- From: Gregg Kellogg <gregg@greggkellogg.net>
- Date: Wed, 12 Feb 2020 14:19:50 -0800
- To: William Entriken <entriken@phor.net>
- Cc: public-json-ld-wg@w3.org
- Message-Id: <BF2C75BB-8B3C-48E8-945A-49A88CE0E749@greggkellogg.net>
We discussed SRI protection for remote contexts in Issue 108 [1], which has been deferred until a future version. Since this was considered, a new “@import” mechanism was added [2], which might provide a good extension point. This might look something like the following:
{
"@context": {
"@version": 1.1,
"@import": "https://example.com/context-with-metadata",
"@sri": "sha256-abcd",
"@protected": true
}
}
Gregg Kellogg
gregg@greggkellogg.net
[1] https://github.com/w3c/json-ld-syntax/issues/108 <https://github.com/w3c/json-ld-syntax/issues/108>
[2] https://www.w3.org/TR/json-ld11/#imported-contexts
> On Feb 12, 2020, at 10:57 AM, William Entriken <entriken@phor.net> wrote:
>
> Dear Working Group:
>
> I am working on standardization of token implementations on the Ethereum blockchain and related projects. Our specifications ERC-721 and ERC-1155 depend on JSON-LD, specifically this is how we connect tokens to our data (like 2018-mazda-with-vin-2938473947937..json) to our schemas (like cars.json) using the "$schema" link.
>
> Our concern is that simply linking to a document ("$schema": ....) does not provide integrity. Our workaround is an approach that is similar to the W3C SRI specification. Our standard draft is at https://github.com/ethereum/EIPs/pull/2477/files <https://github.com/ethereum/EIPs/pull/2477/files>
>
> But we think this approach can be generalized and should be applicable to other JSON-LD users.
>
> I would like to propose a specification for "$schemaIntegrity", "@contextIntegrity" and other "@*Integrity" which allows publishers of data to specify that they are making reference to specific versions of documents.
>
> Would discussion on such a feature be welcome here?
>
>
> William Entriken
Received on Wednesday, 12 February 2020 22:20:06 UTC