Re: Signature in Wrong Position from Henry Story on 2016-01-18 (public-webpayments@w3.org from January 2016)

From: Henry Story <henry.story@bblfish.net>
Date: Mon, 18 Jan 2016 21:49:20 +0000
To: Dave Longley <dlongley@digitalbazaar.com>
Cc: Web Payments <public-webpayments@w3.org>, Nate Otto <nate@ottonomy.net>, Anders Rundgren <anders.rundgren.net@gmail.com>
Message-Id: <B121F770-A929-4418-B344-247A521AEDE6@bblfish.net>

Dave, Otto, 

 thanks for those replies. So it seems that this was a design decision
due to limitations of formats. I tend to work in N3, the format TimBl
put together over 10 years ago, that contains rules, paths and graphs.

https://www.w3.org/2000/10/swap/Primer
https://www.w3.org/TeamSubmission/n3/

There it is quite easy to write out a signature for a graph. In that notation
anyting inside { } denotes a graph. So one would just write.

{ <> :title "Hello World" . } :signature [
   a :LinkedDataSignature2015;
   :creator <http://example.com/i/pat/keys/5>;
   :created" 2011-09-23T20:21:34Z;
   :domain "example.org";
   :nonce "2bbgh3dgjg2302d-d2b3gi423d42";
   :signatureValue "OGQzNGVkMzVm4NTIyZTkZDYMmMzQzNmExMgoYzI43Q3ODIyOWM32NjI="
] .

This shows that one can have a signature external to the graph, and yet
have a very readable format, where the graph is not considered has a 
base64 encoded string.

One can also have any number of such graphs in one file.

But it is true that this won't work so nicely for RDFa or Turtle graphs,
though in that case the Link header relation I proposed earlier would also
do ( note that Link headers are also outside of the content ).

Still it seems that this is not that easy to do with json ld...

> On 18 Jan 2016, at 01:36, Dave Longley <dlongley@digitalbazaar.com> wrote:
> 
> On 01/17/2016 07:55 AM, Henry Story wrote:
>> I was looking at the Linked Data Signatures document
>> 
>> https://web-payments.org/specs/source/ld-signatures/
>> 
>> I am not sure if this is the right list to discuss this.
>> 
>> I am really keen to have something like this to work, and I like most
>> of it off the bat. But looking a bit closer I noticed what I think is
>> a serious error that has an easy fix though.
>> 
>> The mistake is to put the signature *inside* the graph.
> 
> I don't have time to respond further, but I will when I do. This was a
> design decision, not a mistake. Originally, it had to do with the
> inability to express named graphs in RDFa. Subsequently, it was related
> to a desire to hide as much unfamiliarity with graph technology from Web
> developers as possible whilst still providing people with a signature
> mechanism.
> 
> All that being said, there's no reason why you can't bundle things up in
> a graph before signing them, for example:
> 
> {
>  "someOtherMetaData": { ... },
>  "someProperty": {
>    "@graph": { core data }
>  },
>  "signature": { ... }
> }
> 
> This is the approach taken in the Identity Credentials work, where an
> Identity can possess credentials, each stored as a signed graph itself
> -- and you can sign the entire Identity as well, whilst maintaining the
> integrity of the signed credentials.
> 
> 
> -- 
> Dave Longley
> CTO
> Digital Bazaar, Inc.

Received on Monday, 18 January 2016 21:49:52 UTC