- From: Peter F. Patel-Schneider <pfpschneider@gmail.com>
- Date: Thu, 13 May 2021 07:32:11 -0400
- To: Ivan Herman <ivan@w3.org>
- Cc: semantic-web <semantic-web@w3.org>, Manu Sporny <msporny@digitalbazaar.com>
TL;DL: It is no mistake to examine and point out problems in supporting documents at this point in the creation of a working group. If a working group charter points to existing work as a starting point, and especially when a charter so prominently points to the existing work of a single body, then I expect a certain minimum level of competence exhibited in that work. This is particularly so when there are security aspects in the proposed working group. I am decidedly not seeing this minimum level of competence in the documents referenced by this charter. I strongly suggest that you get a computer security expert to look through the current version of the documents mentioned in the charter. At this point I think this review should be required even if the charter is revised to no longer point to these documents. So I strongly dispute your statement that it is a mistake to look at the current documents that the draft charter points to and make conclusions based on what is in these documents. I realize that these documents may change and I realize the time pressures involved in transitioning from a community group to a working group. But this doesn't mean that just the drafting of a working group charter is not a good time to hold up the current state of supporting documents to close examination. Surely it is better to do this now, when there is a chance that the situation might be improved, than during AC review of the working group charter. peter On 5/13/21 3:39 AM, Ivan Herman wrote: > Peter (and others who may have made the same mistake) > > At the moment, the charter text says: > > "Draft State to be adopted from: …" > > the intention is not to take over the, say, Linked Data Proof document as > is, just to start by some document that is already there. Ie, the charter > does not say that, say, the FPWD of the respective deliverable will be that > document. In this sense, the criticism on that document is not really > relevant for the charter. > > In an upcoming new version I may change that to something like "input > document", or something similar. > > (The problem with the current situation is that the charters at W3C follow a > specific template which, in this case, may be misleading.) > > Ivan > > >> On 12 May 2021, at 19:47, Peter F. Patel-Schneider <pfpschneider@gmail.com >> <mailto:pfpschneider@gmail.com>> wrote: >> >> I was looking through the draft charter. Under the suggestion that RDF and >> Linked Data are synonyms we get the following deliverables. >> >> RDF Dataset Canonicalization (RDC) >> RDF Dataset Hash (RDH) >> RDF Integrity (RI) >> RDF Security Vocabulary (RSV) >> >> I understand RDC, which is existing work, and RDH, which is also very close >> to existing work. I think I understand RI, which appears to be nothing more >> than the writing down of the necessary information to be able to verify >> signatures and similar things. Then RSV is just a vocabulary for these things. >> >> So far, so good. >> >> But when I look at the examples in the proposed source of RI, I get >> confused. I see there an example of adding a signature into what looks >> like a JSON-LD document. As far as I can tell, this JSON-LD document, >> EXAMPLE 1, produces an empty graph but this depends on the contents of the >> context document at https://w3id.org/identity/v1 >> <https://w3id.org/identity/v1>. The signed document, EXAMPLE 2, also >> produces an empty graph but this depends on the contents of two documents, >> neither of which are the context document for the original document. So >> I'm very puzzled as to just what is going on here. >> >> OK, maybe all this is just about some aspect of JSON-LD, so I considered >> signing a Turtle document. Here is a Turtle document: >> >> @prefix foaf: <http://xmlns.com/foaf/0.1/ <http://xmlns.com/foaf/0.1/>> . >> >> <alice> foaf:name "Alice" . >> >> >> I quickly run into two problems. >> >> First, where is the signature supposed to go to make a signed document? I >> suppose that it can be just fit into comments. >> >> Second, what is the RDF graph resulting from this document? That depends >> on the base IRI, which can be influenced by the location of the document. >> So will there have to be an extra location provided as input to RDC and >> associated with the signature? This issue also appears in JSON-LD documents. >> >> I couldn't find any discussion of these issues in the input documents for >> the proposed WG. I expected to see something saying how to add signatures >> to RDF concrete syntaxes and something that excluded documents with >> relative IRIs or somehow handled relative IRIs. I also expected to see >> something that worked for JSON-LD documents. >> >> So I'm rather confused as to just how the WG is going to do what it needs >> to do. >> >> >> peter >> >> > > > ---- > Ivan Herman, W3C > Home: http://www.w3.org/People/Ivan/ <http://www.w3.org/People/Ivan/> > mobile: +33 6 52 46 00 43 > ORCID ID: https://orcid.org/0000-0003-0782-2704 > <https://orcid.org/0000-0003-0782-2704> >
Received on Thursday, 13 May 2021 11:33:26 UTC