Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add OpenPgpSignature2019 as a JSON-LD Signature Suite #71

Closed
OR13 opened this issue May 7, 2019 · 8 comments

Comments

@OR13
Copy link

commented May 7, 2019

New Work Item Proposal

Categories: Exploration

Abstract

OpenPgpSignature2019 is a JSON-LD Signature Suite that uses OpenPGP for signing and verifying, and is otherwise like RsaSignature2017 and others, I've done my best to get it as close to the other references as possible.

https://github.com/transmute-industries/PROPOSAL-OpenPgpSignature2019

GPG/PGP/OpenPGP have support in many existing software systems, such as Github, are familiar to many users, and offer a unique opportunity to bridge older more established privacy technologies with new emerging standards like the DID spec, so long as the integration with JSON-LD Signatures can be formalized.

I'm seeking collaborators for reviewing the implementation, completing the signature suite spec, cross linking to relevant specs, and any comments or suggestions.

I'm also happy contribute the codebase to the DIF or elsewhere if that is recommended, its my hope that this JS implementation might be followed by other languages, and having a well formed spec is key to supporting that.

I'm a member of the DIF and this working group, but not this github org.
I've spoken to @msporny about this, and he suggested I follow the guidelines for a new work item.

Editors/Contributors: @OR13

@kimdhamilton

This comment has been minimized.

Copy link
Contributor

commented May 7, 2019

Reach out to Transmute

@OR13

This comment has been minimized.

Copy link
Author

commented May 8, 2019

@kimdhamilton I am Cofounder / CTO at Transmute, sorry should probably have mentioned that. We're members of the DIF and the W3C. Our work with DID and Verifiable Credentials, has motivated us to expand support for larger key types in ethr-did uport-project/ethr-did#30, and we believe that support for PGP might be an attractive target for DID interoperability, assuming we can define the signature suite in sufficient detail. We also work on https://github.com/decentralized-identity/element and https://github.com/decentralized-identity/github-did.

In working with JSON-LD signature suites, particularly ones which support secp256k1, I've been frustrated by implementation differences that can cause incompatibility across implementations for the same suite, for example: jolocom/jolocom-lib#261

My hope is to ensure that if there is a suite approved for OpenPGP it does not suffer similar challenges.

@kimdhamilton

This comment has been minimized.

Copy link
Contributor

commented May 11, 2019

Hi @OR13,
Thanks for submitting this. I just wanted to check if you want to submit this as a "formal" vs "informal" work item. If it's a formal work item, then we can host the repo in the w3c ccg github org, but there are a few extra requirements. Details are in "Work Item Process" in our process doc, but I'll summarize the extra steps needed for acceptance as a formal work item here:

  1. Work Items need at least two editors responsible for advancing it. The editors must include representation from at least two companies.

It's possible Manu will sign up with you, but this other person needs to be identified before the work item can be proposed.

  1. Post an announcement to the CCG mailing list Credentials Community Group public-credentials@w3.org, linking to this issue.

Afterward, the chairs will announce a review period to gather feedback from the community. If this sounds like overkill for what you intended, the informal work item review process is much more lax, and we can go ahead and proceed. (The only concrete difference to you at the moment would be where the repo is hosted.)

ccing @msporny in case he has more context/desires on this.

@OR13

This comment has been minimized.

Copy link
Author

commented May 13, 2019

@kimdhamilton Thanks, so far I've not found another editor, I've made the announcement and asked around in a couple of channels. While I wait to hear back, is there any reason not to start informal and transition once I can find another editor / move the spec further along by myself?

@ChristopherA

This comment has been minimized.

Copy link
Contributor

commented May 13, 2019

Will you be coming to next #RWOT in Prague, Sept 3-6th? If yes, it would be a good place for you to submit this idea as a Advance Topic paper (gives you a big discount for event) and see if you can find some others to support your effort.

@kimdhamilton

This comment has been minimized.

Copy link
Contributor

commented May 14, 2019

@OR13, yes, please proceed with this as an informal work item. I'll check with the other chairs on Friday regarding any bookkeeping on our side, but otherwise you should be good to go.

@jandrieu

This comment has been minimized.

Copy link
Contributor

commented Jun 18, 2019

Orie,

Thanks for the effort on this.

From today's CCG call:

  1. Please submit the spec to the LD CryptoSuite Registry https://w3c-ccg.github.io/ld-cryptosuite-registry/#the-registration-process That's a natural listing for the work.

  2. We are happy to support this as an informal work item, which basically means we'll encourage contribution and help you advance it to where it can become a formal work item.

  3. Please resubmit when you get a second editor.

@jandrieu

This comment has been minimized.

Copy link
Contributor

commented Jun 18, 2019

Closing as not a formal work item.

@jandrieu jandrieu closed this Jun 18, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.