- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Mon, 8 May 2017 09:47:15 -0400
- To: Anders Rundgren <anders.rundgren.net@gmail.com>, Adrian Hope-Bailie <adrian@hopebailie.com>, "Stone, Matt" <matt.stone@pearson.com>
- Cc: Credentials Community Group <public-credentials@w3.org>
On 05/08/2017 09:20 AM, Anders Rundgren wrote: > I hope the VC WG in progress realizes that founding their work on > Linked Data Signatures would (as far as I can tell...) require > credentials to be specified in JSON-LD. Not true. :) Linked Data Signatures allows the specification of different normalization algorithms. We could easily swap out the RDF Dataset Canonicalization algorithm for a pure JSON-based one. In fact, we have been kicking this idea around for a few years, but have not specified it yet because it doesn't seem to be a blocker for anyone. If it /did/ end up being a blocker, we'd basically define a JSON canonicalization algorithm that recursively sorts all keys in lexicographical order and then serializes using no spaces/padding/etc. So, Anders, the canonicalization algorithm would basically be what you've been touting for a while now. The downside for pure JSON-based canonicalization is what it has always been: the signatures only work for JSON; they're not syntax agnostic. All of our current signatures for Verifiable Claims ARE syntax agnostic, which provides a certain level of future proofing when JSON goes out of style. For example, I'm hearing that CBOR is the new hot thing and that JSON's days are numbered. :) > By rather using a signature scheme that only signs the actual "JSON > bytes", people would be able to mix JSON and JSON-LD as they want. Yes, but with the downside listed above. > However, based on an off-list conversation with a JSON-LD > enthusiast, the fact that Linked Data Signatures effectively builds > on RDF normalization/expansion, both sides can verify that they > indeed do the same interpretation of that. Yes. The argument against using RDF Dataset Normalization is that it's overly complicated for some situations, which is a valid argument. It does, however, have its advantages such as meeting a number of requirements that we have for Verifiable Claims, such as the ability to simply express a signed document in an HTML page available to a search engine. > Another way of achieving same function would be to create a specific > property holding a hash of the RDF normalization and embedding that > in the JSON document signed by a "regular" signature method. Yep, this is effectively just another type of signature stored with the data. -- manu -- Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) Founder/CEO - Digital Bazaar, Inc. blog: Rebalancing How the Web is Built http://manu.sporny.org/2016/rebalancing/
Received on Monday, 8 May 2017 13:47:44 UTC