- From: Dave Longley <dlongley@digitalbazaar.com>
- Date: Sun, 17 Jan 2016 20:36:40 -0500
- To: Henry Story <henry.story@bblfish.net>, Web Payments <public-webpayments@w3.org>
On 01/17/2016 07:55 AM, Henry Story wrote:
> I was looking at the Linked Data Signatures document
>
> https://web-payments.org/specs/source/ld-signatures/
>
> I am not sure if this is the right list to discuss this.
>
> I am really keen to have something like this to work, and I like most
> of it off the bat. But looking a bit closer I noticed what I think is
> a serious error that has an easy fix though.
>
> The mistake is to put the signature *inside* the graph.
I don't have time to respond further, but I will when I do. This was a
design decision, not a mistake. Originally, it had to do with the
inability to express named graphs in RDFa. Subsequently, it was related
to a desire to hide as much unfamiliarity with graph technology from Web
developers as possible whilst still providing people with a signature
mechanism.
All that being said, there's no reason why you can't bundle things up in
a graph before signing them, for example:
{
"someOtherMetaData": { ... },
"someProperty": {
"@graph": { core data }
},
"signature": { ... }
}
This is the approach taken in the Identity Credentials work, where an
Identity can possess credentials, each stored as a signed graph itself
-- and you can sign the entire Identity as well, whilst maintaining the
integrity of the signed credentials.
--
Dave Longley
CTO
Digital Bazaar, Inc.
Received on Monday, 18 January 2016 01:37:07 UTC