- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Fri, 19 May 2017 08:50:48 -0400
- To: public-credentials@w3.org
On 05/17/2017 04:33 PM, Anders Rundgren wrote:
> * Is the nonce necessary or optional?
It's optional. We can't make it required because there are use cases
where using the nonce doesn't make sense.
> * Are developers aware that the Universale RDF Dataset Normalization
> Algorithm is executed when performing the digital signature?
For those that know, the responses fall into two camps:
1. "That's fine, I don't care.", and
2. "That's too heavy weight, I'm going to do something else... like
use JWTs."
It depends on the use case, and for those where canonicalization is
important, they don't seem to think it's too much of a burden.
> * Are developers comfortable with using a JSON-LD context with their
> data?
Some are, some are not.
> Are they aware that information that doesn't map is dropped?
I would expect that most do not, which is a problem that we're hoping to
remedy soon in the libraries by making the signature operation fail if
it detects any dropped data that isn't strictly specified as being "ok
if dropped".
> Should the JSON-LD processors fail when information is dropped from
> signed data?
Yes, by default they should... but we have not had the opportunity to
update all the libraries to work in this manner. We have a plan of how
to do it, though.
-- manu
--
Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: Rebalancing How the Web is Built
http://manu.sporny.org/2016/rebalancing/
Received on Friday, 19 May 2017 12:51:17 UTC