- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Thu, 3 Jun 2021 16:30:17 -0400
- To: semantic-web@w3.org
Peter F. Patel-Schneider wrote: > But what happens if I have an RDF dataset that already has a proof node. > If I sign this dataset it appears to me that my signature will not be > verifiable because my signature will be tried against the RDF dataset with > all proof nodes removed, which is not what I signed. It depends on how you intend to sign the RDF Dataset. If you sign it as a set-based signature (which is the default), all proof nodes are removed, the RDF Dataset and signature options are hashed, and a new signature is generated. Software libraries might either just return the signature or provide convenience functions to add the new signature to the signature that existed before the document was signed. When verifying, ALL of these signatures in the set need to verify for the call to verify() to return true. If you sign it as a chain-based signature (which has not been implemented, to my knowledge, except in some experiments here and there), the proof node is NOT removed, the data and signature options are hashed, and a new signature is added to the CHAIN of signatures in the object. If there was a pre-existing set, that would be signed OR the WG might determine that you can either do set signatures or chained signatures, but not both. There are advantages and disadvantages to mixing sets and chains of signatures. -- manu -- Manu Sporny - https://www.linkedin.com/in/manusporny/ Founder/CEO - Digital Bazaar, Inc. blog: Veres One Decentralized Identifier Blockchain Launches https://tinyurl.com/veres-one-launches
Received on Thursday, 3 June 2021 20:31:54 UTC