search

decentralized-identity / confidential-storage

Confidential Storage Specification and Implementation
https://identity.foundation/confidential-storage/
Apache License 2.0
79 stars 23 forks source link

Reifying json-ld within Hub Permissions is confusing #6

Closed jmandel closed 4 years ago

jmandel commented 5 years ago

Payloads like

{
  "@context": "schema.identity.foundation/Hub/",
  "@type": "PermissionGrant",
  "owner": "did:example:12345",
  "grantee": "did:example:67890",
  "context": "schemas.clothing.org",
  "type": "measurements",
  "allow": "-R--"
}

include some properties defined at the JSON-LD layer (@context, @type) and some model-specific properties like (context, type). This is confusing in part as a naming challenge, but beyond this, it seems to be an issue of not really using LD semantics here.

I don't know how to dereference schema.identity.foundation/Hub, so I'm not 100% sure what the intended default @context says, but one opportunity would be to combine (context + type) properties into a single IRI identifying an object type, like:

{
  "@context": ["schema.identity.foundation/Hub/", {
    "clothing": "schemas.clothing.org"
  }],
  "@type": "PermissionGrant",
  "owner": "did:example:12345",
  "grantee": "did:example:67890",

  // equivalently any one of the following valid representations of an IRI
  "accessToType": "schemas.clothing.org/measurements",

  "accessToType": "clothing:measurements",

  "accessToType": {
    "@id": "schemas.clothing.org/measurements",
  }

  "allow": "-R--"
}

Maybe this boils down to a question: to what extend does the Identity Hub expect to "speak" JSON-LD, vs just decorating payloads with @context properties as a matter of convention?

tplooker commented 4 years ago

This issue was discussed on the 07/05/2020 call and the suggested resolution was to close in the next week if there are no objections

jmandel commented 4 years ago

No objections, but I'd love to know if there's some consensus on the answer to the question here: to what extent does an identity hub need to understand json-ld semantics?

OR13 commented 4 years ago

@jmandel pretty sure it does not, but a more general version of your question is what format does the system store... CBOR, JSON?

If you want to store JSON-LD, you are storing JSON. I don't think there is intention to use JSON-LD at any of the layers.

The one place where it does show up in the 3 implementations I am aware of is Authorization Capabilities for HTTP... But I suspect that will not be the only defined mechanism for authorization.

OR13 commented 4 years ago

Close this issue if you feel it has been addressed, you are responsible for moving it forward if you think that will be helpful :)