W3C home > Mailing lists > Public > semantic-web@w3.org > June 2021

Re: Chartering work has started for a Linked Data Signature Working Group @W3C

From: Dan Brickley <danbri@danbri.org>
Date: Fri, 4 Jun 2021 16:57:13 +0100
Message-ID: <CAFfrAFprQBjEev19DkeOHBfwGbkzUdWYZD-EcFThLCEEaAMXmA@mail.gmail.com>
To: Ivan Herman <ivan@w3.org>
Cc: Manu Sporny <msporny@digitalbazaar.com>, semantic-web@w3.org
On Fri, 4 Jun 2021 at 16:32, Ivan Herman <ivan@w3.org> wrote:

> On 4 Jun 2021, at 16:16, Dan Brickley <danbri@danbri.org> wrote:
> That does sound really really bad. Perhaps the WG charter should cover
> only use of self-contained Linked Data / RDF format, eg Turtle/TRiG? And
> then try to secure hypertext / multi-stakeholder RDF syntaxes (json-ld,
> grddl, ...) as a stretch goal rather than core business?
> Dan,
> I do not understand what you mean. What do you mean by "multi stakeholder
> RDF Syntax" that seems to characterize JSON-LD as opposed to Turtle or
> RDF/XML? This is the first time I meet this type of expression with regards
> to RDF syntaxes. In view, JSON-LD is not fundamentally different from
> Turtle or RDF/XML.

Ralph Swick was very clear about this in the 1997 RDF Model and Syntax WG.
That an RDF document (given a base URI) should unambiguously determine the
triples/graph, without the content of the resulting graph depending on
pulling in code from other parties over potentially unreliable connections.
RDF/XML, Turtle, N3, RDFa etc meet that criteria...

“Multi-stakeholder” is new terminology intended to capture the idea that
the RDF your document maps to is a result of your collaboration with the
parties controlling any remote contexts it references. And that this is
recursive and dynamic; parsers without the right context data won’t know
what to emit.

> I suspect you are referring to the problems that arise with the context
> file, although I am not sure why that is a "multi stakeholder syntax"

Correct - it is multi-stakeholder because the meaningful graph that others
will extract from parsing your document is out of your sole control, if you
reference external contexts. Changes to those contexts can radically
reshape the triples that some json-ld parses to. This is different to
merely referencing external IDs and vocabulary; the exposure goes much
deeper, and is under appreciated.

- but we have already made a change on the charter by making it explicit
> that the WG will deal with the specific context issue separately, see
> https://w3c.github.io/lds-wg-charter/#ig-other-deliverables

That is interesting, and progress, but these discussions seem still to
presuppose JSON-LD is the best and focal foundation for signed Linked Data;
Manu’s warning suggests instead it may be amongst the least appropriate.

(I have heard related concerns from a W3C RDF/SW etc team member who I
trust on such issues but don’t want to embarrass by naming.)

I don’t say this lightly. I am responsible for a JSON-LD context document
referenced by many millions of sites. I fear that the most security
literate reviewers of the charter we’re discussing may not be aware of this
aspect of how JSON-LD works. JSON-LD is a good thing for the web, great
even, but as the primary focus for an RDF data signature ecosystem it has
*massive* downsides too.


> Ivan
> P.S. We can forget about GRDDL, which I would not call a a syntax.

Sure, but it is a deployment strategy, albeit failed. Another somewhat more
popular is having js load and add markup to a live html dom.

> Dan
>> -- manu
>> --
>> Manu Sporny - https://www.linkedin.com/in/manusporny/
>> Founder/CEO - Digital Bazaar, Inc.
>> blog: Veres One Decentralized Identifier Blockchain Launches
>> https://tinyurl.com/veres-one-launches
> ----
> Ivan Herman, W3C
> Home: http://www.w3.org/People/Ivan/
> mobile: +33 6 52 46 00 43
> ORCID ID: https://orcid.org/0000-0003-0782-2704
Received on Friday, 4 June 2021 15:59:28 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 08:46:08 UTC