- From: Peter F. Patel-Schneider <pfpschneider@gmail.com>
- Date: Thu, 6 May 2021 09:26:44 -0400
- To: Manu Sporny <msporny@digitalbazaar.com>, Dan Brickley <danbri@google.com>, Phil Archer <phil.archer@gs1.org>
- Cc: Ivan Herman <ivan@w3.org>, Dan Brickley <danbri@danbri.org>, Aidan Hogan <aidhog@gmail.com>, Pierre-Antoine Champin <pierre-antoine@w3.org>, Ramanathan Guha <guha@google.com>, semantic-web <semantic-web@w3.org>
On 5/5/21 11:02 PM, Manu Sporny wrote: > On 5/4/21 10:59 AM, Peter Patel-Schneider wrote: >>> [1]https://tools.ietf.org/html/rfc8785 >>> >> Is using JCS viable? Is there a unique canonicalization of an RDF dataset >> (or RDF graph) expressed in JSON-LD? If not, then I don't >> see how this could work. > > For some use cases, yes, it's viable. > > If you're signing JSON-LD, but don't want to do RDF Dataset > Canonicalization, then you can JCS and sign the payload... and then do > RDF Dataset Canonicalization much later when you really need to do it. A > very small minority of developers do this because they think RDF > Canonicalization is going to be too expensive (even though runtime for > most payloads is in the 1-4 milliseconds range... and blindingly fast if > you use canonicalization templates). > > However, most of the folks that want to use Linked Data Signatures with > JCS never want to go to RDF... they just want to canonicalize the JSON > payload and sign it without base64 obfuscating the payload like JOSE > JWTs do. > > I'm not saying that these are main stream uses of Linked Data > Signatures, but the design does allow for it, and there are some use > cases where it is a viable solution... and the companies using those > solutions (e.g., Workday) are not easily ignored. > > -- manu Going down this route only splits LD signatures, which is a very, very bad thing. A signature is supposed to capture something important about a document. For RDF and LD the characters in the document are unimportant. What counts is the meaning of the document. For JSON-LD the meaning of a document is the RDF graph (or dataset) that it encodes. JCS is inadequate for canonicalizing RDF graphs. So JCS is not suitable as a canonicalization for LD signatures. peter PS: Well the meaning of a JSON-LD document should be an RDF graph (or dataset) but JSON-LD can serialize some generalization of RDF graphs.
Received on Thursday, 6 May 2021 13:28:31 UTC