Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

security ontology #95

Open
bblfish opened this issue Jun 16, 2023 · 1 comment
Open

security ontology #95

bblfish opened this issue Jun 16, 2023 · 1 comment

Comments

@bblfish
Copy link

bblfish commented Jun 16, 2023

For Http Sig (latest) authentication (see demo) it is useful to have a way to link a WebID to a key. We developed the Cert ontology in 2008 for WebID-TLS, but since then the security ontology has been standardised.

I tried to understand how to use the security ontology and I think the way to do it is using security:controller, linking the key to the WebID (so something close to the inverse of cert:key).

@prefix security: <https://w3id.org/security#> .
@prefix rdf: <http://www.w3.org/2000/01/rdf-schema#> .

<#> a security:JsonWebKey2020 ;
   security:controller </people/alice#i> ;
   security:publicKeyJwk """{
     "alg": "PS512",
     "warning": "Don't use this key for real world examples, as the private key is publicly known. This is the key from <https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-message-signatures-13#page-82>.",
      "use": "sig",
      "kty":"RSA",
      "e":"AQAB",
      "n":"r4tmm3r20Wd_PbqvP1s2-QEtvpuRaV8Yq40gjUR8y2Rjxa6dpG2GXHbPfvMs8ct-Lh1GH45x28Rw3Ry53mm-oAXjyQ86OnDkZ5N8lYbggD4O3w6M6pAvLkhk95AndTrifbIFPNU8PPMO7OyrFAHqgDsznjPFmTOtCEcN2Z1FpWgchwuYLPL-Wokqltd11nqqzi-bJ9cvSKADYdUAAN5WUtzdpiy6LbTgSxP7ociU4Tn0g5I6aDZJ7A8Lzo0KSyZYoA485mqcO0GVAdVw9lq4aOT9v6d-nb4bnNkQVklLQ3fVAvJm-xdDOp9LCNCN48V2pnDOkFV6-U9nV5oyc6XI2w"
   }"""^^rdf:JSON .

I asked the following questions in an e-mail to the credentials CG mailing list, but I think it is going to get lost there in the noise.

I opened an issue "domain of publicKeyJWK should be rdf:JSON" as it seemed
the turtle should be using rdf:JSON as above
w3c/vc-data-integrity#73

It looks like the controller is documented now, and I think it fits, but it would be good to
have some feedback
https://w3c-ccg.github.io/security-vocab/#controller

There is also the question of whether sec:controller is the opposite of sec:publicKey
w3c/vc-data-integrity#74

The document I am writing [3] is a bit less of a spec than a HOWTO guide
and it gives a more extensive overview to help explain why this is a good idea.

At present, I only have keyID authentication working. Later I would like to enhance
it with credentials.

A key is an exact way of describing an agent (a functional property) and so I think it would be helpful to have some feedback from this group here.

@jeff-zucker
Copy link
Member

@bourgeoa - you may wish to discuss with @bblfish your plan to create solid:privateKey and other cert-related predicates for using keys in SolidOS chat.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants