W3C home > Mailing lists > Public > public-credentials@w3.org > May 2017

Re: Progress on Linked Data Signatures from IETF 98

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Mon, 8 May 2017 15:20:14 +0200
To: Adrian Hope-Bailie <adrian@hopebailie.com>, "Stone, Matt" <matt.stone@pearson.com>
Cc: Manu Sporny <msporny@digitalbazaar.com>, Credentials Community Group <public-credentials@w3.org>
Message-ID: <b0bdb506-3be8-faba-04e3-a0c5f20fea52@gmail.com>
On 2017-05-08 13:26, Adrian Hope-Bailie wrote:
> Hey Manu,
>
> Any progress on this?

Completely unrelated to my own work in this space, I hope the VC WG in
progress realizes that founding their work on Linked Data Signatures would
(as far as I can tell...) require credentials to be specified in JSON-LD.

By rather using a signature scheme that only signs the actual "JSON bytes",
people would be able to mix JSON and JSON-LD as they want.

However, based on an off-list conversation with a JSON-LD enthusiast, the fact
that Linked Data Signatures effectively builds on RDF normalization/expansion,
both sides can verify that they indeed do the same interpretation of that.
Another way of achieving same function would be to create a specific property
holding a hash of the RDF normalization and embedding that in the JSON document
signed by a "regular" signature method.

Anders


>
> Adrian
>
> On 5 April 2017 at 01:20, Stone, Matt <matt.stone@pearson.com <mailto:matt.stone@pearson.com>> wrote:
>
>     Great update Manu, thanks for the update and the creative work.
>
>     -stone
>
>
>     =====
>     Matt Stone
>     501-291-1599 <tel:(501)%20291-1599>
>
>
>     On Tue, Mar 28, 2017 at 2:15 PM, Manu Sporny <msporny@digitalbazaar.com <mailto:msporny@digitalbazaar.com>> wrote:
>
>         Hi all,
>
>         I'm at IETF 98 this week along with some of the other participants in
>         this group. Some of the focus has been on searching for a clear path
>         forward for the Linked Data Signatures work that we're using for much of
>         the Verifiable Claims work.
>
>         We've had multiple meetings with people associated in the Security Area
>         as well as people involved in digital signatures and crypto at IETF.
>         We've met with the core editors of the JOSE stack (John Bradley - PING
>         Identity and Mike Jones - Microsoft) and COSE work (Jim Schaad - creator
>         of S/MIME and Matt Miller - Mozilla) and have found a way forward that
>         will accelerate our ability to standardize the signature portions of
>         this work.
>
>         We have not used the JOSE suite to date because of a number of
>         requirements around base64 encoding data, but there is an extension to
>         JOSE that would enable us to reuse a subset of the JWT by creating a
>         profile for JWT. John Bradley, Mike Jones, and I hammered out an
>         approach that we think might work that will give us all of the benefits
>         of the current Linked Signatures specification while re-using part of
>         the cryptography stack that already has buy-in from IETF. This is good
>         news as it will accelerate our ability to move some of the other
>         specifications related to this work along in parallel. This approach
>         accomplishes this because we won't be inventing anything new, but rather
>         reusing technologies that already exist at IETF.
>
>         I'll provide more details to the group after I'm done traveling (mid-April).
>
>         -- manu
>
>         --
>         Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
>         Founder/CEO - Digital Bazaar, Inc.
>         blog: Rebalancing How the Web is Built
>         http://manu.sporny.org/2016/rebalancing/ <http://manu.sporny.org/2016/rebalancing/>
>
>
>
Received on Monday, 8 May 2017 13:20:51 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:37 UTC