W3C home > Mailing lists > Public > w3c-xml-sig-ws@w3.org > April 1999

RDF Semantics (Was: Re[2]: MIME Blobs)

From: Joseph M. Reagle Jr. (W3C) <reagle@w3.org>
Date: Tue, 13 Apr 1999 19:10:52 -0400
Message-Id: <>
To: <rdbrown@globeset.com>
Cc: <rhimes@nmcourt.fed.us>, "'Signed XML Workshop'" <w3c-xml-sig-ws@w3.org>
At 03:09 PM 4/9/99 -0500, Richard D. Brown wrote:
 >Correct, but this functionality is already provided by XLink/XPointer
 >specifications. As a matter of fact, you do not have to distinguish between
 >a local element, an external resource (XML document or other), and a
 >external element (XML or other). They are all addressable by means of a XML
 >Link. This is actually the reason why I have adopted an XML Link in the
 >signature element instead of a IDREF.
IDREF ends up being quite limited, perhaps/if the next version of XML IDREF
will be made similar to HREF, or xml link will suffice. Regardless, one of
the neat things you can do with RDF to this end is to ask, "give me the PGP
key of all documents in the http://w3.org/ tree signed by reagle on pages
authored by renaud." based on a structure similar to the attached.


I thought I'd provide an example of how one could use RDF. I did this as a
thought exercise for myself, and thought I'd share it with the group. Now
the issue of RDF is sometimes contentious becase in some instances one would
like to define the data model in the data schema. Other times, you can
define the data-model by using additional XML tags with assertion semantics;
that is what RDF is. I largely avoid this issue, as long as there is a data
model and not just a slew of tags someone thought up, I'm happy. You can see
this in the design of the P3P XML schema.

However, in the DSig case, one needs assertion semantics in the syntax
because that is what it is all about. And to my mind, instead of it growing
its own data model and assertion semantics, it might as well leverage
existing infrastrucutre and lend its signature semantics to that. Richard's
draft defines collections (bags/manifests), packages, links, resources, etc.
So I wanted to try to come up with an example using RDF tags for those
semantics. I'm not using a terse syntax for RDF nor namespaces, and there
are simplifications one could make, but at first I wanted everything to be


The W3C web site was authored by Renaud. The home page is signed by Reagle,
who is known by his X.509 cert or PGP key. He signed the site using both.

Everything at http://w3.org/* was authored by Renaud. In addition the home
page resource has a signature which is a resoure (first class web object).
That signature resource has two properties: values and originator info.
There are two alternative resources that act as a signature (X509 and PGP.)
There is one resource that acts as the originator info:
"http://w3.org/Reagle/" Reagle has two alternative ways of identifying
himself. Each alternative is a resource, with a couple of properties with
literal values such as the ID, URI of the algorith identifier, and the
actual key value.

<?xml version="1.0"?>
<RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"

  <!-- First assertion about authorship, trivial to sign this as well -->
  <rdf:Description id="first_assertion" aboutprefix="http://w3.org">

  <!-- Second signature assertion -->
  <rdf:Description about="http://w3.org/Overview.html">
    <dsig:Signature rdf:parseType="Resource">

       <!-- The signature values, they are linked to their
            respective keys -->
            <rdf:li rdf:parseType="Resource">
               <dsig:key rdf:resource="#X509"
            <rdf:li rdf:parseType="Resource">
               <dsig:key rdf:resource="#PGP"

       <!-- The originator info and his keys -->
       <dsig:OriginatorInfo rdf:resource="http://w3.org/Reagle/">
             <rdf:li rdf:parseType="Resource">
               <dsig:key ID="X509" type="http://iso.org/x509"
             <rdf:li rdf:parseType="Resource">
               <dsig:key ID="PGP" type="http://pgp.com/pgp"

Joseph Reagle Jr.  W3C:     http://www.w3.org/People/Reagle/
Policy Analyst     Personal:  http://web.mit.edu/reagle/www/
Received on Tuesday, 13 April 1999 19:10:59 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 19:44:59 UTC