RE: WebID-ISSUE-46: Signing the profile document [research]

A few more thoughts spawn by those of Reto:

- Granularity: Signing a signle triple maybe an overkill given the overhead the signing adds. Signing in subgraph (a set of triples) however it is done seems more viable.

- Temporal aspect: Should the signing include the point in time the signing took place? Or should that be part of the statement? If the latter is preferred we need too triples. :)
________________________________
From: public-xg-webid-request@w3.org [mailto:public-xg-webid-request@w3.org] On Behalf Of Reto Bachmann-Gmür
Sent: Dienstag, 22. Februar 2011 16:13
To: WebID Incubator Group WG; WebID Incubator Group Issue Tracker
Subject: Re: WebID-ISSUE-46: Signing the profile document [research]


A few thoughts:
- should we signg the document (as rdf graph?) or a particular representation?
- If the connection is secure and the server-cert trusted document signing isn't needed, if the document is signed we can get profiles over http.
- Maybe it would be easier and more powerfull to support signing particular statements, i.e. Webid-key associations and trust statements. Such signed statements could be aggregated and re-published without the document they were originally published in.

Reto

----- Original message -----
>
> WebID-ISSUE-46: Signing the profile document [research]
>
> http://www.w3.org/2005/Incubator/webid/track/issues/46
>
> Raised by: Henry Story
> On product: research
>
>
> - What use cases would it solve?
>
> - How would one sign documents?
>
> - How complicated would it be to put in place?
>
> - Can one start without signature, and then add information to add
> signatures later on? Or does one have to find a way of stating that
> initially?
>
>
>