Re: The new charter is now in place

> On Aug 21, 2020, at 8:35 AM, Manu Sporny <msporny@digitalbazaar.com> wrote:
> 
> On 8/20/20 4:58 PM, Gregg Kellogg wrote:
>> Perhaps we can describe mechanism for creating
>> versioned/cached/optimized contexts, with a default managed by the
>> group, along with a way to validate and update context versions. It
>> should allow others to create their own context set, and how to achieve
>> and measure the resulting compaction.
> 
> This mechanism exists in the current CBOR-LD implementation:
> 
> https://github.com/digitalbazaar/cborld/blob/main/lib/codecs/ContextCodec.js#L9-L11
> 
> The way it works today is that JSON-LD Contexts that are guaranteed to
> not change (for some externally known reason, such as they're a part of
> a W3C specification that locks the contexts in at particular releases
> with a SHA-256 hash, for example). There can be 32,768 of these sorts of
> contexts that are managed by the specification registry for "contexts
> that won't change and are thus safe to use with CBOR-LD".

I’m not sure what contexts would be guaranteed not to change. Several have been changed, where those changes are deemed to have not invalidated anything that was there before (e.g., prefix definitions).

Previously, these issues were stalled because of the lack of a good mechanism to guarantee the context integrity. Hashlink seemed like the best solution to me, so maybe if such a spec were limited to contexts served up via hashlink, or similar.

Some specs have decided to create versioned contexts to guarantee that a given version remains unchanged, but this is often (usually?) not the case.

> There is also another namespace consisting of 32,768 entries that are
> application-defined. If an organization doesn't want to register their
> frozen context globally, then they can just publish an
> application-specific specification that specifies values from
> 32,769-65,535. There can be 32,768 of these sorts of contexts for
> "application-specified contexts that won't change and are thus safe to
> use with CBOR-LD".

Sounds like another managed registry of immutable data, which might be reasonable, but groups would need an incentive to  use this as well as to mandate the use of specific versioned context URIs.

> What we don't do today for CBOR-LD is throw an error if one of these
> types of contexts are NOT used. We can put that into the
> specification... but remember, we don't throw in this case for JSON-LD
> today either... so it would be a strange requirement to put on CBOR-LD
> since we don't do that today for JSON-LD.
> 
> Contexts can change... that's been known for a very long time with
> JSON-LD, and there are a variety of mitigations against that that are
> deployed today (ship with frozen contexts and only use those, use
> hashlinks or some other form of content-addressed identifier, use known
> frozen URLs, etc.)

Yes, as I suggested above. It seems like a W3C-wide mandate, though, which is a high barrier to achieve.

Gregg

> -- manu
> 
> -- 
> Manu Sporny - https://www.linkedin.com/in/manusporny/
> Founder/CEO - Digital Bazaar, Inc.
> blog: Veres One Decentralized Identifier Blockchain Launches
> https://tinyurl.com/veres-one-launches
> 

Received on Friday, 21 August 2020 20:52:26 UTC