- From: Dave Longley <dlongley@digitalbazaar.com>
- Date: Tue, 19 Jan 2016 09:09:08 -0500
- To: Henry Story <henry.story@bblfish.net>
- Cc: Web Payments <public-webpayments@w3.org>, Nate Otto <nate@ottonomy.net>, Anders Rundgren <anders.rundgren.net@gmail.com>
On 01/18/2016 04:49 PM, Henry Story wrote:
> Dave, Otto,
>
> thanks for those replies. So it seems that this was a design decision
> due to limitations of formats. I tend to work in N3, the format TimBl
> put together over 10 years ago, that contains rules, paths and graphs.
>
> https://www.w3.org/2000/10/swap/Primer
> https://www.w3.org/TeamSubmission/n3/
>
> There it is quite easy to write out a signature for a graph. In that notation
> anyting inside { } denotes a graph. So one would just write.
>
> { <> :title "Hello World" . } :signature [
> a :LinkedDataSignature2015;
> :creator <http://example.com/i/pat/keys/5>;
> :created" 2011-09-23T20:21:34Z;
> :domain "example.org";
> :nonce "2bbgh3dgjg2302d-d2b3gi423d42";
> :signatureValue "OGQzNGVkMzVm4NTIyZTkZDYMmMzQzNmExMgoYzI43Q3ODIyOWM32NjI="
> ] .
>
> This shows that one can have a signature external to the graph, and yet
> have a very readable format, where the graph is not considered has a
> base64 encoded string.
>
> One can also have any number of such graphs in one file.
>
> But it is true that this won't work so nicely for RDFa or Turtle graphs,
> though in that case the Link header relation I proposed earlier would also
> do ( note that Link headers are also outside of the content ).
>
> Still it seems that this is not that easy to do with json ld...
Same thing in JSON-LD:
{
"@context": ...,
"@graph": {
"title": "Hello World"
},
"signature": {
"type": "LinkedDataSignature2015",
"creator": "http://example.com/i/pat/keys/5",
"created": "2011-09-23T20:21:34Z",
"domain": "example.org",
"nonce": "2bbgh3dgjg2302d-d2b3gi423d42",
"signatureValue":
"OGQzNGVkMzVm4NTIyZTkZDYMmMzQzNmExMgoYzI43Q3ODIyOWM32NjI="
}
}
>
>
>> On 18 Jan 2016, at 01:36, Dave Longley <dlongley@digitalbazaar.com> wrote:
>>
>> On 01/17/2016 07:55 AM, Henry Story wrote:
>>> I was looking at the Linked Data Signatures document
>>>
>>> https://web-payments.org/specs/source/ld-signatures/
>>>
>>> I am not sure if this is the right list to discuss this.
>>>
>>> I am really keen to have something like this to work, and I like most
>>> of it off the bat. But looking a bit closer I noticed what I think is
>>> a serious error that has an easy fix though.
>>>
>>> The mistake is to put the signature *inside* the graph.
>>
>> I don't have time to respond further, but I will when I do. This was a
>> design decision, not a mistake. Originally, it had to do with the
>> inability to express named graphs in RDFa. Subsequently, it was related
>> to a desire to hide as much unfamiliarity with graph technology from Web
>> developers as possible whilst still providing people with a signature
>> mechanism.
>>
>> All that being said, there's no reason why you can't bundle things up in
>> a graph before signing them, for example:
>>
>> {
>> "someOtherMetaData": { ... },
>> "someProperty": {
>> "@graph": { core data }
>> },
>> "signature": { ... }
>> }
>>
>> This is the approach taken in the Identity Credentials work, where an
>> Identity can possess credentials, each stored as a signed graph itself
>> -- and you can sign the entire Identity as well, whilst maintaining the
>> integrity of the signed credentials.
>>
>>
>> --
>> Dave Longley
>> CTO
>> Digital Bazaar, Inc.
>
--
Dave Longley
CTO
Digital Bazaar, Inc.
http://digitalbazaar.com
Received on Tuesday, 19 January 2016 14:09:35 UTC