Re: Thoughts on the LDS WG chartering discussion

On Fri, Jun 11, 2021 at 06:17:52PM +0100, Dan Brickley wrote:
> On Fri, 11 Jun 2021 at 17:13, Manu Sporny <msporny@digitalbazaar.com> wrote:
> 
> > Dan Brickley wrote:
> > > <file:/dev/🦖/RGMv1> rdf:value “hex sequence here” ^wikidata:Q5153426 .
> >
> > You've just described what Hashlinks do:
> >
> > https://datatracker.ietf.org/doc/html/draft-sporny-hashlink-07
> >
> > Which we could use to generate triples of the form:
> >
> > <hl:zQmWvQxTqbG2Z9HPJgG57jjwR154cKhbtJenbyYTWkjgF3e>
> >   schema:contentURL
> >     <https://rgm.example/file.txt> .
> >
> > Or
> >
> > <https://rgm.example/file.txt>
> >   sec:digest
> >     "QmWvQxTqbG2Z9HP7...btJenbyYTWkjgF3e"^sec:multihash
> >
> > and then we could canonicalize those using RDH (there is a "simple
> > canonicalization" path in the algorithm when you don't have blank nodes to
> > contend with) and then express the signature using LDP and LDV.
> >
> > Doing so is fairly trivial, but doesn't address many of use cases listed in
> > the LDS WG Charter.
> >
> > If we put that in scope, Dan, would you be in favour of the charter? If we
> > do,
> > we should do that without poking XML Digital Signatures in the eye and
> > opening
> > all of those old wounds.
> 
> 
> Yeah, after sending it, I realized we also have data:URIs from 1996, which
> do much of the work too.
> 
> https://datatracker.ietf.org/doc/rfc2397/
> 
> I appreciate your absolutely natural wariness of old wounds and the
> daunting heritage of XML Signature. But we do all seem to agree that the
> are a few options for trivial transformations that bring non-RDF content
> into an RDF form suitable for Linked Data Signing.
> 
> I can believe that a new WG might not want to go anywhere near XML
> Signature. I do believe W3C team, TAG and AC as a body and AC reps

IMO, the reason for this charter not to go anywhere near XML DSig is
that it ain't broke (and we'd re-stage the XML vs. RDF wars, possibly
with an additional JSON army coming in to slaughter their weakened
ranks).

> individually have some responsibility to weigh these tradeoffs. W3C can’t
> afford to make many new frameworks for signing web content, so if this one
> is (like XML Signature) something that can sign any content but is named
> after the format its workings are written in, we ought to make that clear
> to AC in the charter.

Somehting like this?:
[[
RDF Signatures can include Hashlinks or data: IRIs, as well as RDF
Literals quoting signed text. In this regard, RDF Signatures can be
used to sign non-RDF content, either by inclusion or by reference.
]]


> There are two reasons this work has “Linked Data” in the name. One is the
> special attention it gives to making RDF more usefully content hashable and
> signable, and the other is that its own data is expressed in RDF.
> 
> Can we tease these two aspects apart a little? The former is just useful to
> get done for RDF folks regardless of signature, … but the latter piece
> (which is applicable, we agree, to all content) does seem to have the
> ingredients for being a modern successor to some subset of the
> sign-any-web-content goals of XML Signature, and perhaps browser / web
> platform usecases too. That is territory where people may be alienated by
> the commitment to RDF, of course. But it is also potentially a route to
> much greater impact for this work.

I tried to clarify the second aspect in this line:
<https://github.com/w3c/lds-wg-charter/pull/73/files#diff-0eb547304658805aad788d320f10bf1f292797b5e6d745a3bf617584da017051R320>.

I would still like something so explicit to replace "The Working Group
will define a framework" because "framework" doesn't tell me what it
is, or even whether it's a program or a data structure. @danbri, do
you want to noodle on some wording? (I feel like text should be
minimal; the previous paragraph about OWA and arbitrarily-large graphs
states the obvious in a way that edit-by-committee tends to do.)


> Dan
> 
> 
> >
> > -- manu
> >
> > --
> > Manu Sporny - https://www.linkedin.com/in/manusporny/
> > Founder/CEO - Digital Bazaar, Inc.
> > News: Digital Bazaar Announces New Case Studies (2021)
> > https://www.digitalbazaar.com/
> >
> >
> >

Received on Saturday, 12 June 2021 16:10:05 UTC