- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Fri, 16 Jan 2015 07:56:45 +0100
- To: Manu Sporny <msporny@digitalbazaar.com>, Web Payments <public-webpayments@w3.org>, Credentials Community Group <public-credentials@w3.org>
On 2015-01-16 06:03, Manu Sporny wrote: > Hi all, > > The Linked Data Signatures specification has been extracted from the old > Secure Messaging specification. This was done after it became fairly > clear that most of the people we were showing the specification to > didn't really care about the encryption portions (which we'll extract > into a separate specification later on). We have also received quite a > bit of strong push-back on the "Secure Messaging" name, thus the > re-branding. > Manu, In the spec you write: "The challenge has always been in building an extensible, distributed, Public Key Infrastructure for the Web. This specification details how a decentralized Public Key Infrastructure can be built on top of the Web using Linked Data principles. This system can then be used to easily achieve message extensibility, message verifiability, and dynamic access control to resources on the Web" Although the initial line indeed points to a problem, I have difficulties understanding how the Linked Data Signature spec. is supposed to change that unless we conclude that the core issue really is "only" how to create, publish and discover keys. I thought it had to do with trust and liability as well. Since public keys have no issuer, is the idea that the key repositories act as virtual CAs and HTTPS is used as a binding element? I mean: How is the trust model? Cheers, Anders > For those new to the discussion, in order to do digital > signatures in JSON-LD, we need two specs and a vocabulary: > > 1. The RDF Dataset Normalization spec > 2. The Linked Data Signatures spec > 3. The Security vocabulary > > #2 was a part of the Secure Messaging spec until now. It'll live on its > own from now on. Here's a very rough draft: > > https://web-payments.org/specs/source/ld-signatures/ > > This spec has a preliminary implementation here: > > https://github.com/digitalbazaar/jsonld-signatures > > and an npm and bower package: > > https://www.npmjs.com/package/jsonld-signatures > > -- manu >
Received on Friday, 16 January 2015 06:57:21 UTC