Describing Objects (Was: DateTime (DT) attribute in Reference) from Joseph M. Reagle Jr. on 2001-07-05 (w3c-ietf-xmldsig@w3.org from July to September 2001)

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Thu, 05 Jul 2001 12:00:37 -0400
To: "Gregor Karlinger" <gregor.karlinger@iaik.at>
Cc: "merlin" <merlin@baltimore.ie>, "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>, <AMIR@newgenpay.com>, "Dsig \(E-mail\)" <w3c-ietf-xmldsig@w3.org>
Message-Id: <4.3.2.7.2.20010705112653.00ba09f0@localhost>

[As an aside ...]

At 10:21 7/5/2001, Gregor Karlinger wrote:
>As Armir has described his problem, he wants to use the DateTime to make a
>statement on the version of a data object, and I would not consider this as
>a property of the signature.

SignatureProperty is a "translation" of sorts of how one would describe a 
resource in RDF [1]. (Similar grammar, different syntax). Because xmldsig 
had a large amount of xml and character processing that's difficult to 
model/represent in RDF concisely -- and people weren't keen on it at the 
time -- xmldsig is not in rdf syntax. So we invented a SignatureProperty tag 
that looks a lot like an <rdf:Description about="URI"> with a specific 
semantic: data about the signature. In xmldsig such "semantics" are optional 
and minimal, otherwise it's up to the application. Of course, at the 
application level I'm seeing all manner of kludging together "assertions", 
signature and signed object fields for describing things -- and it's pretty 
ugly.

When you get into the description of resources and assertions (instead of 
processing XML, charsets, encodings, node-sets, XPath, etc.) that's RDF's 
strong point! The attachment is an RDF description of an object, using the 
well known Dublin Core metadata vocabulary [2] plus a signature on that 
object. (One could, of course, sign the statement itself including the 
description via an enveloped transform.)

IMHO, the glue between xmldsig and the "semantic web" [3] needs work, but 
that work is more comprehensible and scales better (though's there a larger 
learning curve at the start) than innumerable different and incomplete ways 
of describing and asserting things (which seems easier at the start because 
one need only invent 4 tags for my app and write application logic to deal 
with them -- but what happens when you want to use other 
description/assertions in other syntaxes, or you want to extend your own?)

[1] http://rdfweb.org/2000/08/why/
[2] http://dublincore.org/
[3] http://www.w3.org/DesignIssues/Semantic.html

--
Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/

Attachments

text/plain attachment: rdf-sign.txt

Received on Thursday, 5 July 2001 12:04:56 UTC