W3C home > Mailing lists > Public > public-rdfa-wg@w3.org > November 2010

Re: DOM Tampering

From: Mark Birbeck <mark.birbeck@webbackplane.com>
Date: Thu, 25 Nov 2010 19:31:00 +0000
Message-ID: <AANLkTi=y2Z9m939x_rCv9ZgVMi6H-EAM1awsovhmJTFy@mail.gmail.com>
To: nathan@webr3.org
Cc: RDFA Working Group <public-rdfa-wg@w3.org>
Very good point, Nathan (and Tom).

What about signing the data via a predicate? If it's absent, a strict
parser might ignore the triples. And if it's present, its value must
match a value computed in much the same way that XML Signatures [1]
work...or perhaps a little simpler. ;)

In fact...Manu mentioned to me the other day that his company recently
had need to sign instances of JSON-LD; perhaps we need to look at
generalising whatever it was that they did.

Any thoughts on this, Manu? Did you add the signature as a predicate,
or was it outside of the RDF?

(Once you've finished your turkey, of course.)


[1] <http://www.w3.org/TR/xmldsig-core/>

On Thu, Nov 25, 2010 at 3:53 PM, Nathan <nathan@webr3.org> wrote:
> Hi All,
> If we lift RDFa from the DOM, and the DOM can be manipulated via JS before
> lifting the RDF graph, then how does one trust the RDFa?
> Also, how should parsers treat <iframes>?
> Two interesting points via Tom Morris,
> Best,
> Nathan
Received on Thursday, 25 November 2010 19:32:11 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:05:22 UTC