- From: Jeremy Carroll <jeremy@topquadrant.com>
- Date: Mon, 27 Jun 2011 17:28:58 -0700
- To: Steve Harris <steve.harris@garlik.com>
- CC: public-rdf-wg@w3.org
On 6/27/2011 4:07 PM, Steve Harris wrote: > >> - signature is of length O(N) in the size of the graph (i.e. the signature includes the serialized form) > I'm not sure about that. The implementations I'm familiar with - WoT (http://xmlns.com/wot/0.1/), OAuth, and HTTPS - don't require that, at least in a way which is obvious to me. Arguably OAuth and HTTPS don't count, but they're commonly used for HTML, XML, JSON, etc. > OK So with WoT Let's suppose I have an RDF Graph in a triple store, to sign it, I need to turn it into a document. This document is of length O(N) in the number of triples. This gives me say a 128 byte signature after a bit of cryptography. To verify the 128 byte signature it is not sufficient to have the graph in the triple store (or some other triple store). I also need the document: and not any document containing that RDF graph, but the one that was the input into the cryptographic part of the process. Thus, from the RDF processing point of view, the signature is the 128 bytes and the document used in the serialization. Doing the signature verification against my triple store requires me to parse the signing document and do the graph isomorphism between that parse result and contents of triple store Thus all the claims I made earlier Jeremy
Received on Tuesday, 28 June 2011 00:29:23 UTC