Re: Chartering work has started for a Linked Data Signature Working Group @W3C

Gregg,

I do not think there is any disagreement on the intentions, but I struggle to see what changes are necessary on the charter.

- At the moment, JSON-LD and/or the context file are referred to:

 - in the mission statement as part of a 'such as' list, alongside TriG and N-Quads.
 - A part of the LD Security Vocabulary deliverable: "The specification may also define one or more JSON-LD Context documents that may be used by a JSON-LD serialization."
 - A part of a non-normative deliverable (ie, a WG Note) saying "In particular, the potential security issues related to the usage of remote JSON-LD Context documents in the context of Linked Data integrity should be addressed."

Removing the mention of the context in the second point above is of course possible, but even in the current formulation it is a 'may' statement.

Any change you could propose?

I am really afraid that the problems people are having with the charter is more a suspicion on the intends of some people rather than what the charter really says…

Ivan


[1] https://w3c.github.io/lds-wg-charter/

> On 5 Jun 2021, at 21:11, Gregg Kellogg <gregg@greggkellogg.net> wrote:
> 
> The charter does mention various RDF serialization formats, and calls out the role of a JSON-LD Context, in particular. I think we should make it clear that the basis of the work is on the RDF Abstract Syntax, with serializations used as examples. Typically, these are written in Turtle/TriG as a well-understood representation, but it’s entirely appropriate to have some written in other serialization formats, or even allow a choice to view examples in different formats, or in non-normative sections on concrete syntaxes.
> 
> Securing a JSON-LD context should not be a direct focus of this group, but it does point to work needed elsewhere. At the time, in the JSON-LD WG, the proposed hashlink URL scheme [1] looked like it would address this generically, and could be used to solve the issue of referencing quite specific versions of remote resources such as JSON-LD contexts and frames, which is part of the reason the group deferred action on adding anything explicitly for context integrity.
> 
> The Linked Data Security Vocabulary, of necessity, does focus on vocabulary definitions in concrete syntaxes, and JSON-LD Contexts are commonly considered to be part of such vocabulary definitions.
> 
> Otherwise, I would say that format-specific considerations should be left to non-normative notes and best practice documents. Of course, other groups may create their own normative documents, based on recommendations emerging from this group, that define some format-specific requirements, is is done with VCs, for example.
> 
> If we can restrict the focus of the group, as much as possible, to dealing with abstract RDF datasets, we may be able to narrow the discussion sufficiently to find common ground.
> 
> Gregg
> 
> [1] https://datatracker.ietf.org/doc/html/draft-sporny-hashlink-07 <https://datatracker.ietf.org/doc/html/draft-sporny-hashlink-07>
> 
> 


----
Ivan Herman, W3C 
Home: http://www.w3.org/People/Ivan/
mobile: +33 6 52 46 00 43
ORCID ID: https://orcid.org/0000-0003-0782-2704

Received on Sunday, 6 June 2021 09:13:12 UTC