proofPurpose range must be a Class containing verification relationships (was: Discrepancies between the spec and the vocabulary) #248
Comments
If we were only considering DI, you'd be correct. The one thing that I haven't thought too deeply about is how this will affect DID Documents, which do use the https://www.w3.org/TR/did-core/#verification-relationships Same for DI: https://w3c.github.io/vc-data-integrity/#verification-relationships How do we align both needs, @iherman? |
|
first of all, ouch! 😀 The DI usage is indeed fundamentally different from the DID case. (The section on verification relationships in DI is an almost verbatim copy of the DID spec, I do not think it adds anything to it.) In an ideal situation, I would characterize that as a bug in modeling, but I presume it is too late for that. But that is my personal reaction, because... in RDF it is allowed to use the same term (ie, the same URI) both for a predicate and (as here) an individual. Ie, my proposal would have to change to say:
The practical problem may be that the yml2vocab tool will (probably) fall on its face if we do that: the tool relies on the separation of individuals from properties (and classes). Alternatively, we may also play down all this, keep these properties as they are, ie, not adding an explicit type relationship to So the situation may be salvaged, but I really do believe this modeling, well, "trick" must be documented somewhere to make it explicit. I would note that the current text on verification relationships in the DI spec sounds so much "isolated", without real reference to the rest of the DI spec, that this may be a good opportunity to add such a description in there. cc this to @pchampin. Maybe he has some additional trick up his sleeve... |
msporny
added
CR1
|
Coming back to this issue, here is, I believe what we have to change. The good news is that it is only a change in the vocabulary. There may be an editorial change in the spec if we really want to make it nice. Here are some excerpts from the vocabulary (I only do this for sec:verificationMethods rdf:range sec:VerificationMethod.
sec:JsonWebKey rdfs:subclassOf sec:VerificationMethods .
sec:Multikey rdfs:subClassOf sec:VerificationMethod .
sec:authentication rdf:type rdf:Property ;
rdfs:range VerificationMethod .There is also this which, I think, should be changed: sec:proofPurpose rdfs:range xsd:string; And the followings should be added: sec:VerificationRelationship rdf:type rdf:Class ;
rdfs:isDefinedBy <https://www.w3.org/TR/vc-data-integrity/#verification-relationships> .
sec:authentication rdf:type VerificationRelationship .
sec:proofPurpose rdfs:range sec:VerificationRelationship .I.e., we define a new top level class to model the collection of verification relationships; the current ones are part of the class, and the proof purpose refers to individuals in that class. I am not yet sure whether that will go through |
|
Overall, looks right. One thing — If I understand correctly, you mean to delete — — which will be replaced by this (last of the "to be added" block) — — but since the former ends with (In other words, change |
|
these are copy-pastes from the turtle version of the vocabulary, and I did not pay too much attention to the ';' vs '.'. Sorry. My intention is to replace the range for |
iherman
changed the title
|
PR #258 has been raised; if that PR is merged, this issue can be closed. |
|
PR #258 has been merged, closing. |
The spec says for the
proofPurposeproperty:The vocabulary specification claims that the range is an
xsd:string, i.e., it is a Literal; but the text above says, in a somewhat convoluted way, that the value, in RDF terminology, is not a literal but a "real" resource.Looking at the usage of the terms, Example 2 says:
{ "proof": { … "proofPurpose": "assertionMethod", … } }The base context does some tricks using
"@type":"@vocab", and the result of these lines result, in Turtle, in the following quads:which shows that the range of
proofPurposeis an RDF Resource with, in this case, the URLhttps://w3id.org/security#assertionMethod.But then it goes further. The vocabulary specification for
assertionMethod(and forauthentication, etc...) defines this term as a property with a rangeVerificationMethod. That does not coincide with the usage in the example. Instead,assertionMethodis used as an individual and not as a property. Also, these individuals have nothing to do, relationship-wise, with the Verification Method. Instead, they could be characterized as individuals, all of the typeProofPurpose(this class is not part of the security vocabulary).Based on all these, I think the following changes must be done on the di vocabulary:
ProofPurpose(formally defined in §2.2)proofPurposeis the (new)ProofPurposeclass (and not a string literal, as it says now)authentication,assertionMethod,capabilityDelegation,capabilityInvocation, andkeyAgreementare all to be defined as individuals, all of the typeProofPurpose(and not as properties as they are now).cc @dlongley @msporny
(Obviously, if we have an agreement, the creation of the corresponding PR will be on me.)
The text was updated successfully, but these errors were encountered: