Re: Note on JSON signing

On 03/14/2016 04:01 PM, Stefan Thomas wrote:
> @Dave: Thanks for the link. Can you explain the relationship between
> Secure Messaging 1.0 [1] and Linked Data Signatures? That was one of the
> things I was confused about.

Secure Messaging is an older, monolithic spec that covered a whole web 
messaging infrastructure including key registration, signing, verifying, 
encrypting, and decrypting messages. We are slowly splitting that spec 
up into separate parts and updating those independently, with Linked 
Data Signatures being the sign/verify portion.

At this point, the Linked Data Signatures spec is the correct one to 
reference/use when talking about digital signatures.

>
> @Melvin: I'm working on an email to provide more detail as to why I
> didn't think Secure Messaging would be a good solution. You say that
> you've used it, if you could link me to your implementation that would
> help. (I found an implementation for Linked Data Signatures [2], but not
> Secure Messaging.)
>
> [1]
> https://web-payments.org/specs/source/secure-messaging/#message-signature-algorithm
> [2] https://github.com/digitalbazaar/jsonld-signatures
>
> On Mon, Mar 14, 2016 at 12:48 PM, Dave Longley
> <dlongley@digitalbazaar.com <mailto:dlongley@digitalbazaar.com>> wrote:
>
>     On 03/14/2016 02:47 PM, Shane McCarron wrote:
>
>         Hmm - Melvin, do you have a pointer to the normalize spec?  Sorry -
>         there are a lot of specs flying around.
>
>
>     This is RDF Dataset Normalization (Canonicalization):
>
>     https://json-ld.github.io/normalization/spec/
>
>     This is Linked Data Signatures, which uses it:
>
>     https://web-payments.org/specs/source/ld-signatures/
>
>
>     --
>     Dave Longley
>     CTO
>     Digital Bazaar, Inc.
>     http://digitalbazaar.com
>
>


-- 
Dave Longley
CTO
Digital Bazaar, Inc.
http://digitalbazaar.com

Received on Monday, 14 March 2016 20:46:26 UTC