W3C home > Mailing lists > Public > public-webpayments@w3.org > April 2014

Re: The Digest Class (Security Vocab)

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Tue, 22 Apr 2014 08:13:06 +0200
Message-ID: <53560872.5040709@gmail.com>
To: Melvin Carvalho <melvincarvalho@gmail.com>
CC: Web Payments <public-webpayments@w3.org>
On 2014-04-22 07:57, Melvin Carvalho wrote:
> 
> 
> 
> On 22 April 2014 06:02, Anders Rundgren <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> wrote:
> 
>     This was new to me.  Thanx!
>     It seems completely OK to reuse this RFC if the purpose of the design is to prove the integrity of the object.
> 
>     I wouldn't mention the "potential" possibility to dereference ni:///etc since there is no authority to dereference.
>     Then it would be more logical to go the whole way and specify objects through ni access only.
> 
> 
> You can add an authority, I just didnt here to keep it origin independent so that it can be distributed over many sites.
> 
> "
> 
>    The fact that an ni URI includes a domain name in the authority field
>    by itself implies nothing about the relationship between the owner of
>    the domain name and any content referenced by that URI.  While a
>    name-data integrity service can be provided using ni URIs, that does
>    not in any sense validate the authority part of the name.  For
>    example, there is nothing to stop anyone from creating an ni URI
>    containing a hash of someone else's content.  Application developers
>    MUST NOT assume any relationship between the registrant of the domain
>    name that is part of an ni URI and some matching content just because
>    the ni URI matches that content
> 
> "
> 
> 
> http://tools.ietf.org/html/rfc6920#section-9.3
> 
> So the .well-known URL is kind of a 'hint'?  Could you go into more detail your thoughts on this?

Melvin, I'm by no means an authority on this, I just
feel a bit hesitant using hints in a standard-to-be.

Then you will have to spice up your text with MAYs and that's something
I wouldn't do because they suck from an interoperability point-of-view.

I don't see that the hint would add any functionality over what you already have.

Cheers
Anders

>  
> 
> 
>     Anders
> 
>     On 2014-04-21 23:40, Melvin Carvalho wrote:
>     > To give a concrete example, 8 goes from:
>     >
>     > Example 8
>     > {
>     >   "@context": [
>     >     "https://w3id.org/security/v1",
>     >     {
>     >       "dc": "https://w3id.org/dc/terms/",
>     >       "foaf": "http://xmlns.com/foaf/0.1/"
>     >     }
>     >   ],
>     >   "@id": "http://example.com/logo.jpg",
>     >   "@type": "foaf:Image",
>     >   "dc:title": "Example Logo",
>     >   "digest":
>     >   {
>     >     "@type": "Digest",
>     >     "digestAlgorithm": "http://www.w3.org/2000/09/xmldsig#sha1",
>     >     "digestValue": "981ec496092bf6ea18d6251d36068b52b633268b"
>     >   }
>     > }
>     >
>     > To
>     >
>     > Example 8
>     > {
>     >   "@context": [
>     >     "https://w3id.org/security/v1",
>     >     {
>     >       "dc": "https://w3id.org/dc/terms/",
>     >       "foaf": "http://xmlns.com/foaf/0.1/"
>     >     }
>     >   ],
>     >   "@id": "http://example.com/logo.jpg",
>     >   "@type": "foaf:Image",
>     >   "dc:title": "Example Logo",
>     >   "digest":
>     >   {
>     >     "@id": "ni://sha-1;981ec496092bf6ea18d6251d36068b52b633268b"
>     >   }
>     > }
>     >
>     > And will no longer contain a bnode, and potentially be dereferancable at /.well-known/ni/sha-1/981ec496092bf6ea18d6251d36068b52b633268b
>     >
>     >
>     >
>     > On 21 April 2014 23:32, Melvin Carvalho <melvincarvalho@gmail.com <mailto:melvincarvalho@gmail.com> <mailto:melvincarvalho@gmail.com <mailto:melvincarvalho@gmail.com>>> wrote:
>     >
>     >     I was just looking at the digest class [1]
>     >
>     >     It seems to contain an algorithm and a value.  I was wondering if it was known that the ni: URI scheme (formerly the di: URI scheme) from RFC 6920 "Naming things with hashes" does exactly this.  I extensively use ni:/// to create distributed databases and it has an added advantage of being dereferancable via the .well-known/ni/<alg>/<digest> pattern.
>     >
>     >     http://tools.ietf.org/html/rfc6920
>     >
>     >     Are there thoughts here regarding reuse?
>     >
>     >     [1]
>     >
>     >
>     >         2. Classes
>     >
>     >
>     >           2.1 Digest
>     >
>     >     This class represents a message digest that may be used for data integrity verification. The digest algorithm used will determine the cryptographic properties of the digest.
>     >
>     >     Status
>     >         stable
>     >     Parent Class
>     >         owl:Thing
>     >     Expected properties
>     >         digestAlgorithm, digestValue
>     >
>     >     The example below describes a cryptographic digest:
>     >
>     >     Example 1
>     >
>     >     {
>     >       "@context": "https://w3id.org/security/v1",
>     >       "@type": "Digest",
>     >       "digestAlgorithm": "http://www.w3.org/2000/09/xmldsig#sha1",
>     >       "digestValue": "981ec496092bf6ee18d6255d96069b528633268b"
>     >     }
>     >
>     >
>     >
> 
> 
Received on Tuesday, 22 April 2014 06:13:38 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:03:36 UTC