Re: Chartering work has started for a Linked Data Signature Working Group @W3C

Peter F. Patel-Schneider wrote:
> But what happens if I have an RDF dataset that already has a proof node.
> If I sign this dataset it appears to me that my signature will not be
> verifiable because my signature will be tried against the RDF dataset with
> all proof nodes removed, which is not what I signed.

It depends on how you intend to sign the RDF Dataset.

If you sign it as a set-based signature (which is the default), all proof
nodes are removed, the RDF Dataset and signature options are hashed, and a new
signature is generated. Software libraries might either just return the
signature or provide convenience functions to add the new signature to the
signature that existed before the document was signed. When verifying, ALL of
these signatures in the set need to verify for the call to verify() to return
true.

If you sign it as a chain-based signature (which has not been implemented, to
my knowledge, except in some experiments here and there), the proof node is
NOT removed, the data and signature options are hashed, and a new signature is
added to the CHAIN of signatures in the object. If there was a pre-existing
set, that would be signed OR the WG might determine that you can either do set
signatures or chained signatures, but not both. There are advantages and
disadvantages to mixing sets and chains of signatures.

-- manu

-- 
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
blog: Veres One Decentralized Identifier Blockchain Launches
https://tinyurl.com/veres-one-launches

Received on Thursday, 3 June 2021 20:31:54 UTC