- From: Patrick Stickler <patrick.stickler@nokia.com>
- Date: Thu, 25 Mar 2004 11:33:51 +0200
- To: "ext Chris Bizer" <chris@bizer.de>
- Cc: <www-archive@w3.org>, "ext Jeremy Carroll" <jjc@hplb.hpl.hp.com>, "Pat Hayes" <phayes@ihmc.us>
On Mar 24, 2004, at 15:19, ext Chris Bizer wrote:
>
>>> Using signatures also don't make signing agents special (=owners),
>>> because
>>> several agent can sign the same named graph instance.
>>
>> True, and then they are joint owners/publishers, if that signing
>> occurs
>> in the graph itself.
>>
>
> Initial comment: The signature of a graph can not be included into the
> graph
> for technical reasons.
>
>
>
> Signing a graph works the following way:
>
>
>
> 1. You take a graph
>
> 2. You calculate the hash of it
>
> 3. then you encrypt the hash using your private key.
>
>
>
> Having the signature inside the graph makes it impossible to calculate
> the
> hash, because things are getting circular.
Yes I know.
I commented on this earlier. The hash generated can be based on the
graph
without the warrants, or simply without the signature values themselves.
So, given a graph
:G (
...
:G swp:warrant [ a swp:Warrant ;
swp:assertedBy ex:Bob ;
swp:signature "..." ] .
...
)
The hash is generated based on
:G (
...
:G swp:warrant [ a swp:Warrant ;
swp:assertedBy ex:Bob ;
swp:signature _:s ] .
...
)
I.e., the only bit of information that is not captured by the
signature is the signature itself.
Validation of the signature then simply requires filtering
out the signatures before testing the hash.
Patrick
--
Patrick Stickler
Nokia, Finland
patrick.stickler@nokia.com
Received on Thursday, 25 March 2004 05:11:13 UTC