Re: Chartering work has started for a Linked Data Signature Working Group @W3C from Peter F. Patel-Schneider on 2021-05-06 (semantic-web@w3.org from May 2021)

From: Peter F. Patel-Schneider <pfpschneider@gmail.com>
Date: Thu, 6 May 2021 09:26:44 -0400
To: Manu Sporny <msporny@digitalbazaar.com>, Dan Brickley <danbri@google.com>, Phil Archer <phil.archer@gs1.org>
Cc: Ivan Herman <ivan@w3.org>, Dan Brickley <danbri@danbri.org>, Aidan Hogan <aidhog@gmail.com>, Pierre-Antoine Champin <pierre-antoine@w3.org>, Ramanathan Guha <guha@google.com>, semantic-web <semantic-web@w3.org>
Message-ID: <fbbc8372-214f-37e1-7559-57e51cbbefd7@gmail.com>

On 5/5/21 11:02 PM, Manu Sporny wrote:

> On 5/4/21 10:59 AM, Peter Patel-Schneider wrote:
>>> [1]https://tools.ietf.org/html/rfc8785
>>>
>> Is using JCS viable?  Is there a unique canonicalization of an RDF dataset 
>> (or RDF graph) expressed in JSON-LD?  If not, then I don't
>> see how this could work.
>
> For some use cases, yes, it's viable.
>
> If you're signing JSON-LD, but don't want to do RDF Dataset
> Canonicalization, then you can JCS and sign the payload... and then do
> RDF Dataset Canonicalization much later when you really need to do it. A
> very small minority of developers do this because they think RDF
> Canonicalization is going to be too expensive (even though runtime for
> most payloads is in the 1-4 milliseconds range... and blindingly fast if
> you use canonicalization templates).
>
> However, most of the folks that want to use Linked Data Signatures with
> JCS never want to go to RDF... they just want to canonicalize the JSON
> payload and sign it without base64 obfuscating the payload like JOSE
> JWTs do.
>
> I'm not saying that these are main stream uses of Linked Data
> Signatures, but the design does allow for it, and there are some use
> cases where it is a viable solution... and the companies using those
> solutions (e.g., Workday) are not easily ignored.
>
> -- manu

Going down this route only splits LD signatures, which is a very, very bad thing.

A signature is supposed to capture something important about a document.   For 
RDF and LD the characters in the document are unimportant.  What counts is the 
meaning of the document.

For JSON-LD the meaning of a document is the RDF graph (or dataset) that it 
encodes.  JCS is inadequate for canonicalizing RDF graphs.  So JCS is not 
suitable as a canonicalization for LD signatures.

peter

PS:  Well the meaning of a JSON-LD document should be an RDF graph (or 
dataset) but JSON-LD can serialize some generalization of RDF graphs.

Received on Thursday, 6 May 2021 13:28:31 UTC