- From: Melvin Carvalho <melvincarvalho@gmail.com>
- Date: Thu, 9 Oct 2014 18:34:11 +0200
- To: Dave Longley <dlongley@digitalbazaar.com>
- Cc: Web Payments <public-webpayments@w3.org>
- Message-ID: <CAKaEYhJ=qD1m5c68k2fYR1-MaZn0F8UBtUV5Htzkyn42t_MZ3w@mail.gmail.com>
On 9 October 2014 17:31, Dave Longley <dlongley@digitalbazaar.com> wrote: > On 10/09/2014 10:44 AM, Melvin Carvalho wrote: > >> I've been using GraphSignature2012 lately: >> >> https://web-payments.org/specs/source/vocabs/security. >> html#GraphSignature2012 >> >> I heard rumour that GraphSignature2014 was coming out this year. >> > > It may not be this year, but at least next. Once the RDF Dataset > Normalization Algorithm spec is brought up to date and refined we'll likely > have a new GraphSignature release -- and this work is scheduled to start > sometime by the end of this year or early next. > > >> Anyone know if it's still the case? Or are there any details that can be >> given -- are there limitations to the previous version etc.? >> >> >> > There are a couple of issues we'd like to resolve with the current spec. > They have to do with clarification and data armoring. > > 1. We need to clarify how to generate the signature; specifically, there > are some the details about how to construct the signature in the Secure > Messaging spec (https://web-payments.org/specs/source/secure-messaging/) > that should be moved to the security vocabulary and then merely referenced > by the Secure Messaging spec. > > 2. We need to better armor/delimit the component parts that go into the > signature. > > 3. We may need to better armor/delimit some information used in the RDF > Dataset Normalization algorithm and issue a new version of that algorithm > as a result. > Thanks for clarifying. Would you have any major concerns about using GraphSignature2012 in a real world scenario, right now? > > -Dave > > -- > Dave Longley > CTO > Digital Bazaar, Inc. > http://digitalbazaar.com > > >
Received on Thursday, 9 October 2014 16:34:42 UTC