W3C home > Mailing lists > Public > public-credentials@w3.org > May 2017

Re: LD signature questions raised at the Rebooting Web of Trust

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Fri, 19 May 2017 08:50:48 -0400
To: public-credentials@w3.org
Message-ID: <37bc3a0a-ae77-a44c-9d10-bc7e15f24f8f@digitalbazaar.com>
On 05/17/2017 04:33 PM, Anders Rundgren wrote:
> * Is the nonce necessary or optional?

It's optional. We can't make it required because there are use cases
where using the nonce doesn't make sense.

> * Are developers aware that the Universale RDF Dataset Normalization 
> Algorithm is executed when performing the digital signature?

For those that know, the responses fall into two camps:

1. "That's fine, I don't care.", and
2. "That's too heavy weight, I'm going to do something else... like
    use JWTs."

It depends on the use case, and for those where canonicalization is
important, they don't seem to think it's too much of a burden.

> * Are developers comfortable with using a JSON-LD context with their 
> data?

Some are, some are not.

> Are they aware that information that doesn't map is dropped?

I would expect that most do not, which is a problem that we're hoping to
remedy soon in the libraries by making the signature operation fail if
it detects any dropped data that isn't strictly specified as being "ok
if dropped".

> Should the JSON-LD processors fail when information is dropped from 
> signed data?

Yes, by default they should... but we have not had the opportunity to
update all the libraries to work in this manner. We have a plan of how
to do it, though.

-- manu

Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: Rebalancing How the Web is Built
Received on Friday, 19 May 2017 12:51:17 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:37 UTC