Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Describe how to transform a key id into an actor id #9

Closed
Tracked by #26
evanp opened this issue Jan 31, 2024 · 6 comments
Closed
Tracked by #26

Describe how to transform a key id into an actor id #9

evanp opened this issue Jan 31, 2024 · 6 comments
Labels
P1 top priority

Comments

@evanp
Copy link
Collaborator

evanp commented Jan 31, 2024

I think the algorithm is roughly:

If the key ID has a fragment...

  • fetch the resource at the HTTPS URL
  • look for a property with the same name as the fragment
  • get the owner of that property

If the key ID does not have a fragment...

  • fetch the resource at the HTTPS URL
  • get the owner of that resource
@snarfed snarfed added the P1 top priority label Feb 5, 2024
@perillamint perillamint mentioned this issue Feb 7, 2024
Closed
@perillamint
Copy link

perillamint commented Feb 11, 2024
edited
Loading

Also, I think the following constraints would be necessary:

  • keyid MUST be a valid URI
  • keyid MUST have the same authority as actor id (To enforce server ban much more effectively AND prevent identity spoofing)
  • Validator MUST reject if an actor's keyid does not meet the criteria.

For the keyid without fragment... I think it should (or must) be discouraged, because it will prevent us having multiple key slot in the future.

@snarfed snarfed mentioned this issue Feb 26, 2024
Closed
23 tasks
@evanp
Copy link
Collaborator Author

evanp commented Feb 29, 2024

For the keyid without fragment... I think it should (or must) be discouraged, because it will prevent us having multiple key slot in the future.

I don't think that's true at all. https://social.example/key/1 and https://social.example/key/2 can have the same owner property.

Also, publicKey can have multiple values.

@snarfed
Copy link
Collaborator

snarfed commented Mar 29, 2024

Also, publicKey can have multiple values.

@evanp publicKey is https://w3c-ccg.github.io/security-vocab/#publicKey , right? Can you describe briefly how to confirm that it can be multiply valued? I'd like to incorporate that into #8 (comment).

@snarfed
Copy link
Collaborator

snarfed commented Mar 29, 2024

(I expect any conclusion here this to be incorporated in the draft text in #8 (comment).)

@tesaguri
Copy link

tesaguri commented Mar 29, 2024
edited
Loading

Also, publicKey can have multiple values.

publicKey is https://w3c-ccg.github.io/security-vocab/#publicKey , right? Can you describe briefly how to confirm that it can be multiply valued?

The property isn't defined to be "functional" (single-valued), and generally speaking, an RDF property not explicitly specified to be functional can have multiple values because the functionality is opt-in IIUC.

And that seems to actually match the intention of the Security Vocabulary spec, since the spec has a number of examples that use the term with an array value (search the spec for "publicKey": [!).

@snarfed
Copy link
Collaborator

snarfed commented Mar 29, 2024

Thanks @tesaguri!

@snarfed snarfed closed this as completed Apr 4, 2024
@tesaguri tesaguri mentioned this issue Jul 11, 2024
Closed
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
P1 top priority
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@evanp @snarfed @perillamint @tesaguri