Re: Graphs vs. Authorities vs. Warrants vs. Authentication vs. Certification etc. from Patrick Stickler on 2004-03-19 (www-archive@w3.org from March 2004)

From: Patrick Stickler <patrick.stickler@nokia.com>
Date: Fri, 19 Mar 2004 13:06:08 +0200
To: "ext Jeremy Carroll" <jjc@hplb.hpl.hp.com>
Cc: "ext Chris Bizer" <chris@bizer.de>, <www-archive@w3.org>, "Pat Hayes" <phayes@ihmc.us>
Message-Id: <6C6CB30E-7995-11D8-ADAF-000A95EAFCEA@nokia.com>

On Mar 19, 2004, at 12:43, ext Jeremy Carroll wrote:

>
> On datatypes ...
>
>> -----Original Message-----
>>
>>       :G swp:warrant [
>>          a swp:Warrant ;
>>          swp:authority ex:Bill ;
>>          swp:signature "..."^^sig:X509Signature .
>>       ]
>>
>>       :G swp:warrant [
>>          a swp:Warrant ;
>>          swp:assertingAuthority ex:Mary ;
>>          swp:signature "..."^^xyz:XYZSignature ;
>>          xyz:policy xyz:blargh .
>>       ]
>>
>
>
> A datatype is useful when you map from a lexical form to a value - I 
> don't
> think these datatypes above are doing that ... It is more that this 
> sig is a
> binary blob that gets treated in the semantics which discussed the 
> truth of
> certain triples, handing that off to the X.509 or PGP or other crypto 
> spec.
>
> However the sig by itself (without the rest of the example) is neither 
> valid
> nor invalid. (It is true that only some blobs of binary data are X.509
> certificates).

Hmmm... OK, I think I understand where you're coming from.

Though I don't see that the fact that the signature applies to a 
particular
graph has any affect on the suitability of using a datatype. A given
integer value is neither valid or invalid, only suitable for a given
purpose. Likewise, a given signature value is neither valid nor invalid,
it's simply suitable, or not, for the purpose of authenticating a 
particular
graph. But the signature is the signature is the signature no matter 
what.

>
> Thus I suggest we use xsd:base64EncodedBinary  (possibly misspelt 
> there)

The benefit of using a signature-special datatype over just 
base64EncodedBinary
is that the datatype specification can say how the actual signature is 
produced
and used. I.e. how members of the lexical space are constructed and how
members of the value space are interpreted when authenticating a given 
graph.

Thus, if we had

    sig:PGPSignature a rdfs:Datatype .

then the lexical space could very well be defined to be a subset of the 
set
of base-64 encoded binary strings, but the value space would have a much
richer semantics.

And it also allows each signature value node to be self documenting as 
to
what kind of signature it is, rather than having to add yet another
property (that would be manditory, by the way, not optional) to capture
that information.

Does that help to convince you in the least?

Patrick

--

Patrick Stickler
Nokia, Finland
patrick.stickler@nokia.com

Received on Friday, 19 March 2004 06:06:17 UTC