package rdf

https://w3id.org/security#

<div>A Linked Data signature is used for digital signatures on RDF Datasets. The default canonicalization mechanism is specified in the RDF Dataset Normalization specification, which deterministically names all unnamed nodes. Importantly, a `BbsBlsSignature` digests each of the statements produced by the normalization process individually to enable selective disclosure. The signature mechanism uses Blake2B as the digest for each statement and produces a single output digital signature.</div>

<div>A Linked Data signature is used for digital signatures on RDF Datasets. The default canonicalization mechanism is specified in the RDF Dataset Normalization specification, which deterministically names all unnamed nodes. Importantly, a `BbsBlsSignatureProof2020` is in fact a proof of knowledge of an unrevealed BbsBlsSignature2020 enabling the ability to selectively reveal information from the set that was originally signed. Each of the statements produced by the normalizing process for a JSON-LD document featuring a <a href="#BbsBlsSignatureProof2020">`BbsBlsSignatureProof2020`</a> represent statements that were originally signed in producing the `BbsBlsSignature2020` and represent the denomination under which information can be selectively disclosed. The signature mechanism uses Blake2B as the digest for each statement and produces a single output digital signature.</div>

<div>This class represents a data integrity signature key.</div>

<div>This class represents a data integrity signature key.</div>

<div>This class represents a data integrity proof used to encode a variety of cryptographic suite proof encodings.</div>

<div>This class represents a message digest that may be used for data integrity verification. The digest algorithm used will determine the cryptographic properties of the digest.</div>

<div>This class represents a data integrity verification method.</div>

<div>This class represents a data integrity signature.</div>

<div>This class represents a data integrity signature suite.</div>

<div>This class represents a data integrity signature suite.</div>

<div>This class represents a data integrity verification method.</div>

<div>T.B.D.</div>

<div>This class represents a data integrity verification method.</div>

<div>A linked data proof suite verification method type used with <a href="#Ed25519Signature2020">`Ed25519Signature2020`</a>.</div>

<div>A class of messages that are obfuscated in some cryptographic manner. These messages are incredibly difficult to decrypt without the proper decryption key.</div>

<div>A graph signature is used for digital signatures on RDF graphs. The default canonicalization mechanism is specified in the RDF Graph normalization specification, which effectively deterministically names all unnamed nodes. The default signature mechanism uses a SHA-256 digest and RSA to perform the digital signature.</div>

<div>A linked data proof suite verification method type used with <a href="#JsonWebSignature2020">`JsonWebSignature2020`</a></div>

<div>A Linked Data signature is used for digital signatures on RDF Datasets. The default canonicalization mechanism is specified in the RDF Dataset Normalization specification, which deterministically names all unnamed nodes. The default signature mechanism uses a SHA-256 digest and JWS to perform the digital signature.</div>

<div>This class represents a cryptographic key that may be used for encryption, decryption, or digitally signing data.</div>

<div>A Linked Data signature is used for digital signatures on RDF Datasets. The default canonicalization mechanism is specified in the RDF Dataset Normalization specification, which effectively deterministically names all unnamed nodes. The default signature mechanism uses a SHA-256 digest and RSA to perform the digital signature.</div>

<div>A Linked Data signature is used for digital signatures on RDF Datasets. The default canonicalization mechanism is specified in the RDF Dataset Normalization specification, which effectively deterministically names all unnamed nodes. The default signature mechanism uses a SHA-256 digest and RSA to perform the digital signature.</div>

<div>Linked Data signature is used for digital signatures on RDF Datasets. The default canonicalization mechanism is specified in the RDF Dataset Normalization specification, which effectively deterministically names all unnamed nodes. The default signature mechanism uses a SHA-256 digest and ECDSA to perform the digital signature.</div>

<div>Verification method to be used with, for example, data integrity proof cryptographic suites, such as the eddsa-2022 cryptographic suite. See the <a href="https://www.w3.org/TR/vc-di-eddsa/#multikey">EdDSA Cryptosuite v2022 specification</a> for further details.</div>

<div>This class represents a digital proof on serialized data.</div>

<div>Instances of this class are RDF Graphs, where each of these graphs must include exactly one Proof.</div>

<div>This class represents a data integrity signature suite.</div>

<div>This class represents a data integrity verification method.</div>

<div>This class represents a data integrity signature suite.</div>

<div>This class represents a data integrity verification method.</div>

<div>T.B.D.</div>

<div>This class represents a digital signature on serialized data. It is an abstract class and should not be used other than for Semantic Web reasoning purposes, such as by a reasoning agent. This class MUST NOT be used directly, but only through its subclasses.</div>

<div>Instances of this class are RDF Graphs, where each of these graphs must include exactly one Signature.</div>

<div>A Verification Method class can express different verification methods, such as cryptographic public keys, which can be used to authenticate or authorize interaction with the `controller` or associated parties. Verification methods might take many parameters.</div>

<div>This class represents a verification key.</div>

<div>An action that the controller of a capability may take when invoking the capability.</div>

<div>A `blockchainAccountId` property is used to specify a blockchain account identifier, as per the <a href="https://github.com/ChainAgnostic/CAIPs/blob/master/CAIPs/caip-10.md">CAIP-10Account ID Specification</a>.</div>

<div>The canonicalization algorithm is used to transform the input data into a form that can be passed to a cryptographic digest method. The digest is then digitally signed using a digital signature algorithm. Canonicalization ensures that a piece of software that is generating a digital signature is able to do so on the same set of information in a deterministic manner.</div>

<div>An action that can be taken given a capability.</div>

<div>An list of delegated capabilities from a delegator to a delegatee.</div>

<div>A restriction on the way the capability may be used.</div>

<div>The challenge property is used to associate a challenge with a proof, for use with a `proofPurpose` such as `authentication`. This string value SHOULD be included in a proof if a `domain` is specified.</div>

<div>The cipher algorithm describes the mechanism used to encrypt a message. It is typically a string expressing the cipher suite, the strength of the cipher, and a block cipher mode.</div>

<div>Cipher data is an opaque blob of information that is used to specify an encrypted message.</div>

<div>A cipher key is a symmetric key that is used to encrypt or decrypt a piece of information. The key itself may be expressed in clear text or encrypted.</div>

<div>A controller is an entity that claims control over a particular resource. Note that control is best validated as a two-way relationship, where the controller claims control over a particular resource, and the resource clearly identifies its controller.</div>

<div>A text-based identifier for a specific cryptographic suite.</div>

<div>An entity that delegates a capability to a delegatee.</div>

<div>The digest algorithm is used to specify the cryptographic function to use when generating the data to be digitally signed. Typically, data that is to be signed goes through three steps: 1) canonicalization, 2) digest, and 3) signature. This property is used to specify the algorithm that should be used for step 2. A signature class typically specifies a default digest method, so this property is typically used to specify information for a signature algorithm.</div>

<div>The digest value is used to express the output of the digest algorithm expressed in Base-16 (hexadecimal) format.</div>

<div>The `domain` property is used to associate a domain with a proof, for use with a `proofPurpose` such as `authentication` and indicating its intended usage.</div>

<div>An `ethereumAddress` property is used to specify the Ethereum address. As per the Ethereum Yellow Paper "Ethereum: a secure decentralised generalised transaction ledger" in consists of a prefix "0x", a common identifier for hexadecimal, concatenated with the rightmost 20 bytes of the Keccak-256 hash (big endian) of the ECDSA public key (the curve used is the so-called secp256k1). In hexadecimal, 2 digits represent a byte, meaning addresses contain 40 hexadecimal digits. The Ethereum address should also contain a checksum as per EIP-55.</div>

<div>The `expirationDate` property is used to associate an expiration date with a proof.</div>

<div>The expiration time is typically associated with a <a href="#Key">`Key`</a> and specifies when the validity of the key will expire.</div>

<div>The initialization vector (IV) is a byte stream that is typically used to initialize certain block cipher encryption schemes. For a receiving application to be able to decrypt a message, it must know the decryption key and the initialization vector. The value is typically base-64 encoded.</div>

<div>An invocation target identifies where a capability may be invoked, and identifies the target object for which the root capability expresses authority.</div>

<div>An identifier to cryptographic material that can invoke a capability.</div>

<div>The jws property is used to associate a detached Json Web Signature with a proof.</div>

<div>This property is used in conjunction with the input to the signature hashing function in order to protect against replay attacks. Typically, receivers need to track all nonce values used within a certain time period in order to ensure that an attacker cannot merely re-send a compromised packet in order to execute a privileged request.</div>

<div>An owner is an entity that claims control over a particular resource. Note that ownership is best validated as a two-way relationship where the owner claims ownership over a particular resource, and the resource clearly identifies its owner.</div>

<div>A secret that is used to generate a key that can be used to encrypt or decrypt message. It is typically a string value.</div>

<div>A private key PEM property is used to specify the PEM-encoded version of the private key. This encoding is compatible with almost every Secure Sockets Layer library implementation and typically plugs directly into functions intializing private keys.</div>

<div>The` proofPurpose` property is used to associate a purpose, such as `assertionMethod` or `authentication` with a proof. The proof purpose acts as a safeguard to prevent the proof from being misused by being applied to a purpose other than the one that was intended.</div>

<div>A string value that contains the data necessary to verify the digital proof using the `verificationMethod` specified</div>

<div>A public key property is used to specify a URL that contains information about a public key.</div>

<div>A public key Base58 property is used to specify the base58-encoded version of the public key.</div>

<div>A `publicKeyHex` property is used to specify the hex-encoded version of the public key, based on section 8 of rfc4648. Hex encoding is also known as Base16 encoding.</div>

<div>See the JOSE suite.</div>

<div><p>The public key multibase property is used to specify the multibase-encoded version of a public key. The contents of the property are defined by specifications such as ED25519-2020 and listed in the Linked Data Cryptosuite Registry. Most public key type definitions are expected to:</p> <ul> <li>Specify only a single encoding base per public key type as it reduces implementation burden and increases the chances of reaching broad interoperability. <li>Specify a multicodec header on the encoded public key to aid encoding and decoding applications in confirming that they are serializing and deserializing an expected public key type. <li>Use compressed binary formats to ensure efficient key sizes. </ul></div>

<div>A public key PEM property is used to specify the PEM-encoded version of the public key. This encoding is compatible with almost every Secure Sockets Layer library implementation and typically plugs directly into functions initializing public keys.</div>

<div>The publicKeyService property is used to express the REST URL that provides public key management services.</div>

<div>The revocation time is typically associated with a <a href="#Key">`Key`</a> that has been marked as invalid as of the date and time associated with the property. Key revocations are often used when a key is compromised, such as the theft of the private key, or during the course of best-practice key rotation schedules.</div>

<div>Examples of specific services include discovery services, social networks, file storage services, and verifiable claim repository services.</div>

<div>A network address at which a service operates on behalf of a controller. Examples of specific services include discovery services, social networks, file storage services, and verifiable claim repository services. Service endpoints might also be provided by a generalized data interchange protocol, such as extensible data interchange.</div>

<div>The property is used to associate a proof with a graph of information. The proof property is typically not included in the canonicalized graph that is then digested, and digitally signed.</div>

<div>The signature algorithm is used to specify the cryptographic signature function to use when digitally signing the digest data. Typically, text to be signed goes through three steps: 1) canonicalization, 2) digest, and 3) signature. This property is used to specify the algorithm that should be used for step #3. A signature class typically specifies a default signature algorithm, so this property rarely needs to be used in practice when specifying digital signatures.</div>

<div>The signature value is used to express the output of the signature algorithm expressed in base-64 format.</div>

<div>The x509CertificateChain property is used to associate a chain of X.509 Certificates with a proof. The value of this property is an ordered list where each value in the list is an X.509 Certificate expressed as a DER PKIX format, that is encoded with multibase using the base64pad variant. The certificate directly associated to the verification method used to verify the proof MUST be the first element in the list. Subsequent certificates in the list MAY be included where each one MUST certify the previous one.</div>

<div>The x509CertificateFingerprint property is used to associate an X.509 Certificate with a proof via its fingerprint. The value is a multihash encoded then multibase encoded value using the base64pad variant. It is RECOMMENDED that the fingerprint value be the SHA-256 hash of the X.509 Certificate.</div>