W3C home > Mailing lists > Public > public-webpayments@w3.org > January 2014

Re: HTTP 500 https://web-payments.org/contexts/payswarm-v1.jsonld

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Wed, 01 Jan 2014 16:58:08 -0500
Message-ID: <52C48F70.6010502@digitalbazaar.com>
To: public-webpayments@w3.org
Hi Elf,

As you probably saw already, Dave Lehn fixed the bug that you found. It
was a side-effect of moving over to the new web-payments.org domain.
However, in your response you raised an interesting question that I
wanted to address.

For those of you that don't know what JSON-LD is, and want to follow the
rest of this conversation, this video primer might help:


On 12/31/2013 12:17 PM, ☮ elf Pavlik ☮ wrote:
>> it also makes me wonder what happens when some system can't load 
>> external @context and doesn't have it cached? possibly general
>> question for JSON-LD...

It is a general question for JSON-LD, and each JSON-LD context
maintainer will chose whatever works best for their particular problem
and community. In general, the most stable (as in, you can always
retrieve them) JSON-LD contexts will be the ones that are used most often.

Some context authors will choose to host it on their own domain. I
believe Martin Hepp of Good Relations may do this for future versions of
Good Relations technology.

Some context authors will choose to hard code it into their
applications. This is what schema.org has done, as their @context file
isn't available on schema.org because they're concerned about the
traffic that they'll have to service if their JSON-LD Context becomes
popular and the JSON-LD processors don't cache contexts correctly.

Some context authors will depend on a redirect service with built in
redundancies. That's what we've done w/ the JSON-LD contexts that this
community develops. I'm going to focus on what we do here in an attempt
to concretely answer your question.

The "official" way to reference the PaySwarm context right now is via
this URL:


That will eventually bounce you to this URL:


So, what happens if web-payments.org goes away? A pull request can be
sent to the Permanent Identifier Community Group at W3C to update the
reference to point it to some place new. The PICG is run by a consortium
of companies that have agreed to keep w3id.org up and running for at
least a century (or however long the Web is around in its current state).

It's 6-way redundant at the moment, so 5 of the 6 companies providing
backups could fail and the service would continue to operate. You can
read more about it here: https://w3id.org/

So, http://w3id.org/ is going to be around for a very, very long time.

If a popular JSON-LD context disappears, that community will spring into
action and replace it with something sane, like a re-direct to another
site, or serving the context directly off of the w3id.org website.

Talking specifically about the PaySwarm JSON-LD context, it will always
be built into the software due to attack vectors through the JSON-LD
context if the w3id.org website or the web-payments.org website were to
ever be compromised. It's possible to reverse transactions by switching
the meaning of "source" and "destination" in a PaySwarm transaction. To
protect against that attack, PaySwarm payment processor software always
uses local, verified, up-to-date copies of all JSON-LD contexts used for
financial transaction purposes.

-- manu

Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: The Worlds First Web Payments Workshop
Received on Wednesday, 1 January 2014 21:58:34 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:07:27 UTC