W3C home > Mailing lists > Public > public-xg-webid@w3.org > February 2011

Re: Web Object Encryption and Signing (WOES) at IETF

From: Henry Story <henry.story@bblfish.net>
Date: Fri, 18 Feb 2011 11:25:36 +0100
Cc: "nathan@webr3.org" <nathan@webr3.org>, Peter Saint-Andre <stpeter@stpeter.im>, WebID Incubator Group WG <public-xg-webid@w3.org>
Message-Id: <72391CA0-27C1-4C34-B625-5B644AFBF2E4@bblfish.net>
To: Peter Williams <home_pw@msn.com>

On 18 Feb 2011, at 11:01, Peter Williams wrote:

> Seem two ways to approach it: just as there exist encoding rules to code asn1 abstract values (in cert type) as XML, there could be code to json, instead. or, a native structure is defined in json, assuming it can be canonicalized.

The simplest way to add a public key in json, is specify some public key struct and to 
specify the modulus and exponent. 

{ "a": "foaf:Person",
  "foaf:name": "Jack",
  "webids": [ "http://example.com/#me" ]
  "publicKeys": [ { "a": "rsa:RSAPublicKey",
                 "modulus": "..."
                 "exponent": "..." } ]

Anyway, I am not JSON expert. There are JSON Rdf notations. 
If not that one should tie the above to a JSON GRDDL


So that we can work with multiple formats without all needing to know the details of every
persons syntactic, notational preferences.

> A third approach does exist. A very minimal der-encoded cert exists, with 1string extension: some json with native coding of xyz control system (eg pkix). H.p and I once suggested this, where JavaScript was used rather than json values. it was laughed at, at the time (when pki was at it's zenith).

That is the wrong solution. To add DER into JSON, is to think that DER has some special magic about it.
The only place where DER is good, is in signing. But as it happens, we don't need to sign anything here, and if signing were to be useful it would be for the whole JSON. To go down to DER because of its signing capacity is very masochistic.

If you really want ASN.1 formats, I suggest someone spend time working on an ASN.1 GRDDL. That would allow any new format of ASN.1 to be converted to work with everything else. Though I think we may need the semweb to adopt named graphs more clearly.

> On Feb 17, 2011, at 2:34 PM, Nathan <nathan@webr3.org> wrote:
>> Peter Saint-Andre wrote:
>>> Dear WebID folks,
>>> Given the discussions here about simplifying the representation of
>>> public keys, you might want to know that some IETF participants have
>>> established a dedicated email list for discussion about requirements and
>>> potential implementation of JSON to provide security services for
>>> Web-based applications. You can subscribe here:
>>> https://www.ietf.org/mailman/listinfo/woes
>>> In addition, an informal side meeting is planned for this topic at IETF
>>> 80 in Prague during the week of March 28.
>> wonderful, and good to see all the sec groups getting pinged about it, we (over in this xg) should definitely keep tabs and be as involved as we can - imo of course.
>> Cheers Peter,
>> Nathan

Social Web Architect
Received on Friday, 18 February 2011 10:26:18 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:39:41 UTC