Re: Chartering work has started for a Linked Data Signature Working Group @W3C

> On May 24, 2021, at 10:43 AM, Dan Brickley <danbri@danbri.org> wrote:
> 
> On Mon, 24 May 2021 at 16:47, Manu Sporny <msporny@digitalbazaar.com <mailto:msporny@digitalbazaar.com>> wrote:
> ...
> 
>  
> Yeah. Peter picked up and ran with my main outstanding technical question on the input documents which was about recursion.
> 
> There remain larger expectation-management questions along lines of who should expect this WG's products to be relevant to their work - e.g. large scale RDF publication, the Linked Open Data Cloud kinds of site, or Wikidata, DBpedia, Yago, ... or ordinary sites publishing Schema.org <http://schema.org/> markup? Do we envisage https://www.wikidata.org/wiki/Wikidata:Database_download#RDF_dumps <https://www.wikidata.org/wiki/Wikidata:Database_download#RDF_dumps> being improved by this work in a couple of years, for example?

I see a couple of issues here:

* How do you sign a signed dataset,
* How do you extract just the signature bits, particularly if there are multiple parallel signatures, or recursive signatures,
* Can a signature block contain any information that could convey some unsigned information that is subject to misrepresentation.

I’m not sure we need to answer these questions now, but they should be among the list of prerequisites for the WG to address. There is always the potential that there are problems that can’t be solved which could lead to the failure of one or more normative specs to advance, but that is always the case. It becomes a judgement if the time is worth investing weighing the probability that such questions can be properly answered.

> ...
> 
> Specifically you wrote (in https://www.w3.org/mid/c525ef74-6599-3d33-2215-7009c6f8e8a1@digitalbazaar.com <https://www.w3.org/mid/c525ef74-6599-3d33-2215-7009c6f8e8a1@digitalbazaar.com>):
> 
> manu> "RDF Graphs" -- those are not what this group is focusing on, they create all sorts of provenance issues with the signed information... this is why we pushed hard for RDF Datasets back in the day... we're focusing on canonicalizing and generating proofs (e.g., digital signatures) for RDF Datasets.
> 
> A lot of the defences I've heard for why we can't just "sign the bits" of an RDF serialization are along the lines of "what if Alice writes it in Turtle, Bob in JSON-LD, and Carol in RDFa". All of which is couched in terms of the RDF graph abstraction. We can imagine easily enough parsing alice.ttl, bob.jsonld and carol.rdfa into similar triples, and canonicalizing them into the same triples. But if they've signed quads, all that canonicalization would be for nothing if the named graph URIs on each triple were different in Alice's, Bob's and Carol's signing workflow. In general W3C RDF and SPARQL leave it very open how to choose how to use named graph URIs. 

I don’t quite understand why RDF graphs present a problem wheree RDF datasets don’t. Certainly a dataset containing only a default graph would be in-scope; aren’t they essentially the same thing?

> I can understand that the VC ecosystem may have well established conventions for how to use the named graph field in the quads of an RDF Dataset. But without that or something similar (currently not really explained in the draft Charter) it is confusing how Graphs vs Datasets plays out in the design. Some of the issues Peter is poking at in the recursion thread, you could imagine handling differently via Datasets / named graphs, for example.

If graphs are named using IRIs, then two different serializations that use different IRIs can’t be canonical. IIRC, VC uses blank node graph names, and thus two different serializations using different blank node identifiers could be canonicalized to the same bits. But, it may tread on the lack of formal relationship for the graph name not denoting the graph it names, particularly when the graph name is used in a statement in some other graph.

Gregg

> cheers,
> 
> Dan
> 
>  
> 
> -- manu
> 
> -- 
> Manu Sporny - https://www.linkedin.com/in/manusporny/ <https://www.linkedin.com/in/manusporny/>
> Founder/CEO - Digital Bazaar, Inc.
> blog: Veres One Decentralized Identifier Blockchain Launches
> https://tinyurl.com/veres-one-launches <https://tinyurl.com/veres-one-launches>

Received on Monday, 24 May 2021 18:58:42 UTC