Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ownership of data #10

Open
zander opened this issue Jan 29, 2019 · 1 comment
Open

Ownership of data #10

zander opened this issue Jan 29, 2019 · 1 comment

Comments

@zander
Copy link

zander commented Jan 29, 2019

I like the idea of JSON-LD, but I see a problem with ownership of data. Specifically your example of the wordpress logo thousands of people on the net now trust one machine to provide the logo for their services.

Similar problem is if some ISP hosts a bunch of services and to make it searchable people need to link to it. Then the ISP merges with another and all of a sudden a lot of your links go down. The ISP that offers its services is essentially dependent on a 3rd party to index their json.

I would also note that as we go into the new year we hear more about countries and ISPs limiting access to information. Even in Europe ISPs censor. Censorship to the metadata files would be a very potent attack against this system.

I would suggest a two pronged approach to solve this:

  1. Duplication of meta-data by many of the "nodes". This makes searching / comparing offline a LOT easier, this makes it possible to see what was lost when a website goes down. Last this solves the problem of discoverability. It becomes push instead of pull.

  2. using public-key cryptography to sign the JSONs, or sign changes in order to establish ownership. What you are looking for is that if a provider changes his name or logo that this is a change that is signed by the provider and the world only accepts a valid signed change. This solves the problem of trust. Instead of having to trust the json-ld links, the DNS and the hosting provider to always and to everyone provide the same output, a series of nodes as mentioned in point 1 will distribute it after checking the signature.

I'd guess that 90% of the current design can stay exactly as you already designed this. Which is awesome, it would likely be an addition of crypto-proofs and a mindset to not trust that is needed to change.

@pierreozoux
Copy link
Member

Sounds like a fair comment :) feel free to PR to reflect your thinking.

I think we have 2 topics to discuss.

  1. Proxy the metadata, I think we can look at what GitHub did with their camo.proxy afaicr
  2. Identity is a good idea. But DNS plus cert is not enough? What is a concrete problem do you see?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants