W3C home > Mailing lists > Public > public-xg-webid@w3.org > November 2011

Re: include privat ekeys Re: rsa ontology in cert namespace

From: Mischa Tuffield <mischa@mmt.me.uk>
Date: Fri, 25 Nov 2011 10:19:55 +0000
Message-Id: <A7DAB881-74C5-41D9-BCBD-6D2E10825B52@mmt.me.uk>
Cc: Peter Williams <home_pw@msn.com>, "public-xg-webid@w3.org" <public-xg-webid@w3.org>
To: Mo McRoberts <mo.mcroberts@bbc.co.uk>


-Mischa's phone

On Nov 25, 2011, at 10:06 AM, Mo McRoberts <mo.mcroberts@bbc.co.uk> wrote:

> 
> On 25 Nov 2011, at 09:47, Mischa Tuffield wrote:
> 
>> Comments inline :
>> 
>> -Mischa's phone
>> 
>> On Nov 23, 2011, at 7:00 PM, Mo McRoberts <mo.mcroberts@bbc.co.uk> wrote:
>> 
>>> 
>>> On 23 Nov 2011, at 18:42, Peter Williams wrote:
>>> 
>>>> 
>>>> Stop calling a "cert" ontology too, since it precious little to do with certificates - as anyone understands the term. The bindings are not signed, and in RDF land show no sign of being signed in the next decade. 
>>> 
>>> +1
>>> 
>>> People have enough trouble understanding the difference between certificates and keys as it is.
>>> 
>>> (RDF signing is nontrivial, because ideally you want to sign the graph, not the specific serialisation; in order to sign, you need consistent ordering of triples, and the only way you can order triples with bnodes as the subject is by their content… arriving at a consistent a graph consisting solely of bnodes isn't entirely straightforward, particularly if there are any referencing 'loops').
>> 
>> The signing of a given RDF document (g-text) makes perfect sense to me, especially when the use case is signing some triples and sending/receiving them across the wire. Or am I missing something? I recon that XML signing is both widely supported and established in the community. Saying that I agree that rdfxml is not the most elegant serialisation...
> 
> For a given graph containing bnodes, having two people independently arrive at a consistent signable serialisation is not straightforward.

Sure canonicalisation is not easy. But two people can independently sign different rdf documents, with bnodes and, verify the two are the same with sparql.

> 
>> The current RDF WG have talked about and are working on a method to skolemise bnodes [1]. This should allow for triples to be sorted and signed in a straightforward manner. HEAD of the 4store repo supports this fwiw.
> 
> Yes, but two separate instances of 4store won't arrive at the same URIs for the same triples, will they?

Am not sure why that matters, even if they don't share the same skolemised URIs, upon uploading to another SPARQL store they should be parsed as bnodes. Bnodes are existential variables, and scoped to rdf documents - don't see a problem here. The internal identifiers in sparql stores are but an implementation issue.

Mischa

> 
> (Last I heard, XML signing was having… issues, but I might have misheard)
> 
> M.
> 
> -- 
> Mo McRoberts - Technical Lead - The Space,
> 0141 422 6036 (Internal: 01-26036) - PGP key CEBCF03E,
> Project Office: Room 7083, BBC Television Centre, London W12 7RJ
> 
> 
> 
Received on Friday, 25 November 2011 10:21:56 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 25 November 2011 10:21:56 GMT