W3C home > Mailing lists > Public > public-credentials@w3.org > May 2017

Re: Progress on Linked Data Signatures from IETF 98

From: Dave Longley <dlongley@digitalbazaar.com>
Date: Mon, 8 May 2017 10:41:01 -0400
To: Henry Story <henry.story@bblfish.net>, Manu Sporny <msporny@digitalbazaar.com>
Cc: Anders Rundgren <anders.rundgren.net@gmail.com>, Adrian Hope-Bailie <adrian@hopebailie.com>, "Stone, Matt" <matt.stone@pearson.com>, Credentials Community Group <public-credentials@w3.org>
Message-ID: <64082dc3-10a9-315c-1364-33eff03100f3@digitalbazaar.com>
On 05/08/2017 10:23 AM, Henry Story wrote:
>
>> On 8 May 2017, at 15:47, Manu Sporny <msporny@digitalbazaar.com
>> <mailto:msporny@digitalbazaar.com>> wrote:
>>
>>
>> The downside for pure JSON-based canonicalization is what it has
>> always been: the signatures only work for JSON; they're not syntax
>> agnostic. All of our current signatures for Verifiable Claims ARE
>> syntax agnostic, which provides a certain level of future proofing
>> when JSON goes out of style. For example, I'm hearing that CBOR is
>> the new hot thing and that JSON's days are numbered. :)
>
> Is it not also that you have to keep the signed document around too,
> whereas in graph signature you can store your graph in your database
> (Eg. a quad store) with the signature and ignore dismiss the
> serialization, meaning you'd end up saving a lot of space.

Yes, that's also an advantage. There may be some caveats to that
depending on the type of database used, how the information is stored,
and the specifics of the particular Linked Data Signature that you use.

For example, if you're using a document store, like MongoDB, it's
straightforward. If you're using a quad store and the "document" that
was signed had all of its data in the "default graph", then you need to
be careful that you don't mix that information in with other data from
other documents, thereby losing what was part of the signature and what
wasn't. Using appropriate care or (bnode or otherwise) named graphs you
can avoid this issue.

If the type of Linked Data Signature includes that information in the
signature (we haven't created anything that does that at this time),
then you could avoid this issue as well.


-- 
Dave Longley
CTO
Digital Bazaar, Inc.
http://digitalbazaar.com
Received on Monday, 8 May 2017 14:41:31 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:37 UTC