search

w3c-ccg / community

COMMUNITY: W3C Credentials Community Group Community Repo
https://w3c-ccg.github.io/community
Other
41 stars 6 forks source link

Add OpenPgpSignature2019 as a JSON-LD Signature Suite #71

Closed OR13 closed 5 years ago

OR13 commented 5 years ago

New Work Item Proposal

Categories: Exploration

Abstract

OpenPgpSignature2019 is a JSON-LD Signature Suite that uses OpenPGP for signing and verifying, and is otherwise like RsaSignature2017 and others, I've done my best to get it as close to the other references as possible.

https://github.com/transmute-industries/PROPOSAL-OpenPgpSignature2019

GPG/PGP/OpenPGP have support in many existing software systems, such as Github, are familiar to many users, and offer a unique opportunity to bridge older more established privacy technologies with new emerging standards like the DID spec, so long as the integration with JSON-LD Signatures can be formalized.

I'm seeking collaborators for reviewing the implementation, completing the signature suite spec, cross linking to relevant specs, and any comments or suggestions.

I'm also happy contribute the codebase to the DIF or elsewhere if that is recommended, its my hope that this JS implementation might be followed by other languages, and having a well formed spec is key to supporting that.

I'm a member of the DIF and this working group, but not this github org. I've spoken to @msporny about this, and he suggested I follow the guidelines for a new work item.

Editors/Contributors: @or13

kimdhamilton commented 5 years ago

Reach out to Transmute

OR13 commented 5 years ago

@kimdhamilton I am Cofounder / CTO at Transmute, sorry should probably have mentioned that. We're members of the DIF and the W3C. Our work with DID and Verifiable Credentials, has motivated us to expand support for larger key types in ethr-did https://github.com/uport-project/ethr-did/pull/30, and we believe that support for PGP might be an attractive target for DID interoperability, assuming we can define the signature suite in sufficient detail. We also work on https://github.com/decentralized-identity/element and https://github.com/decentralized-identity/github-did.

In working with JSON-LD signature suites, particularly ones which support secp256k1, I've been frustrated by implementation differences that can cause incompatibility across implementations for the same suite, for example: https://github.com/jolocom/jolocom-lib/issues/261

My hope is to ensure that if there is a suite approved for OpenPGP it does not suffer similar challenges.

kimdhamilton commented 5 years ago

Hi @OR13, Thanks for submitting this. I just wanted to check if you want to submit this as a "formal" vs "informal" work item. If it's a formal work item, then we can host the repo in the w3c ccg github org, but there are a few extra requirements. Details are in "Work Item Process" in our process doc, but I'll summarize the extra steps needed for acceptance as a formal work item here:

  1. Work Items need at least two editors responsible for advancing it. The editors must include representation from at least two companies.

It's possible Manu will sign up with you, but this other person needs to be identified before the work item can be proposed.

  1. Post an announcement to the CCG mailing list Credentials Community Group public-credentials@w3.org, linking to this issue.

Afterward, the chairs will announce a review period to gather feedback from the community. If this sounds like overkill for what you intended, the informal work item review process is much more lax, and we can go ahead and proceed. (The only concrete difference to you at the moment would be where the repo is hosted.)

ccing @msporny in case he has more context/desires on this.

OR13 commented 5 years ago

@kimdhamilton Thanks, so far I've not found another editor, I've made the announcement and asked around in a couple of channels. While I wait to hear back, is there any reason not to start informal and transition once I can find another editor / move the spec further along by myself?

ChristopherA commented 5 years ago

Will you be coming to next #RWOT in Prague, Sept 3-6th? If yes, it would be a good place for you to submit this idea as a Advance Topic paper (gives you a big discount for event) and see if you can find some others to support your effort.

kimdhamilton commented 5 years ago

@OR13, yes, please proceed with this as an informal work item. I'll check with the other chairs on Friday regarding any bookkeeping on our side, but otherwise you should be good to go.

jandrieu commented 5 years ago

Orie,

Thanks for the effort on this.

From today's CCG call:

  1. Please submit the spec to the LD CryptoSuite Registry https://w3c-ccg.github.io/ld-cryptosuite-registry/#the-registration-process That's a natural listing for the work.

  2. We are happy to support this as an informal work item, which basically means we'll encourage contribution and help you advance it to where it can become a formal work item.

  3. Please resubmit when you get a second editor.

jandrieu commented 5 years ago

Closing as not a formal work item.