W3C home > Mailing lists > Public > public-xg-webid@w3.org > November 2011

Re: include privat ekeys Re: rsa ontology in cert namespace

From: Mo McRoberts <mo.mcroberts@bbc.co.uk>
Date: Fri, 25 Nov 2011 10:06:25 +0000
Cc: Peter Williams <home_pw@msn.com>, "public-xg-webid@w3.org" <public-xg-webid@w3.org>
Message-Id: <5E10CF8E-C2F9-4E36-B789-7FA9E3AF1A67@bbc.co.uk>
To: Mischa Tuffield <mischa@mmt.me.uk>

On 25 Nov 2011, at 09:47, Mischa Tuffield wrote:

> Comments inline :
> 
> -Mischa's phone
> 
> On Nov 23, 2011, at 7:00 PM, Mo McRoberts <mo.mcroberts@bbc.co.uk> wrote:
> 
>> 
>> On 23 Nov 2011, at 18:42, Peter Williams wrote:
>> 
>>> 
>>> Stop calling a "cert" ontology too, since it precious little to do with certificates - as anyone understands the term. The bindings are not signed, and in RDF land show no sign of being signed in the next decade. 
>> 
>> +1
>> 
>> People have enough trouble understanding the difference between certificates and keys as it is.
>> 
>> (RDF signing is nontrivial, because ideally you want to sign the graph, not the specific serialisation; in order to sign, you need consistent ordering of triples, and the only way you can order triples with bnodes as the subject is by their content… arriving at a consistent a graph consisting solely of bnodes isn't entirely straightforward, particularly if there are any referencing 'loops').
> 
> The signing of a given RDF document (g-text) makes perfect sense to me, especially when the use case is signing some triples and sending/receiving them across the wire. Or am I missing something? I recon that XML signing is both widely supported and established in the community. Saying that I agree that rdfxml is not the most elegant serialisation...

For a given graph containing bnodes, having two people independently arrive at a consistent signable serialisation is not straightforward.

> The current RDF WG have talked about and are working on a method to skolemise bnodes [1]. This should allow for triples to be sorted and signed in a straightforward manner. HEAD of the 4store repo supports this fwiw.

Yes, but two separate instances of 4store won't arrive at the same URIs for the same triples, will they?

(Last I heard, XML signing was having… issues, but I might have misheard)

M.

-- 
Mo McRoberts - Technical Lead - The Space,
0141 422 6036 (Internal: 01-26036) - PGP key CEBCF03E,
Project Office: Room 7083, BBC Television Centre, London W12 7RJ
Received on Friday, 25 November 2011 10:07:03 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 25 November 2011 10:07:03 GMT