W3C home > Mailing lists > Public > public-xg-webid@w3.org > February 2011

Re: Web Object Encryption and Signing (WOES) at IETF

From: Henry Story <henry.story@bblfish.net>
Date: Fri, 18 Feb 2011 11:44:22 +0100
Cc: Peter Williams <home_pw@msn.com>, nathan <nathan@webr3.org>, Saint-Andre Peter <stpeter@stpeter.im>
Message-Id: <C52D5118-4B4B-40D1-BF70-67F16DCA3393@bblfish.net>
To: WebID Incubator Group WG <public-xg-webid@w3.org>
On 18 Feb 2011, at 11:25, Henry Story wrote:

> 
> On 18 Feb 2011, at 11:01, Peter Williams wrote:
> 
>> Seem two ways to approach it: just as there exist encoding rules to code asn1 abstract values (in cert type) as XML, there could be code to json, instead. or, a native structure is defined in json, assuming it can be canonicalized.
> 
> The simplest way to add a public key in json, is specify some public key struct and to 
> specify the modulus and exponent. 
> 
> { "a": "foaf:Person",
>  "foaf:name": "Jack",
>  "webids": [ "http://example.com/#me" ]
>  "publicKeys": [ { "a": "rsa:RSAPublicKey",
>                 "modulus": "..."
>                 "exponent": "..." } ]
> }
> 
> Anyway, I am not JSON expert. There are JSON Rdf notations.

It seems to be documented here.
http://n2.talis.com/wiki/RDF_JSON_Specification

Though as far as I can see it could be improved still. There only seems to be one "literal" notation
whereas "literals" can be typed with URIs, as we do.

I heard there are a number of such formalisms. 

It may be better in my view to have a JSONT that transforms the JSON into Turtle, as that would avoid 
having to agree on one more notation for RDF. Turtle is close to JSON, is easy to read, and has many 
parsers.



>  
> If not that one should tie the above to a JSON GRDDL
> 
>    http://buzzword.org.uk/2008/jsonGRDDL/spec
> 
> So that we can work with multiple formats without all needing to know the details of every
> persons syntactic, notational preferences.
> 
>> A third approach does exist. A very minimal der-encoded cert exists, with 1string extension: some json with native coding of xyz control system (eg pkix). H.p and I once suggested this, where JavaScript was used rather than json values. it was laughed at, at the time (when pki was at it's zenith).
> 
> That is the wrong solution. To add DER into JSON, is to think that DER has some special magic about it.
> The only place where DER is good, is in signing. But as it happens, we don't need to sign anything here, and if signing were to be useful it would be for the whole JSON. To go down to DER because of its signing capacity is very masochistic.
> 
> If you really want ASN.1 formats, I suggest someone spend time working on an ASN.1 GRDDL. That would allow any new format of ASN.1 to be converted to work with everything else. Though I think we may need the semweb to adopt named graphs more clearly.
> 
>> 
>> 
>> 
>> On Feb 17, 2011, at 2:34 PM, Nathan <nathan@webr3.org> wrote:
>> 
>>> Peter Saint-Andre wrote:
>>>> Dear WebID folks,
>>>> Given the discussions here about simplifying the representation of
>>>> public keys, you might want to know that some IETF participants have
>>>> established a dedicated email list for discussion about requirements and
>>>> potential implementation of JSON to provide security services for
>>>> Web-based applications. You can subscribe here:
>>>> https://www.ietf.org/mailman/listinfo/woes
>>>> In addition, an informal side meeting is planned for this topic at IETF
>>>> 80 in Prague during the week of March 28.
>>> 
>>> wonderful, and good to see all the sec groups getting pinged about it, we (over in this xg) should definitely keep tabs and be as involved as we can - imo of course.
>>> 
>>> Cheers Peter,
>>> 
>>> Nathan
>>> 
>>> 
>> 
> 
> Social Web Architect
> http://bblfish.net/
> 

Social Web Architect
http://bblfish.net/
Received on Friday, 18 February 2011 10:45:01 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:22 UTC