commit: 6be315e65b4163a2e3e37f7c8eb3fec5a6947136
parent 083f3112a6f697eae0e07fc28092d1f8f9c2851c
Author: William Pitcock <nenolod@dereferenced.org>
Date: Mon, 15 Apr 2019 20:52:30 -0500
lice: replace old property sealing method with formal attestations
Diffstat:
M | lice.md | 66 | +++++++++++++++++++++++++++++++++++++++++++++++++++++++++--------- |
1 file changed, 57 insertions(+), 9 deletions(-)
diff --git a/lice.md b/lice.md
@@ -145,6 +145,53 @@ An example proof object looks like this:
```
+### Attestation of Properties in the Referent Object
+
+An `attestations` object contains properties and values that must match the
+properties and values in the referent object.
+
+In the event that an `attestations` object is included, the `id` property
+MUST NOT be present.
+
+When verifying proof objects that contain an `attestations` object, the verifier
+MUST ensure that the object being authorized against the proof has the same
+properties as present in the proof object. In the event that the proof object's
+child fragments and the referent object disagree, the verifier MUST fail the
+verification.
+
+An example proof object with an `attestations` object:
+
+```
+{
+ "@context": [
+ "https://www.w3.org/ns/activitystreams",
+ "https://litepub.social/litepub/lice-v0.0.1.jsonld"
+ ],
+ "id": "https://example.social/proofs/fa43926a-63e5-4133-9c52-36d5fc6094fa",
+ "type": "Accept",
+ "actor": "https://example.social/users/bob",
+ "object": {
+ "id": "https://example.social/activities/12945622-9ea5-46f9-9005-41c5a2364f9c",
+ "type": "Like",
+ "object": "https://example.social/objects/d6cb8429-4d26-40fc-90ef-a100503afb73",
+ "actor": "https://example.social/users/alyssa",
+ "to": [
+ "https://example.social/users/alyssa/followers",
+ "https://example.social/users/bob"
+ ]
+ }
+ "attestations": {
+ "type": "Like",
+ "object": "https://example.social/objects/d6cb8429-4d26-40fc-90ef-a100503afb73",
+ "to": [
+ "https://example.social/users/alyssa/followers",
+ "https://example.social/users/bob"
+ ]
+ }
+}
+```
+
+
## Invocation
When a proof object is required in order to prove an activity is authorized, it MUST be
@@ -221,17 +268,18 @@ fetching the proof object if a valid signature is not present.
[lds]: https://w3c-dvcg.github.io/ld-signatures/
-### Asserting Properties in the Child Object
+### Verifying Attestations
-Proof objects MAY include fragments of the child object being authorized. In the
-event that a fragment of the child object is included, at least the `id` property
-must be present.
+*This section is non-normative.*
-When verifying proof objects that contain fragments of a child object, the verifier
-MUST ensure that the object being authorized against the proof has the same
-properties as present in the proof object. In the event that the proof object's
-child fragments and the referent object disagree, the verifier MUST fail the
-verification.
+Implementations MUST check that properties in the `attestations` object match
+properties in the referent object. In most cases, this is done by doing a
+literal comparison.
+
+When comparing sets (JSON arrays), an implementation SHOULD iterate over the
+values in the attested property and verify set membership in the referent
+property for every value. As an optimization, an implementation MAY normalize
+a copy of both properties and match that the sequence is identical.
# Security Considerations