Re: Introducing CBOR-LD...

On 7/24/20 9:57 AM, Leonard Rosenthol wrote:
> In our world where (standard) schemas are being created & edited
> daily, let alone the existence of custom ones - I just don't see how
> this will work for the types of data being considered here (eg.
> VC's)
> 
> Accordingly, I don’t see this as a viable option.

You are correct, if the schema changes out from under you, you're in
trouble. There is one mitigation for this that you may not be aware of:

Every W3C global standard JSON-LD Context that I know of is frozen in
time. We go as far as publishing cryptographic hashes for the JSON-LD
Contexts in the specifications themselves.

Example for Verifiable Credentials here:

https://www.w3.org/TR/vc-data-model/#base-context

We should point this out in the CBOR-LD specification as I'm sure some
poor soul will step on that particular landmine.

The other protection that we have in place is that things like
Verifiable Credentials are digitally signed, so if you deserialize and
check the signature on the receiving end, a context change will be
detected (digital signature verification failure).

That doesn't mean that this stuff isn't useful even while developing...
if you only go to CBOR-LD for vanishingly small periods of time
(transmission via QRCode and then immediately back to JSON-LD), it is
highly unlikely that you're going to be the unlucky person that received
a message right as someone pressed "Save" a context.

So, if you plan to use CBOR-LD as an archival format using unstable
JSON-LD Context files, then yes, you shouldn't do that and yes, we
should warn about it in the specification. However, that doesn't mean
that the solution isn't viable for a subset of use cases. :)

-- manu

-- 
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
blog: Veres One Decentralized Identifier Blockchain Launches
https://tinyurl.com/veres-one-launches

Received on Friday, 24 July 2020 14:42:48 UTC