- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Sat, 16 Mar 2019 10:43:15 -0400
- To: public-credentials@w3.org
On 3/15/19 8:29 PM, elf-pavlik@hackers4peace.net wrote: > Seeing announcement of new Chromium 73 features which includes Signed > HTTP exchanges reminded me of this thread. I don't know if this could > play some role in distributing JSON-LD context mandated by the spec There may be something there, but note that taking the signed web package based approach would be far more complicated than just including a Hashlink for the JSON-LD Context OR shipping the contexts that your application needs with your application. To restate it in another way - going out to the network always opens you up to a ton of extra attacks, and doing so is not necessary to solve this problem. For those that want to open themselves up to those attacks (and there may be good reasons to do so, like the ecosystem changes too quickly to snapshot the contexts), digitally signing the resources are one possible way forward. In all cases, I believe that the JSON-LD Context loading mechanism would be responsible for enforcing the particular set of checks (and thus, experimentation can happen w/o the need for a specification at first). -- manu -- Manu Sporny (skype: msporny, twitter: manusporny) Founder/CEO - Digital Bazaar, Inc. blog: Veres One Decentralized Identifier Blockchain Launches https://tinyurl.com/veres-one-launches
Received on Saturday, 16 March 2019 14:43:40 UTC