Re: WebID-ISSUE-46: Signing the profile document [research] from Reto Bachmann-Gmuer on 2011-02-22 (public-xg-webid@w3.org from February 2011)

From: Reto Bachmann-Gmuer <reto.bachmann@trialox.org>
Date: Tue, 22 Feb 2011 17:48:43 +0100
To: "Toeroek, Laszlo (EXT)" <laszlo.toeroek.ext@siemens.com>
Cc: WebID Incubator Group WG <public-xg-webid@w3.org>, WebID Incubator Group Issue Tracker <sysbot+tracker@w3.org>
Message-ID: <AANLkTin=tH-faB08iCK=T7hnZvFBhWtaadKMV5R=yAfz@mail.gmail.com>

On Tue, Feb 22, 2011 at 4:41 PM, Toeroek, Laszlo (EXT) <
laszlo.toeroek.ext@siemens.com> wrote:

>  A few more thoughts spawn by those of Reto:
>
> - Granularity: Signing a signle triple maybe an overkill given the overhead
> the signing adds. Signing in subgraph (a set of triples) however it is done
> seems more viable.
>
The smallest entity that could meaningfully be signed independently of the
ontology used is an rdf molecule (see
http://ebiquity.umbc.edu/paper/html/id/240/). I was thinking at providing
support to sign specific types of assertions (more than a single triple, but
not a free-form (sub)graph)


>
> - Temporal aspect: Should the signing include the point in time the signing
> took place? Or should that be part of the statement? If the latter is
> preferred we need too triples. :)
>
The whole thing should have a date as the signature expresses that the
signer regarded the signed assertion as being true at the moment of signing.

Reto


>  ------------------------------
> *From:* public-xg-webid-request@w3.org [mailto:
> public-xg-webid-request@w3.org] *On Behalf Of *Reto Bachmann-Gmür
> *Sent:* Dienstag, 22. Februar 2011 16:13
> *To:* WebID Incubator Group WG; WebID Incubator Group Issue Tracker
> *Subject:* Re: WebID-ISSUE-46: Signing the profile document [research]
>
>  A few thoughts:
> - should we signg the document (as rdf graph?) or a particular
> representation?
> - If the connection is secure and the server-cert trusted document signing
> isn't needed, if the document is signed we can get profiles over http.
> - Maybe it would be easier and more powerfull to support signing particular
> statements, i.e. Webid-key associations and trust statements. Such signed
> statements could be aggregated and re-published without the document they
> were originally published in.
>
> Reto
>
> ----- Original message -----
> >
> > WebID-ISSUE-46: Signing the profile document [research]
> >
> > http://www.w3.org/2005/Incubator/webid/track/issues/46
> >
> > Raised by: Henry Story
> > On product: research
> >
> >
> > - What use cases would it solve?
> >
> > - How would one sign documents?
> >
> > - How complicated would it be to put in place?
> >
> > - Can one start without signature, and then add information to add
> > signatures later on? Or does one have to find a way of stating that
> > initially?
> >
> >
> >
>
>

Received on Tuesday, 22 February 2011 16:49:22 UTC