W3C home > Mailing lists > Public > semantic-web@w3.org > May 2021

Re: Chartering work has started for a Linked Data Signature Working Group @W3C

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Tue, 4 May 2021 10:39:41 -0400
To: Dan Brickley <danbri@google.com>, Phil Archer <phil.archer@gs1.org>
Cc: Ivan Herman <ivan@w3.org>, Dan Brickley <danbri@danbri.org>, Aidan Hogan <aidhog@gmail.com>, Pierre-Antoine Champin <pierre-antoine@w3.org>, Ramanathan Guha <guha@google.com>, semantic-web <semantic-web@w3.org>
Message-ID: <e628a412-0b89-692a-8739-e5fcc0303ecc@digitalbazaar.com>
On 5/4/21 10:01 AM, Dan Brickley wrote:
> For now I'd just add: let's not wait until the WG is chartered before 
> clarifying usecases - the lack of these may be why there's apparently 
> disagreement amongst the works primary advocates on what is in vs out of
> scope.

Dan, have you seen the current set of use cases?



Speaking as one of the Editors of the input specifiations... As a related
aside, and at the risk of completely derailing this thread, it is possible to
use the Linked Data Signatures specification to sign data payloads that are
Linked Data but are not RDF.

The Linked Data Signatures signing algorithm consists of 4 phases:

1. Canonicalization of input data
2. Cryptographic hashing
3. Digitally signing
4. Expressing the signature

RDF really only comes into play in steps #1 and #4... and it's possible for it
to not come into play at all.

For example, you can use JCS[1] to canonicalize in step #1, and simple
key-values to express the signature in #4. Workday and Microsoft do this today
with one of their Linked Data Cryptosuites.

Now, do I think this is a good idea -- no, I'm not too keen on it; but
enabling others to put forward alternatives based upon a standard is useful.

Should the WG prioritize this aspect of Linked Data Signatures -- no, we
should get the RDF bits right.

This is why we chose the "Linked Data" moniker... because it's not entirely
about RDF... we have folks that don't like RDF that do use JSON-LD (and seem
to like it). Saying that the output of the WG is *only* about RDF would
alienate a significant part of that community... and it would also be
technically incorrect.

Now, all that said -- we should have a razor sharp focus on getting the RDF
bits right, because that's what most of the supporters of the Charter need.
Simultaneously, we shouldn't do anything to prevent these non-RDF (but still
"Linked Data") use cases... and that's the concern w/ stripping all the
"Linked Data" language out of the charter.

It does feel like we're all on the same page here wrt. focus -- we don't want
a perma-WG... we want something specific that's highly focused.
Simultaneously, we don't want the future non-RDF stuff to suffer just because
people were under the mistaken impression that Linked Data Signatures ONLY
works for RDF inputs.

-- manu


Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
blog: Veres One Decentralized Identifier Blockchain Launches
Received on Tuesday, 4 May 2021 14:40:05 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 4 May 2021 14:40:06 UTC