Re: Proof of Concept: Identity Credentials Login

On 06/17/2014 02:41 AM, Melvin Carvalho wrote:
> We did consider N-Triples and TURTLE for the JSON-LD graph 
> canonicalization algorithms and decided not to use either because 
> neither provided the flexibility and scalability necessary to do 
> proper digital signatures on graphs.
> Oh, I see what you mean.  But the 4th element in the quad would then
>  be the URL, I think.

That's almost correct, the 4th element would be an IRI. JSON-LD supports
blank nodes as graph names as well as URIs like urn:sha256:ffffff.
Neither N-Triples nor TURTLE supports a 4th element.

Signing named graphs comes into play when you need to do things like
provenance in payments:

"Google claims that Walmart said that they were selling item X for $40

So, the problem isn't as simple as "You should support both TURTLE and
JSON-LD". There are certain sorts of statements that you just can't
support in TURTLE, and if we were to support TURTLE, we'd need to figure
out how to express those statements in TURTLE (and may well find
ourselves down a rat hole). That said, if someone would like to put in
the work to make the Identity Credentials stuff (including a solution to
the named graph signatures problem) work in TURTLE, that'd be great.

>> So now we have a fractured identity space for the moment, the 
>> digital bazaar version and the WebID version.  It's a pity, but I 
>> guess that's just what happens when people take views.  It's a bet
>>  that could work out, imho.
> The fractured identity space consists of more than just those two 
> technology stacks. It also consists of Facebook Connect, OpenID 
> Connect, G+ login, OpenID 1.0, LTI, SAML, etc.
> Facebook serves turtle :)

Sure, but the question we should be asking is "How many of Facebook's
developers use TURTLE?". I'd bet big money on "less than 1%".

> I was just referring to those systems using Linked Data, which from 
> what I can see are Facebook, WebID, Identity Credentials, and maybe 
> some elements of OAuth.  OAuth supports the use of URLs.

Yes, but remember, we need more than just URLs for this stuff.

>> However I've yet to see a profile that is 5 star linked data. That 
>> imho is betting against awww, which is almost certain to be a 
>> losing bet.
> Why do you think that the Identity Credentials spec proposes 
> something that isn't 5 star Linked Data?
> Well, this is just from having played around with it a bit and 
> looking at the serializations.  If I had a chance to see a live 
> profile, I'd be able to check, or run it through a validator, such as
> vapour.

Create a profile, copy the data from and dump
it in the JSON-LD playground:

We don't have content negotiation for the raw JSON-LD document yet (due
to lack of time to implement it), but we will in time.

It's 5 star Linked Data, and if it's not, that's a bug.

> What are the scalability issues?
> Just a suspicion at this point.  Scalability would come into play if
>  it doesnt pass 5 star linked data validation, because then 
> interoperability can break with existing tooling, perhaps even 
> allowing money to get lost.

Alright, I didn't understand that you were wildly postulating. :P

It's 5 star Linked Data. We're not violating AWWW. You'll have to be
specific about why you think those two statements are false. :)

-- manu

Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: The Marathonic Dawn of Web Payments

Received on Wednesday, 18 June 2014 01:10:16 UTC