[foaf-protocols] WebID for signing RDF graphs

Dave Longley dlongley at digitalbazaar.com
Thu Sep 23 16:24:24 CEST 2010

On 09/23/2010 03:16 AM, Henry Story wrote:
> On 22 Sep 2010, at 12:49, Toby Inkster wrote:
>> On Wed, 22 Sep 2010 09:14:14 +0200
>> Henry Story<henry.story at bblfish.net>  wrote:
>>> Where do you place the signature? Inside the graph or outside?
>> There are three main methods that the library allows:
>> 1. Given an RDF model, it just returns a string signature and doesn't
>> modify the model in any way.
>> 2. Given an RDF document formatted in RDF/XML or Turtle, it adds the
>> signature using an XML-comment or Turtle comment as appropriate; given
>> an RDFa document, it adds the signature to a non-RDFa attribute on the
>> document root node. Thus the signature is inside the document, but
>> outside the graph.
> If you place it in a comment outside or outside the graph you are likely
> to make it very difficult to parse, as a wholly new parser will be needed
> just to find the signature. Would it make sense to alter the algorith to
> do the signature on the graph minus any<>  signature "XYZ" . statement ?

The problem with that is that it disables you from having cascading 
signatures (ie: signing a graph with WebID 1 and then signing the new 
graph (including the signature node) with Web ID 2). This is can be 
useful for indicating that one party trusts both the graph and another 
user that has likewise signed it. If the signature nodes could indicate 
order and it were possible to specify which signature you're trying to 
verify then this feature could be preserved.

Other options include being specific about which parts of the graph are 
signed based on what the graph represents. For example, the ASN.1 
structure of an X.509 certificate has a very specific part of it that is 
signed (referred to as TBSCertificate or "To Be Signed Certificate").

>> 3. Given a list of URIs which dereference to RDF graphs, it generates a
>> brand new RDF graph which lists the signatures for the RDF graphs.
>> -- 
>> Toby A Inkster
>> <mailto:mail at tobyinkster.co.uk>
>> <http://tobyinkster.co.uk>
> Social Web Architect
> http://bblfish.net/
> _______________________________________________
> foaf-protocols mailing list
> foaf-protocols at lists.foaf-project.org
> http://lists.foaf-project.org/mailman/listinfo/foaf-protocols

Dave Longley
Digital Bazaar, Inc.
Phone: 540-961-4469

More information about the foaf-protocols mailing list