id": "http://ssa.us.gov/credential/8273",
    "type": "PassportCredential",
    "claim": {
      "id": "https://example.org/identities/alice",
      "name": "Alice Smith",
      "birthdate": "1988-11-02",
      "governmentId": "321-54-9876"
    },
    "expires": "2017-02-04",
    "signature": {
       "type": "GraphSignature2012",
       "creator": "https://ssa.us.gov/keys/27",
       "signature": "r+e90REDpW....bAsNUtvQM"
    }
  }

And with multiple signatures, the "signature" property just turns into an
array of multiple values, just as it would turn into a 1-item array when
JSON-LD expanded anyway:

"value": {
    "@context": "https://w3id.org/identity/v1",
    "id": "http://ssa.us.gov/credential/8273",
    "type": "PassportCredential",
    "claim": {
      "id": "https://example.org/identities/alice",
      "name": "Alice Smith",
      "birthdate": "1988-11-02",
      "governmentId": "321-54-9876"
    },
    "expires": "2017-02-04",
    *"signature": [{
       "type": "GraphSignature2012",
       "creator": "https://ssa.us.gov/keys/27 <https://ssa.us.gov/keys/27>",
       "signature": "r+e90REDpW....bAsNUtvQM"
    },*

*    {*

*      "type": "GraphSignature2012",
      "creator": "https://example.org/keys/1 <https://example.org/keys/1>",
      "signature": "r+eeeeeeee....aaaaBBBBB"
**    }]*}


Thanks for your indulgence,

*Nate Otto, Developer*
concentricsky.com
Received on Thursday, 5 February 2015 08:46:00 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:22 UTC