- From: Harry Halpin <hhalpin@ibiblio.org>
- Date: Mon, 31 Aug 2020 22:13:49 +0200
- To: Semantic Web <semantic-web@w3.org>
- Message-ID: <CAE1ny+5j8wrCPJYk_OhGJ0Tjgsce1XkHqjLAWmPm-XFpi=btzA@mail.gmail.com>
I am reading the W3C Verified Credentials Data Model, and I'm noticing
there's not a W3C Verified Credentials Syntax (
https://www.w3.org/TR/vc-data-model/#syntaxes). Instead, there is JSON and
JWT, JSON-LD, perhaps with LD Proofs. The obvious problem is that you
cannot specify a cryptographic signature scheme unless you have a concrete
bytestring you are signing (you usually have to hash the message to sign).
So, its quite unclear what it means to "sign" a graph unless you have a
single version of the graph as *bytes*.
There's a Community Specification called "RDF Dataset Normalization":
http://json-ld.github.io/normalization/spec/
However, it does not actually specify a syntax, just a graph normalization
algorithm (which is unclear if it actually works, usually you need proofs
for these sorts of things).
Second, there is Linked Data Proofs, which also does not actually seem to
feature a way to convert arbitrary linked data graphs to bytes and is also
not normative.
https://w3c-ccg.github.io/ld-proofs/
Perhaps this is just a solved problem, but given that the usage of
signatures in Verified Credentials requires getting this right (see the
various attacks on XML DSIG), I'd like to know if 1) there is a normative
normalization to bytes of RDF graphs and 2) If it has some proofs or real
interoperability, not just a JS library.
thanks,
harry
Received on Monday, 31 August 2020 20:14:14 UTC