Re: canonical RDF graph representations

>>>>> Dave Reynolds <> writes:
>>>>> On Tue, 2011-03-01, Peter Frederick Patel-Schneider wrote:


 >> This thrust for a canonical serialization puzzles me.  What problem
 >> would a canonical serialization solve?

 > The argument I've heard before is that if you want to sign an RDF
 > graph (as opposed to a specific serialization of that graph) then a
 > good way of doing that is to sign a canonical serialization.

 > There are at least two weaknesses in that argument, neither fatal.

 > First, it is possible to sign a graph without canonical ordering by
 > using a set hash [1].

 Actually, that one depends on a canonical representation just as
 well!  The algorithm suggested allows for the hash to be
 computed irrespective of the /order/ of the triples, yet it
 assumes that both the hashing and verifying party have some
 canonical representations for the triples themselves.

 (Definitely one of the must read papers to anyone interested in
 RDF hashing, BTW.)

 > Second, in some applications you don't actually need to sign the graph
 > but could sign a particular serialization.

 Yes, but this leads to specific burden on tracking these
 serializations, if — and that's one of the points of having
 digital signatures — the authenticity of information would have
 to be proven to a third party.

 > Dave

 > [1]

FSF associate member #7257

Received on Tuesday, 1 March 2011 14:17:09 UTC