Re: Proof of Concept: Identity Credentials Login

On 18 June 2014 03:09, Manu Sporny <msporny@digitalbazaar.com> wrote:

> On 06/17/2014 02:41 AM, Melvin Carvalho wrote:
> > We did consider N-Triples and TURTLE for the JSON-LD graph
> > canonicalization algorithms and decided not to use either because
> > neither provided the flexibility and scalability necessary to do
> > proper digital signatures on graphs.
> >
> > Oh, I see what you mean.  But the 4th element in the quad would then
> >  be the URL, I think.
>
> That's almost correct, the 4th element would be an IRI. JSON-LD supports
> blank nodes as graph names as well as URIs like urn:sha256:ffffff.
> Neither N-Triples nor TURTLE supports a 4th element.
>

btw Id rather use ni:///sha-256; (named instance) than a URN here


>
> Signing named graphs comes into play when you need to do things like
> provenance in payments:
>
> "Google claims that Walmart said that they were selling item X for $40
> yesterday."
>
> So, the problem isn't as simple as "You should support both TURTLE and
> JSON-LD". There are certain sorts of statements that you just can't
> support in TURTLE, and if we were to support TURTLE, we'd need to figure
> out how to express those statements in TURTLE (and may well find
> ourselves down a rat hole). That said, if someone would like to put in
> the work to make the Identity Credentials stuff (including a solution to
> the named graph signatures problem) work in TURTLE, that'd be great.
>
> >> So now we have a fractured identity space for the moment, the
> >> digital bazaar version and the WebID version.  It's a pity, but I
> >> guess that's just what happens when people take views.  It's a bet
> >>  that could work out, imho.
> >
> > The fractured identity space consists of more than just those two
> > technology stacks. It also consists of Facebook Connect, OpenID
> > Connect, G+ login, OpenID 1.0, LTI, SAML, etc.
> >
> > Facebook serves turtle :)
>
> Sure, but the question we should be asking is "How many of Facebook's
> developers use TURTLE?". I'd bet big money on "less than 1%".
>
> > I was just referring to those systems using Linked Data, which from
> > what I can see are Facebook, WebID, Identity Credentials, and maybe
> > some elements of OAuth.  OAuth supports the use of URLs.
>
> Yes, but remember, we need more than just URLs for this stuff.
>
> >> However I've yet to see a profile that is 5 star linked data. That
> >> imho is betting against awww, which is almost certain to be a
> >> losing bet.
> >
> > Why do you think that the Identity Credentials spec proposes
> > something that isn't 5 star Linked Data?
> >
> > Well, this is just from having played around with it a bit and
> > looking at the serializations.  If I had a chance to see a live
> > profile, I'd be able to check, or run it through a validator, such as
> > vapour.
>
> Create a profile, copy the data from https://identus.org/melvin and dump
> it in the JSON-LD playground:
>
> http://json-ld.org/playground/
>
> We don't have content negotiation for the raw JSON-LD document yet (due
> to lack of time to implement it), but we will in time.
>
> It's 5 star Linked Data, and if it's not, that's a bug.
>

Great, let's do some testing and validation on IRC, if you have time.


>
> > What are the scalability issues?
> >
> > Just a suspicion at this point.  Scalability would come into play if
> >  it doesnt pass 5 star linked data validation, because then
> > interoperability can break with existing tooling, perhaps even
> > allowing money to get lost.
>
> Alright, I didn't understand that you were wildly postulating. :P
>
> It's 5 star Linked Data. We're not violating AWWW. You'll have to be
> specific about why you think those two statements are false. :)
>
> -- manu
>
> --
> Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
> Founder/CEO - Digital Bazaar, Inc.
> blog: The Marathonic Dawn of Web Payments
> http://manu.sporny.org/2014/dawn-of-web-payments/
>
>