[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Fwd: Related to the discussion we were having on Friday on signing XDI statement triples
And for cases where a signature covers more than one triple –
=peterd/#friend/=drummond
=peterd/#friend/=hubert
=peterd/#friend/=les
The relation may look like this -
=peterd/$sig({"=peterd/#friend":["=drummond","=hubert","=les"]})/=peterd[<$sig>]<@0>
From: Chowdhury, Animesh
Sent: Wednesday, May 14, 2014 10:33 AM
To: Davis, Peter; Markus Sabadello
Cc: =Drummond Reed; Joseph Boyle; Andy Dale; Dan Blum; Le Van Gong, Hubert
Subject: RE: Related to the discussion we were having on Friday on signing XDI statement triples
On “how can a verifier know that only the first triple is signed?”
=peterd/#friend/=drummond
=peterd/#friend/=hubert
=peterd/#friend/=les
=peterd/#friend/=markus
=peterd[<$sig>]<@0>&/&/"jq/ae+..."
=peterd[<$sig>]<@0>/$is#/$sha$256$rsa$2048
=peterd[<$sig>]<@0><$xdi>&/&/"PXBldGV..."
How about adding a statement in =peterd’s graph like this –
=peterd/$sig(=peterd/#friend/=drummond)/=peterd[<$sig>]<@0>
From: Davis, Peter
Sent: Wednesday, May 14, 2014 10:13 AM
To: Markus Sabadello
Cc: =Drummond Reed; Joseph Boyle; Chowdhury, Animesh; Andy Dale; Dan Blum; Le Van Gong, Hubert
Subject: Re: Related to the discussion we were having on Friday on signing XDI statement triples
On May 13, 2014, at 17:23 PM, Markus Sabadello <markus@respectnetwork.net> wrote:
Hello,
Good list of requirements.
thanks. are there any others that i missed?
I don't understand why requirement 4 is needed, I think this is covered by 1.
I revisited the syntax for collections, and i think you are correct.
In requirement 5, we don't usually use the term "named graph". In a way every subgraph in XDI is "named", i.e. has an address.
the RDF in me peeking out :-)
Also in requirement 5, the word "easily" is relative. I think Animesh's proposed approach might not actually violate this requirement, since there's a literal that says which statement(s) are covered by a signature.
sure, it is subjective. however, i do not see how i can deduce the triple that is signed in the example. lets say i had the following:
=peterd/#friend/=drummond
=peterd/#friend/=hubert
=peterd/#friend/=les
=peterd/#friend/=markus
=peterd[<$sig>]<@0>&/&/"jq/ae+..."
=peterd[<$sig>]<@0>/$is#/$sha$256$rsa$2048
=peterd[<$sig>]<@0><$xdi>&/&/"PXBldGV..."
how can a verifier know that only the first triple is signed?
=peterd
Markus
On Tue, May 13, 2014 at 8:06 PM, Davis, Peter <Peter.Davis@neustar.biz> wrote:
OK. let me summarize what i think are the highlights of this thread thus far. but first, let me restate the use cases i am aiming to solve (for those that were not part of the discussion last week in MV):
From the signing perspective:
1] =peterd signs an entire sub-graph of =peterd (e.g. (=peterd/#friend) )
2] =peterd signs a specific triple found in his graph (e.g. =peterd<#email>&/&/“peter.davis@gmail.com”
3] a third party signs a subgraph (or single triple) to place in =peterd’s graph (e.g. =peterd<#email><#work>&/&/“peter.davis@neustar.biz” signed by +neustar)
4] an entity signs all or part of a collection
From the verifier perspective:
5] easily deduce what is (and is not) signed in a specific named graph
6] ability to validate a signature made by the graph subject or a third party
now for comments/questions for the working proposal:
=peterd/#friend/=drummond
=peterd[<$sig>]<@0>&/&/"jq/ae+..."
=peterd[<$sig>]<@0>/$is#/$sha$256$rsa$2048
=peterd[<$sig>]<@0><$xdi>&/&/"PXBldGV..."
this (i think) violates requirement 5
=peterd
On May 12, 2014, at 21:31 PM, =Drummond Reed <drummond@respectnetwork.net> wrote:
On Mon, May 12, 2014 at 9:37 AM, Joseph Boyle <boyle.joseph@gmail.com> wrote:
Drummond, what is the right way to reify a statement or set of statements or subgraph? Ideally signing of these should simply use the general reification mechanism.
I'm late to this thread and to swamped to follow it closely but the general reification mechanism in XDI is an inner graph.
However it should only be necessary to use inner graphs for signatures if not signing an entire subgraph. Otherwise I agree with the statement below that by default a sig should cover the subgraph of which it is an attribute.
For something already known to be an XDI statement with valid characters, can we avoid base64ing?
Yes, I agree. The XDI Core spec itself should already handle this.
Also for a statement about =drummond’s assertion should we be using =peterd/$is#friend/=drummond?
Not sure if I understand. The example below is not Drummond's assertion, but Peter's. The above example is also Peter's (i.e., the assumption always belongs to the subject).
Peter Davis: Neustar, Inc.
Distinguished Engineer, Director, Neustar Foundry
45980 Center Oak Plaza Sterling, VA 20166
[T] +1 571 434 5516 [E] peter.davis@neustar.biz [W] http://www.neustar.biz/ [X] xri://@neustar*pdavis [X] xri://=peterd
The information contained in this e-mail message is intended only for the use of the recipient(s) named above and may contain confidential and/or privileged information. If you are not the intended recipient you have received this e-mail message in error and any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately and delete the original message.
Peter Davis: Neustar, Inc.
Distinguished Engineer, Director, Neustar Foundry
45980 Center Oak Plaza Sterling, VA 20166
[T] +1 571 434 5516 [E] peter.davis@neustar.biz [W] http://www.neustar.biz/ [X] xri://@neustar*pdavis [X] xri://=peterd
The information contained in this e-mail message is intended only for the use of the recipient(s) named above and may contain confidential and/or privileged information. If you are not the intended recipient you have received this e-mail message in error and any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately and delete the original message.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]