- From: ☮ elf Pavlik ☮ <perpetual-tripper@wwelves.org>
- Date: Thu, 02 Jan 2014 00:41:11 +0100
- To: Manu Sporny <msporny@digitalbazaar.com>
- CC: public-webpayments@w3.org
On 01/01/2014 10:58 PM, Manu Sporny wrote: > Hi Elf, > > As you probably saw already, Dave Lehn fixed the bug that you found. It > was a side-effect of moving over to the new web-payments.org domain. > However, in your response you raised an interesting question that I > wanted to address. Thank you Manu for such exhaustive answer! I'll add just few very tiny comments inline... > > For those of you that don't know what JSON-LD is, and want to follow the > rest of this conversation, this video primer might help: > > http://www.youtube.com/watch?v=vioCbTo3C-4 Yeah! I still hope you can find time to continue with this series! http://tiny.cc/promise-of-adv-jsonld-vid (in first comment ;) > > On 12/31/2013 12:17 PM, ☮ elf Pavlik ☮ wrote: >>> it also makes me wonder what happens when some system can't load >>> external @context and doesn't have it cached? possibly general >>> question for JSON-LD... > > It is a general question for JSON-LD, and each JSON-LD context > maintainer will chose whatever works best for their particular problem > and community. In general, the most stable (as in, you can always > retrieve them) JSON-LD contexts will be the ones that are used most often. > > Some context authors will choose to host it on their own domain. I > believe Martin Hepp of Good Relations may do this for future versions of > Good Relations technology. > > Some context authors will choose to hard code it into their > applications. This is what schema.org has done, as their @context file > isn't available on schema.org because they're concerned about the > traffic that they'll have to service if their JSON-LD Context becomes > popular and the JSON-LD processors don't cache contexts correctly. > > Some context authors will depend on a redirect service with built in > redundancies. That's what we've done w/ the JSON-LD contexts that this > community develops. I'm going to focus on what we do here in an attempt > to concretely answer your question. > > The "official" way to reference the PaySwarm context right now is via > this URL: > > http://w3id.org/payswarm/v1 > > That will eventually bounce you to this URL: > > https://web-payments.org/contexts/payswarm-v1.jsonld > > So, what happens if web-payments.org goes away? A pull request can be > sent to the Permanent Identifier Community Group at W3C to update the > reference to point it to some place new. The PICG is run by a consortium > of companies that have agreed to keep w3id.org up and running for at > least a century (or however long the Web is around in its current state). > > It's 6-way redundant at the moment, so 5 of the 6 companies providing > backups could fail and the service would continue to operate. You can > read more about it here: https://w3id.org/ > > So, http://w3id.org/ is going to be around for a very, very long time. $ whois w3id.org ... Expiration Date:14-Feb-2014 21:17:29 UTC ... please watch out ;) http://lists.w3.org/Archives/Public/public-webpayments/2013Jan/0007.html > > If a popular JSON-LD context disappears, that community will spring into > action and replace it with something sane, like a re-direct to another > site, or serving the context directly off of the w3id.org website. > > Talking specifically about the PaySwarm JSON-LD context, it will always > be built into the software due to attack vectors through the JSON-LD > context if the w3id.org website or the web-payments.org website were to > ever be compromised. It's possible to reverse transactions by switching > the meaning of "source" and "destination" in a PaySwarm transaction. To > protect against that attack, PaySwarm payment processor software always > uses local, verified, up-to-date copies of all JSON-LD contexts used for > financial transaction purposes. Very interesting! Does it stand somewhere in 'Security Considerations' of one of Web Payments specs? Might make sense to put it somewhere around: https://web-payments.org/specs/source/web-payments/#the-transaction-algorithm Once again, thanks for taking your time for writing such in depth answer! Much appreciated :)
Received on Wednesday, 1 January 2014 23:40:49 UTC