| - "Graph of Keybase commits pre and post Zoom acquisition" (2021) https://news.ycombinator.com/item?id=28814802 : - "Key server (cryptographic)" https://en.wikipedia.org/wiki/Key_server_(cryptographic) - W3C DID Decentralized Identifiers (that you can optionally locally generate like pubkey hash account identifiers) - "Linked Data Signatures for GPG" https://gpg.jsld.org/ ; GPG in (JSON-LD) RDF - ld-signatures is now W3C vc-data-integrity:
"Verifiable Credential Data Integrity 1.0
Securing the Integrity of Verifiable Credential Data" https://www.w3.org/TR/vc-data-integrity/ - An example of GPG signatures on linked data documents:
https://gpg.jsld.org/contexts/#GpgSignature2020 - vc-data-integrity specifies how to normalize the document by sorting keys ~ in the JSON before cryptographically signing the transformed, isomorphic graph - SLSA.dev also specifies signed provenance metadata (optionally with sigstore.dev for centralized release artifact hashes), but not (yet?) with Linked Data - Blockcerts: blockchain-certificates/cert-verifier-js ,
https://www.blockcerts.org/guide/ : > Blockcerts is an open standard for building apps that issue and verify blockchain-based official records. These may include certificates for civic records, academic credentials, professional licenses, workforce development, and more. > Blockcerts consists of open-source libraries, tools, and mobile apps enabling a decentralized, standards-based, recipient-centric ecosystem, enabling trustless verification through blockchain technologies. > Blockcerts uses and encourages consolidation on open standards. Blockcerts is committed to self-sovereign identity of all participants, and enabling recipient control of their claims through easy-to-use tools such as the certificate wallet (mobile app). Blockcerts is also committed to availability of credentials, without single points of failure. - [ ] SCH: link a git commit graph (with GPG signatures) with other linked data of an open source software project; for example (SLSA,) build logs and JSON-LD SBOMs. - >> Is there an ACME-like thing to verify online identity control like Keybase still does? |