Re: The Digest Class (Security Vocab)

On 22 April 2014 06:02, Anders Rundgren <anders.rundgren.net@gmail.com>wrote:

> This was new to me.  Thanx!
> It seems completely OK to reuse this RFC if the purpose of the design is
> to prove the integrity of the object.
>
> I wouldn't mention the "potential" possibility to dereference ni:///etc
> since there is no authority to dereference.
> Then it would be more logical to go the whole way and specify objects
> through ni access only.
>

You can add an authority, I just didnt here to keep it origin independent
so that it can be distributed over many sites.

"

   The fact that an ni URI includes a domain name in the authority field
   by itself implies nothing about the relationship between the owner of
   the domain name and any content referenced by that URI.  While a
   name-data integrity service can be provided using ni URIs, that does
   not in any sense validate the authority part of the name.  For
   example, there is nothing to stop anyone from creating an ni URI
   containing a hash of someone else's content.  Application developers
   MUST NOT assume any relationship between the registrant of the domain
   name that is part of an ni URI and some matching content just because
   the ni URI matches that content

"


http://tools.ietf.org/html/rfc6920#section-9.3

So the .well-known URL is kind of a 'hint'?  Could you go into more detail
your thoughts on this?


>
> Anders
>
> On 2014-04-21 23:40, Melvin Carvalho wrote:
> > To give a concrete example, 8 goes from:
> >
> > Example 8
> > {
> >   "@context": [
> >     "https://w3id.org/security/v1",
> >     {
> >       "dc": "https://w3id.org/dc/terms/",
> >       "foaf": "http://xmlns.com/foaf/0.1/"
> >     }
> >   ],
> >   "@id": "http://example.com/logo.jpg",
> >   "@type": "foaf:Image",
> >   "dc:title": "Example Logo",
> >   "digest":
> >   {
> >     "@type": "Digest",
> >     "digestAlgorithm": "http://www.w3.org/2000/09/xmldsig#sha1",
> >     "digestValue": "981ec496092bf6ea18d6251d36068b52b633268b"
> >   }
> > }
> >
> > To
> >
> > Example 8
> > {
> >   "@context": [
> >     "https://w3id.org/security/v1",
> >     {
> >       "dc": "https://w3id.org/dc/terms/",
> >       "foaf": "http://xmlns.com/foaf/0.1/"
> >     }
> >   ],
> >   "@id": "http://example.com/logo.jpg",
> >   "@type": "foaf:Image",
> >   "dc:title": "Example Logo",
> >   "digest":
> >   {
> >     "@id": "ni://sha-1;981ec496092bf6ea18d6251d36068b52b633268b"
> >   }
> > }
> >
> > And will no longer contain a bnode, and potentially be dereferancable at
> /.well-known/ni/sha-1/981ec496092bf6ea18d6251d36068b52b633268b
> >
> >
> >
> > On 21 April 2014 23:32, Melvin Carvalho <melvincarvalho@gmail.com<mailto:
> melvincarvalho@gmail.com>> wrote:
> >
> >     I was just looking at the digest class [1]
> >
> >     It seems to contain an algorithm and a value.  I was wondering if it
> was known that the ni: URI scheme (formerly the di: URI scheme) from RFC
> 6920 "Naming things with hashes" does exactly this.  I extensively use
> ni:/// to create distributed databases and it has an added advantage of
> being dereferancable via the .well-known/ni/<alg>/<digest> pattern.
> >
> >     http://tools.ietf.org/html/rfc6920
> >
> >     Are there thoughts here regarding reuse?
> >
> >     [1]
> >
> >
> >         2. Classes
> >
> >
> >           2.1 Digest
> >
> >     This class represents a message digest that may be used for data
> integrity verification. The digest algorithm used will determine the
> cryptographic properties of the digest.
> >
> >     Status
> >         stable
> >     Parent Class
> >         owl:Thing
> >     Expected properties
> >         digestAlgorithm, digestValue
> >
> >     The example below describes a cryptographic digest:
> >
> >     Example 1
> >
> >     {
> >       "@context": "https://w3id.org/security/v1",
> >       "@type": "Digest",
> >       "digestAlgorithm": "http://www.w3.org/2000/09/xmldsig#sha1",
> >       "digestValue": "981ec496092bf6ee18d6255d96069b528633268b"
> >     }
> >
> >
> >
>
>