Re: Signature in Wrong Position

> On 19 Jan 2016, at 14:09, Dave Longley <dlongley@digitalbazaar.com> wrote:
> 
> On 01/18/2016 04:49 PM, Henry Story wrote:
>> Dave, Otto,
>> 
>>  thanks for those replies. So it seems that this was a design decision
>> due to limitations of formats. I tend to work in N3, the format TimBl
>> put together over 10 years ago, that contains rules, paths and graphs.
>> 
>> https://www.w3.org/2000/10/swap/Primer
>> https://www.w3.org/TeamSubmission/n3/
>> 
>> There it is quite easy to write out a signature for a graph. In that notation
>> anyting inside { } denotes a graph. So one would just write.
>> 
>> { <> :title "Hello World" . } :signature [
>>    a :LinkedDataSignature2015;
>>    :creator <http://example.com/i/pat/keys/5>;
>>    :created" 2011-09-23T20:21:34Z;
>>    :domain "example.org";
>>    :nonce "2bbgh3dgjg2302d-d2b3gi423d42";
>>    :signatureValue "OGQzNGVkMzVm4NTIyZTkZDYMmMzQzNmExMgoYzI43Q3ODIyOWM32NjI="
>> ] .
>> 
>> This shows that one can have a signature external to the graph, and yet
>> have a very readable format, where the graph is not considered has a
>> base64 encoded string.
>> 
>> One can also have any number of such graphs in one file.
>> 
>> But it is true that this won't work so nicely for RDFa or Turtle graphs,
>> though in that case the Link header relation I proposed earlier would also
>> do ( note that Link headers are also outside of the content ).
>> 
>> Still it seems that this is not that easy to do with json ld...
> 
> Same thing in JSON-LD:
> 
> {
>  "@context": ...,
>  "@graph": {
>    "title": "Hello World"
>  },
>  "signature": {
>    "type": "LinkedDataSignature2015",
>    "creator": "http://example.com/i/pat/keys/5",
>    "created": "2011-09-23T20:21:34Z",
>    "domain": "example.org",
>    "nonce": "2bbgh3dgjg2302d-d2b3gi423d42",
>    "signatureValue": "OGQzNGVkMzVm4NTIyZTkZDYMmMzQzNmExMgoYzI43Q3ODIyOWM32NjI="
>  }
> }

So perhaps this points then to a nice compromise:
 if the signature relation is external to the graph of which it is a signature,
 one no longer needs to remove the signature relations from the graph,
 else ( if it is internal to the graph ) proceed as specified now.

Would that work?

Then one could show both options, and the first one would be useful for
people who cared just a notch more about efficiency.

Henry


> 
>> 
>> 
>>> On 18 Jan 2016, at 01:36, Dave Longley <dlongley@digitalbazaar.com> wrote:
>>> 
>>> On 01/17/2016 07:55 AM, Henry Story wrote:
>>>> I was looking at the Linked Data Signatures document
>>>> 
>>>> https://web-payments.org/specs/source/ld-signatures/
>>>> 
>>>> I am not sure if this is the right list to discuss this.
>>>> 
>>>> I am really keen to have something like this to work, and I like most
>>>> of it off the bat. But looking a bit closer I noticed what I think is
>>>> a serious error that has an easy fix though.
>>>> 
>>>> The mistake is to put the signature *inside* the graph.
>>> 
>>> I don't have time to respond further, but I will when I do. This was a
>>> design decision, not a mistake. Originally, it had to do with the
>>> inability to express named graphs in RDFa. Subsequently, it was related
>>> to a desire to hide as much unfamiliarity with graph technology from Web
>>> developers as possible whilst still providing people with a signature
>>> mechanism.
>>> 
>>> All that being said, there's no reason why you can't bundle things up in
>>> a graph before signing them, for example:
>>> 
>>> {
>>>  "someOtherMetaData": { ... },
>>>  "someProperty": {
>>>    "@graph": { core data }
>>>  },
>>>  "signature": { ... }
>>> }
>>> 
>>> This is the approach taken in the Identity Credentials work, where an
>>> Identity can possess credentials, each stored as a signed graph itself
>>> -- and you can sign the entire Identity as well, whilst maintaining the
>>> integrity of the signed credentials.
>>> 
>>> 
>>> --
>>> Dave Longley
>>> CTO
>>> Digital Bazaar, Inc.
>> 
> 
> 
> -- 
> Dave Longley
> CTO
> Digital Bazaar, Inc.
> http://digitalbazaar.com

Received on Monday, 25 January 2016 21:55:31 UTC