W3C home > Mailing lists > Public > public-interledger@w3.org > January 2017

Re: JSON-RPC vs. YASMIN. Was: A Critical Analysis of REST APIs for "Transaction Systems"

From: David Nicol <davidnicol@gmail.com>
Date: Mon, 30 Jan 2017 09:49:49 -0600
Message-ID: <CAFwScO_rFezNxnryO5R6NxF-douwBbDBueBtYaQAHRPjJFtDAA@mail.gmail.com>
To: Anders Rundgren <anders.rundgren.net@gmail.com>
Cc: Interledger Community Group <public-interledger@w3.org>
having just read that linked document, it seems like the missing piece is a
requirement for normalizing the JSON some how before making the digest
which will get signed. Strong normalization before digestion is needed to
have meaningful signatures on JSON data. This can mean concatenating some
subset of the elements of the message in some particular order --
essentially rewriting it as Bencoded, just to sign it -- or normalizing the
JSON in such a way that the consumer of the JSON can renormalize the data
structure they're going to get in such a way that they can check its
digest, and then its signature.

One reference on this old problem
does name JSON-LD as an existing variant with a well-defined canonical form.

On Mon, Jan 30, 2017 at 12:08 AM, Anders Rundgren <
anders.rundgren.net@gmail.com> wrote:

> Here is the intended YASMIN RPC mapping system:
> https://cyberphone.github.io/doc/web/yasmin.html#apimapping
> It doesn't seem to benefit by adding "jsonrpc" or "params" properties
> since all core characteristics (platform/audience/transport/security/etc)
> of YASMIN messages is supposed to be (implicitly) provided by the
> "@context" URI.
> How you can add signature support to an "API" (in a practical way) is
> still not addressed...
> In message-oriented YASMIN-powered applications this is trivial: you
> create the message and then sign it.
> Anders

"Have you taken yourself seriously today?" -- the gravity clown
Received on Monday, 30 January 2017 15:50:23 UTC

This archive was generated by hypermail 2.3.1 : Monday, 30 January 2017 15:50:24 UTC