Siganture Assurance Profile from Graham Klyne on 2001-03-07 (www-rdf-interest@w3.org from March 2001)

From: Graham Klyne <Graham.Klyne@MIMEsweeper.com>
Date: Wed, 07 Mar 2001 21:23:48 +0000
To: RDF interest group <www-rdf-interest@w3.org>
Cc: "Joseph M. Reagle Jr." <reagle@w3.org>
Message-Id: <5.0.2.1.2.20010307210653.0394d2e0@joy.songbird.com>
RDF folks,

Joseph Reagle has come up with a proposal 
(http://www.w3.org/TR/xmldsig-p3p-profile/) to attach "statement-of-intent" 
kinds of documents to a digital signature in a fashion similar to P3P use 
of policy documents to state site privacy practices.  P3P is a specific 
use-case in his proposal, but it could be more broadly applied.  This helps 
to indicate what might be read into a signature;  e.g. is it simply an 
authentication of source, or is it intended to convey an assurance of the 
content?

There are (at least) two RDF/SW angles here:

(a) establishing the intent behind a signature may be important in 
establishing web-of-trust relationships, and

(b) the document has a go at modelling the signature-intent mechanism using 
RDF.

In the short term, I think the modelling of the signature intent mechanism 
would benefit from wider review:  with Joseph's permission, I attach my 
comments on his proposal;  in particular, I suggest an approach for using 
RDF to model the additional information.

In the longer term, this modelling may play a role in building RDF 
structures relating to anticipated future web-of-trust developments.  I, 
personally, happen to believe that there should be a distinction between a 
signature applied to a bag of bits, and an assurance that the signature 
imparts to an interpretation of those bits.

Anyway, my comments on Joseph's proposal follow...

#g
--


Joseph,

At 05:27 PM 3/1/01 -0500, you wrote:
>http://www.w3.org/TR/xmldsig-p3p-profile/

I do like the basic idea here.  Some comments...

[...]


>[def:] P3P Assurance Signature Profile
>      (1) a definition of the assured semantic under its namespace and (2) 
> a profile of XML Signature (constraints over algorithms, transforms, key 
> types, etc.) in a
>      P3P application context.

It's not clear to me what is meant by "under its namespace" here;  isn't 
this redundant?



>2.1 Assurance Overview
>
>The following is an XML instance of a P3P Assurance semantic of a 
>signature over a P3P-Policy. The assurances uses the RDF data-model to 
>state that: A
>SignatureProperty assures a P3P Policy.
>
>#Assurance1
>
><SignatureProperty Id="Assurance1" Target="#Signature1"
>  xmlns="http://www.w3.org/2000/09/xmldsig#">
>   <Assures Policy="http://www.example.org/p3p.xml"
>    xmlns="http://www.w3.org/2000/10/xmldsig-p3p-profile/"/>
></SignatureProperty>

So, this defines an assurance with a fragment identifier of "Assurance1", 
whose integrity can be confirmed by checking "Signature1"...?

>2.2 XML Signature Overview

Both the <SignatureProperty> assurance and the P3P policy document are 
covered by the signature, right?


>3.0 P3P Assurance
>
>The assurance semantic is:
>
>[def:] Assured
>      the P3P DISPUTE service asserts that the P3P policy is accurate and 
> that the P3P DISPUTE service commits to the enumerated REMEDIES. Verification
>      of this semantic requires (1) signature validation where (2) the 
> signature key holder and P3P DISPUTE service are the same.

This is assured by the affirmed _policy_?


>3.1 Signature Semantics

[...]

>Consequently, this specification permits a signature semantic to be 
>expressed with the natural language semantic defined is section 3.0 using 
>the following XML
>syntax as part of a SignatureProperty:
>
>[i0] <SignatureProperties>
>[i1]   <SignatureProperty Id="Property-Assurance" Target="#Signature1"
>[i2]    xmlns="http://www.w3.org/2000/09/xmldsig#">
>[i3]     <profile:Assures profile:Policy="http://www.example.org/p3p.xml"
>[i4]       xmlns:profile="http://www.w3.org/2001/02/xmldsig-p3p-profile" />
>[i5]   </SignatureProperty>
>[i6] </SignatureProperties>
>
>Which means the same as the following [RDF]:
>
>[r0] <rdf:Description ID="Property-Assurance" about="#Signature1"
>[r1]  xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
>[r2]   <profile:Assures resource="http://www.example.org/p3p.xml"
>[r3]     xmlns:profile="http://www.w3.org/2000/12/xmldsig-p3p-profile" />
>[r4] </rdfDescription>

I disagree with the RDF, as I said.  I think we are talking about three 
resources in the RDF sense:

[#Signature]                     -- the signature
[#Property-Assurance]            -- the binding of signature to semantics
[http://www.example.org/p3p.xml] -- the P3P policy document

These are related in the following ways (using N3 notation):

<#Signature> >-:signs-> <#Property-Assurance>
<#Signature> >-:signs-> <http://www.example.org/p3p.xml>

<#Property-Assurance> >-:targetSignature->  <#Signature>
<#Property-Assurance> >-:assuresMeaningOf-> <http://www.example.org/p3p.xml>


Note, there are _four_ RDF statements here.  The RDF for this (generated by 
Dan's online N3 processor at http://www.w3.org/DesignIssues/Notation3.html) is:

<web:RDF xmlns:web="http://www.w3.org/1999/02/22-rdf-syntax-ns#" 
xmlns:g="http://www.w3.org/2000/10/n3/notation3.py#" 
g:genbase="http://example.org/gen/">
   <web:Description 
about="http://www.w3.org/DesignIssues/Notation3.html#Signature">
     <signs xmlns="#" 
resource="http://www.w3.org/DesignIssues/Notation3.html#Property-Assurance"/>
     <signs xmlns="#" resource="http://www.example.org/p3p.xml"/>
   </web:Description>
   <web:Description 
about="http://www.w3.org/DesignIssues/Notation3.html#Property-Assurance">
     <targetSignature xmlns="#" 
resource="http://www.w3.org/DesignIssues/Notation3.html#Signature"/>
     <assuresMeaningOf xmlns="#" resource="http://www.example.org/p3p.xml"/>
   </web:Description>
</web:RDF>


>The reification of this statement (breaking it down into its "grammatical" 
>data model) is
>
>[rA] <rdf:type resource="rdf:Statement"/>
>[rB] <rdf:subject resource="#Signature1"/>
>[rC] <rdf:predicate resource="profile:Assures"/>
>[rD] <rdf:object resource="http://www.example.org/p3p.xml"/>


The reification of the above has 4 RDF statements for each separate 
statement noted above:

   <#Signature> >-:signs-> <#Property-Assurance>

reifies as:

   :x >-rdf:type-> <rdf:Statement>
   :x >-rdf:predicate-> :signs
   :x >-rdf:suibject->  <#Signature>
   :x >-rdf:object->    <#Property-assures>

where :x is some resource that stands for the statement.

I'm not sure that discussing reification adds any value to your proposal, 
and possibly cause some confusion:  it's not RDF's most "user-friendly" 
feature ;-)

#g
Received on Wednesday, 7 March 2001 16:35:25 UTC