Re: Implementing Federation, Part I from Jason Culverhouse on 2023-12-19 (public-swicg@w3.org from December 2023)

From: Jason Culverhouse <jason@mischievous.org>
Date: Tue, 19 Dec 2023 13:01:50 -0800
To: Marcus Rohrmoser <me.swicg@mro.name>
Cc: public-swicg@w3.org
Message-Id: <7F8A2488-5AAF-4CAB-8643-84303862B3F2@mischievous.org>

> On Dec 19, 2023, at 12:03 PM, Marcus Rohrmoser <me.swicg@mro.name> wrote:
> 
> 
> On Tue, 19 Dec 2023 14:52:39 +0100
> Emelia Smith <emelia@brandedcode.com> wrote:
> 
>> Small aside here: hopefully we can upgrade to the latest HTTP Signatures spec soon through dual usage.. I think there's maybe a few folks experimenting with this.

There are 2 types of signatures,  I think that the Http Signatures specification is fine and there are plenty of open source
implementations https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures

I think there is an issue with the linked data signatures that are used in Mastodon.
Probably a huge lift to move this forward?

https://github.com/mastodon/mastodon/blob/main/app/lib/activitypub/linked_data_signature.rb/#L6-L7

When you create the signature context you need to use  CONTEXT = 'https://w3id.org/identity/v1'

And this context does not exist in a normal way…. Note that you only use this for http signatures.

You sign the “options” document and the and the original message
 
{
  "creator": "https://flipboard.com/users/JsonCulverhouse#main-key",
  "created": "2023-12-19T20:39:53Z",
  "@context": "https://w3id.org/identity/v1"
}

But the identity document doesn’t  exist on the internet.

curl -vv -H 'Accept: application/ld+json' 'https://w3id.org/identity/v1'

< HTTP/1.1 302 Found
< Date: Tue, 19 Dec 2023 20:21:52 GMT
< Server: Apache/2.4.29 (Ubuntu)
< Access-Control-Allow-Origin: *
< Location: https://web-payments.org/contexts/identity-v1.jsonld
< Content-Length: 299
< Content-Type: text/html; charset=iso-8859-1
< 

You really need that document as you have to convert the json ld into RDF via URDNA-2015

_:c14n0 <http://purl.org/dc/terms/created> "2023-12-19T20:39:53Z"^^<http://www.w3.org/2001/XMLSchema#dateTime> .
_:c14n0 <http://purl.org/dc/terms/creator> <https://social.flipboard.com/users/JsonCulverhouse#main-key> .

Happily you can substitute https://w3id.org/security/v1 for https://w3id.org/identity/v1

Jason


> 
> How is the cost/benefit comparison?
> 
> It's a breaking change, right?
> 
> What becomes possible that wasn't or impossible what was?
> What are the tangible benefits?
> 
> Marcus
>

Received on Tuesday, 19 December 2023 21:02:11 UTC