Re: Adding a JSON Web Key to a schema Person? from Manu Sporny on 2020-10-21 (public-schemaorg@w3.org from October 2020)

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Wed, 21 Oct 2020 17:23:51 -0400
To: Melvin Carvalho <melvincarvalho@gmail.com>
Cc: "schema.org Mailing List" <public-schemaorg@w3.org>
Message-ID: <9dd09ab5-d1a2-dea7-793c-ad10625ff590@digitalbazaar.com>

On 10/21/20 4:49 PM, Melvin Carvalho wrote:
> Would there be a sensible value I could give it for the terms "example",
> "123" and "#aOEkw"

Yes, Veres One (for example), uses identifiers of this sort:

did:v1:INITIAL_PUBLIC_KEY#ROTATED_PUBLIC_KEY

Where the public key is expressed as a multi-base encoded, multicodec
encoded, public key. So:

MULTIBASE(base58btc, MULTICODEC(ed25519, public-key-bytes))

which ends up looking like this:

did:v1:nym:z6MkhRFVwne2zUJRSgYmDHJu7QwSpUqse46gs7Cm6ebAC22o#z6MkrVwrroS9DywBJrRvr7dSZeMi2wX5HhN82GFyZ3NZAmqK

Where z6MkhRFVwne2zUJRSgYmDHJu7QwSpUqse46gs7Cm6ebAC22o is a base58btc
encoded Ed25519 public key (32 bytes) that represents the RDF subject.

and z6MkrVwrroS9DywBJrRvr7dSZeMi2wX5HhN82GFyZ3NZAmqK is a base58btc
encoded Ed25519 public key (32 bytes) that represents a key associated
with the RDF subject.

You could also compose this as:

https://example.com/me#z6MkrVwrroS9DywBJrRvr7dSZeMi2wX5HhN82GFyZ3NZAmqK

> In this instance I think the X coordinate would be unique.  Or the X.Y
> would also do the job.  For example Martti's iris social network that we
> are collaborating with, X.Y is used to be the identity

Yes, you could do that -- doesn't give you the ability to rotate keys if
you use it as the identity, which is where DIDs come in. Some would
argue that identifying yourself as just a public key can be useful
(SSH/TLS has been successful with that model).

> I saw a lecture on macaroons saying why they preferred the capabilities
> approach.  I'm more used to the approach of saying "Alice has a public
> key P", but open to suggestions.  If you had a pointer or 1-2 sentences
> explaining the trade offs, would be much appreciated.

This is old and out of date, needs to be updated to match all the
current implementations, but... the Authorization Capabilities for
Linked Data spec attempts to explain why capabilities can be useful
instead of the old ACL model:

https://w3c-ccg.github.io/zcap-ld/

It's a very deep rabbit hole, try not to go too deep... people have gone
in and not re-emerged for years. :)

-- manu

-- 
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
blog: Veres One Decentralized Identifier Blockchain Launches
https://tinyurl.com/veres-one-launches

Received on Wednesday, 21 October 2020 21:24:05 UTC