There are three main parts:
- How to make RDF Content-addressable: Basically two tricks: How to group RDF statements and how the grouping can be encoded in a canonical form.
- How to sign content addressed RDF: Once RDF is content-addressed it can be signed by simply signing it’s identifer (which is the hash). This introduces a small vocabulary for doing this based on the OpenBSD signify tool.
- A secure way of doing content-addressing (ERIS): Naive content-addressing (just using the hash of the content) has some downsides. We present a scheme that was very much influenced by Datashards on how to securely store immutable content.
All together we hope this might serve as robust and implementable foundations for offline-first and decentralized applications and to maybe pave a way towards decentralized ActivityPub.
We have a demo that runs in the browser to show how this all works. The demo is capable of encoding any ActivityPub content (any JSON-LD) and I invite you to try it out.
The demo also shows how all this works for content-addressed vocabularies
Relation to Datashards
ERIS (the scheme for content-addressing) is very much influenced by immutable Datashards.
The research started as an attempt to reimplement Datashards but grew out to explore some other ideas. The main differences are:
- Different crypto primitives (BLAKE2b + ChaCha20 instead of SHA256 + AES)
- Blocks are combined in a tree (instead of a chain)
- Adds a verification capability (allows content to be cached without being able to read content)
- No mechanism for mutable content
Idea is to converge in the future, discussion and work towards that has already started.
Does this make signing JSON-LD easier?
Eeh, kind of…
A design goal is implementability. However it starts at the RDF level.
We intend to implement this in an Elixir ActivityPub server and get some hands-on experience.
I’d be very happy for feedback, comments and questions. If anybody is interested in experimenting and implementing I would be thrilled.