- From: Dmitri Zagidulin <dzagidulin@gmail.com>
- Date: Thu, 2 Apr 2020 13:00:28 -0400
- To: Leonard Rosenthol <lrosenth@adobe.com>, Credentials Community Group <public-credentials@w3.org>
- Message-ID: <CANnQ-L4gm4cw9DdetvrT+s3B--dE27d4qYbpXAbaNtUC3rnvFA@mail.gmail.com>
Hi Leonard, So, you can think of a context as exactly functionally equivalent to an NPM package (or Maven, or ruby Gem, or whatever). Which means that, by definition, is has to be machine readable (it's a common source of confusion to confuse contexts and human-readable vocab documentation -- think of the human-readable part as a README file for an npm package). Does it have to be accessible - sure, but just like with NPM packages, you have the control of /when/ it's accessible. You /could/, in theory, override your require() functions so that it loads NPM packages from the web, in your code. But even with caching, that would be a wildly impractical approach, full of performance and security issues. Instead, what most developers do (and what we recommend to do with contexts), is to fix them at /build time/. That is, version them, bundle them locally with your code, and only allow your document loaders to interface with those local versions. Does that make more sense? On Thu, Apr 2, 2020 at 12:41 PM Leonard Rosenthol <lrosenth@adobe.com> wrote: > Dmitri – that also forces all contexts to be (a) accessible and (b) > machine readable…neither of which a mandatory requirement of either JSON-LD > or VC itself. > > > > Leonard > > > > *From: *Dmitri Zagidulin <dzagidulin@gmail.com> > *Reply-To: *"dzagidulin@gmail.com" <dzagidulin@gmail.com> > *Date: *Thursday, April 2, 2020 at 11:39 AM > *To: *Anil Lewis <anillewi@ca.ibm.com>, Credentials Community Group < > public-credentials@w3.org> > *Subject: *Re: Performance question for JSON-LD with vc.js > *Resent-From: *<public-credentials@w3.org> > *Resent-Date: *Thursday, April 2, 2020 at 11:38 AM > > > > Hi Anil, > > > > > When using vc.js, I have observed that if the pre-configured contexts > are not loaded, I am unable to even sign/verify the credential. I might > have to come up with our own processing code to circumvent this issue. > > > > For security reasons, the vc-js library /does not/ allow loading of > arbitrary contexts from the web. You have to explicitly allow-list them, by > providing a document loader function tailored to your usecase. > > Absolutely happy to walk you through this, please feel free to open an > issue on https://github.com/digitalbazaar/vc-js/issues > <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fdigitalbazaar%2Fvc-js%2Fissues&data=02%7C01%7Clrosenth%40adobe.com%7C56767c2b6869424a7ebf08d7d71c07b3%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C1%7C637214387714608325&sdata=IZ610%2FFVghWmn%2BhhVDiygL9jkBnzsC%2BSS%2FxUQHXh5wc%3D&reserved=0> > ! >
Received on Thursday, 2 April 2020 17:00:54 UTC