security ontology

[bblfish]

For Http Sig (latest) authentication (see demo) it is useful to have a way to link a WebID to a key. We developed the Cert ontology in 2008 for WebID-TLS, but since then the security ontology has been standardised.

I tried to understand how to use the security ontology and I think the way to do it is using security:controller, linking the key to the WebID (so something close to the inverse of cert:key).

@prefix security: <https://w3id.org/security#> .
@prefix rdf: <http://www.w3.org/2000/01/rdf-schema#> .

<#> a security:JsonWebKey2020 ;
   security:controller </people/alice#i> ;
   security:publicKeyJwk """{
     "alg": "PS512",
     "warning": "Don't use this key for real world examples, as the private key is publicly known. This is the key from <https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-message-signatures-13#page-82>.",
      "use": "sig",
      "kty":"RSA",
      "e":"AQAB",
      "n":"r4tmm3r20Wd_PbqvP1s2-QEtvpuRaV8Yq40gjUR8y2Rjxa6dpG2GXHbPfvMs8ct-Lh1GH45x28Rw3Ry53mm-oAXjyQ86OnDkZ5N8lYbggD4O3w6M6pAvLkhk95AndTrifbIFPNU8PPMO7OyrFAHqgDsznjPFmTOtCEcN2Z1FpWgchwuYLPL-Wokqltd11nqqzi-bJ9cvSKADYdUAAN5WUtzdpiy6LbTgSxP7ociU4Tn0g5I6aDZJ7A8Lzo0KSyZYoA485mqcO0GVAdVw9lq4aOT9v6d-nb4bnNkQVklLQ3fVAvJm-xdDOp9LCNCN48V2pnDOkFV6-U9nV5oyc6XI2w"
   }"""^^rdf:JSON .

I asked the following questions in an e-mail to the credentials CG mailing list, but I think it is going to get lost there in the noise.

I opened an issue "domain of publicKeyJWK should be rdf:JSON" as it seemed
the turtle should be using rdf:JSON as above
w3c/vc-data-integrity#73

It looks like the controller is documented now, and I think it fits, but it would be good to
have some feedback
https://w3c-ccg.github.io/security-vocab/#controller

There is also the question of whether sec:controller is the opposite of sec:publicKey
w3c/vc-data-integrity#74

The document I am writing [3] is a bit less of a spec than a HOWTO guide
and it gives a more extensive overview to help explain why this is a good idea.

At present, I only have keyID authentication working. Later I would like to enhance
it with credentials.

A key is an exact way of describing an agent (a functional property) and so I think it would be helpful to have some feedback from this group here.

[jeff-zucker]

@bourgeoa - you may wish to discuss with @bblfish your plan to create solid:privateKey and other cert-related predicates for using keys in SolidOS chat.