Re: Chartering work has started for a Linked Data Signature Working Group @W3C from Eric Prud'hommeaux on 2021-05-04 (semantic-web@w3.org from May 2021)

From: Eric Prud'hommeaux <eric@w3.org>
Date: Tue, 4 May 2021 19:13:23 +0200
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: Dan Brickley <danbri@google.com>, Phil Archer <phil.archer@gs1.org>, Ivan Herman <ivan@w3.org>, Dan Brickley <danbri@danbri.org>, Aidan Hogan <aidhog@gmail.com>, Pierre-Antoine Champin <pierre-antoine@w3.org>, Ramanathan Guha <guha@google.com>, semantic-web <semantic-web@w3.org>
Message-ID: <20210504171323.GK7506@w3.org>

On Tue, May 04, 2021 at 10:39:41AM -0400, Manu Sporny wrote:
> On 5/4/21 10:01 AM, Dan Brickley wrote:
> > For now I'd just add: let's not wait until the WG is chartered before 
> > clarifying usecases - the lack of these may be why there's apparently 
> > disagreement amongst the works primary advocates on what is in vs out of
> > scope.
> 
> Dan, have you seen the current set of use cases?
> 
> https://w3c.github.io/lds-wg-charter/explainer.html#usage
> 
> ------------------------
> 
> Speaking as one of the Editors of the input specifiations... As a related
> aside, and at the risk of completely derailing this thread, it is possible to
> use the Linked Data Signatures specification to sign data payloads that are
> Linked Data but are not RDF.
> 
> The Linked Data Signatures signing algorithm consists of 4 phases:
> 
> 1. Canonicalization of input data
> 2. Cryptographic hashing
> 3. Digitally signing
> 4. Expressing the signature
> 
> RDF really only comes into play in steps #1 and #4... and it's possible for it
> to not come into play at all.

Isn't the same true of XML dsig (or any other canonicalized signature stack)?

> For example, you can use JCS[1] to canonicalize in step #1, and simple
> key-values to express the signature in #4. Workday and Microsoft do this today
> with one of their Linked Data Cryptosuites.
> 
> Now, do I think this is a good idea -- no, I'm not too keen on it; but
> enabling others to put forward alternatives based upon a standard is useful.

I don't think a WG should foster much creativity. WG's need tight
charters to get something out the door fast enough to be useful. W3C
typically spends a lot of time wordsmithing that to make sure that
companies know what they're signing up for WRT patent disclosures and
engineer commitments.

> Should the WG prioritize this aspect of Linked Data Signatures -- no, we
> should get the RDF bits right.
> 
> This is why we chose the "Linked Data" moniker... because it's not entirely
> about RDF... we have folks that don't like RDF that do use JSON-LD (and seem
> to like it). Saying that the output of the WG is *only* about RDF would
> alienate a significant part of that community... and it would also be
> technically incorrect.

What conversations would it reallistically stifle and are those
conversations that should happen in a WG?

> Now, all that said -- we should have a razor sharp focus on getting the RDF
> bits right, because that's what most of the supporters of the Charter need.
> Simultaneously, we shouldn't do anything to prevent these non-RDF (but still
> "Linked Data") use cases... and that's the concern w/ stripping all the
> "Linked Data" language out of the charter.
> 
> It does feel like we're all on the same page here wrt. focus -- we don't want
> a perma-WG... we want something specific that's highly focused.
> Simultaneously, we don't want the future non-RDF stuff to suffer just because
> people were under the mistaken impression that Linked Data Signatures ONLY
> works for RDF inputs.

Same page wrt. focus, true. Different weighting of concerns about the
WG's ability to focus and deliver. In my experience, WGs are pretty
vulnerable to scope creep. SPARQL spent 18 months arguing about OWL
use cases that you couldn't even detect with SPARQL Results (the chair
DanC later said "if only I had known at the time" when I pointed that
out).

Ultimately, we agree on job one. Maybe the charter could express that
getting RDF signatures done is job one and some other stuff might come
up along the way, but I'd advise just documenting job one and asking
the AC for a re-charter if a really great idea comes up. That way they
know what they sign up for in the first charter and for and following
expansions. (Re-charters are easier than first charters, but still
hard enough to act as a useful gate.)

Bit o' history on "Linked Data": when TimBL first uttered "Linked
Data" (I think it was he), many in the XML community adopted it
immediately. The feeling was that if you have namespaces and a URL
datatype (maybe also ID and IDREF), you could link data in
documents. After the AC meeting and Toronto (maybe?), Micheal
Sperberg-McQueen and Henry Thomposon (and maybe Liam Quin?) took on
the rest of us RDF zealots and we arrived at some sort of uneasy truce
that had absolutely no effect on the rest of the world.

"Linked Data" has always been fraught but it's a great way to describe
(or peddle) RDF, and I applaud it for that. People read it how they
want and it's wayyy better that we argue about this now than in the WG.

> -- manu
> 
> [1]https://tools.ietf.org/html/rfc8785
> 
> -- 
> Manu Sporny - https://www.linkedin.com/in/manusporny/
> Founder/CEO - Digital Bazaar, Inc.
> blog: Veres One Decentralized Identifier Blockchain Launches
> https://tinyurl.com/veres-one-launches
> 
>

Received on Tuesday, 4 May 2021 17:13:37 UTC