Re: Linked Data Signatures spec published from Anders Rundgren on 2015-01-16 (public-credentials@w3.org from January 2015)

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Fri, 16 Jan 2015 07:56:45 +0100
To: Manu Sporny <msporny@digitalbazaar.com>, Web Payments <public-webpayments@w3.org>, Credentials Community Group <public-credentials@w3.org>
Message-ID: <54B8B62D.2030102@gmail.com>

On 2015-01-16 06:03, Manu Sporny wrote:
> Hi all,
>
> The Linked Data Signatures specification has been extracted from the old
> Secure Messaging specification. This was done after it became fairly
> clear that most of the people we were showing the specification to
> didn't really care about the encryption portions (which we'll extract
> into a separate specification later on). We have also received quite a
> bit of strong push-back on the "Secure Messaging" name, thus the
> re-branding.
>

Manu,
In the spec you write:

"The challenge has always been in building an extensible, distributed,
  Public Key Infrastructure for the Web. This specification details how
  a decentralized Public Key Infrastructure can be built on top of the
  Web using Linked Data principles. This system can then be used to easily
  achieve message extensibility, message verifiability, and dynamic access
  control to resources on the Web"

Although the initial line indeed points to a problem, I have difficulties
understanding how the Linked Data Signature spec. is supposed to change that
unless we conclude that the core issue really is "only" how to create, publish
and discover keys.  I thought it had to do with trust and liability as well.

Since public keys have no issuer, is the idea that the key repositories act
as virtual CAs and HTTPS is used as a binding element?  I mean: How is the
trust model?

Cheers,
Anders

> For those new to the discussion, in order to do digital
> signatures in JSON-LD, we need two specs and a vocabulary:
>
> 1. The RDF Dataset Normalization spec
> 2. The Linked Data Signatures spec
> 3. The Security vocabulary
>
> #2 was a part of the Secure Messaging spec until now. It'll live on its
> own from now on. Here's a very rough draft:
>
> https://web-payments.org/specs/source/ld-signatures/
>
> This spec has a preliminary implementation here:
>
> https://github.com/digitalbazaar/jsonld-signatures
>
> and an npm and bower package:
>
> https://www.npmjs.com/package/jsonld-signatures
>
> -- manu
>

Received on Friday, 16 January 2015 06:57:22 UTC