Re: GraphSignature2014 from Dave Longley on 2014-10-09 (public-webpayments@w3.org from October 2014)

From: Dave Longley <dlongley@digitalbazaar.com>
Date: Thu, 09 Oct 2014 12:44:42 -0400
To: Melvin Carvalho <melvincarvalho@gmail.com>
CC: Web Payments <public-webpayments@w3.org>
Message-ID: <5436BB7A.4090902@digitalbazaar.com>

On 10/09/2014 12:34 PM, Melvin Carvalho wrote:
>
>
> On 9 October 2014 17:31, Dave Longley <dlongley@digitalbazaar.com 
> <mailto:dlongley@digitalbazaar.com>> wrote:
>
>     On 10/09/2014 10:44 AM, Melvin Carvalho wrote:
>
>         I've been using GraphSignature2012 lately:
>
>         https://web-payments.org/specs/source/vocabs/security.html#GraphSignature2012
>
>         I heard rumour that GraphSignature2014 was coming out this year.
>
>
>     It may not be this year, but at least next. Once the RDF Dataset
>     Normalization Algorithm spec is brought up to date and refined
>     we'll likely have a new GraphSignature release -- and this work is
>     scheduled to start sometime by the end of this year or early next.
>
>
>         Anyone know if it's still the case?  Or are there any details
>         that can be given -- are there limitations to the previous
>         version etc.?
>
>
>
>     There are a couple of issues we'd like to resolve with the current
>     spec. They have to do with clarification and data armoring.
>
>     1. We need to clarify how to generate the signature; specifically,
>     there are some the details about how to construct the signature in
>     the Secure Messaging spec
>     (https://web-payments.org/specs/source/secure-messaging/) that
>     should be moved to the security vocabulary and then merely
>     referenced by the Secure Messaging spec.
>
>     2. We need to better armor/delimit the component parts that go
>     into the signature.
>
>     3. We may need to better armor/delimit some information used in
>     the RDF Dataset Normalization algorithm and issue a new version of
>     that algorithm as a result.
>
>
> Thanks for clarifying.  Would you have any major concerns about using 
> GraphSignature2012 in a real world scenario, right now?

Sure! I'm not aware of any major concerns that have come to light; feel 
free to use in a real world scenario with an understanding that the 
current spec is split between those two different docs (security vocab + 
Secure Messaging) and that may confuse implementors.

>
>     -Dave
>
>     -- 
>     Dave Longley
>     CTO
>     Digital Bazaar, Inc.
>     http://digitalbazaar.com
>
>
>


-- 
Dave Longley
CTO
Digital Bazaar, Inc.
http://digitalbazaar.com

Received on Thursday, 9 October 2014 16:44:17 UTC