Assume that we want to sign this bit of JSON-LD:
{
"@context": "https://w3id.org/identity/v1",
"title": "Hello World!"
}This is what the Linked Data Signature looks like:
{
"@context": ["https://w3id.org/identity/v1", "https://w3id.org/security/v1"],
"title": "Hello World!",
"signature": {
"type": "LinkedDataSignature2015",
"created": "2016-04-23T14:30:07Z",
"creator": "https://example.com/jdoe/keys/1",
"domain": "json-ld.org",
"nonce": "828dca8b",
"signatureValue": "UARn/XqdyDfT7h/2Hn3/ohw4puFriWzuen9fSLFUG78kC/O8gLWr2+n
A+xBny29UqKovx3tztWmjNb9lmHQtqDXWSGAYp+nPaoJddeS/5A3dZXpEOXz8y3Io3mHVIAK
V0nRVFFqMaaA2YGsPJ+ORFBddpMsyvdjvrA0KlJv9zMM="
}
}The LD signature size is 392 bytes (and stays fairly constant based on private key size).
This is what the JWT looks like:
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2p3dC1pZHAuZXhhbXBsZ
S5jb20iLCJzdWIiOiJtYWlsdG86bWlrZUBleGFtcGxlLmNvbSIsIm5iZiI6MTQ2MTQyMTYyNSwiZXh
wIjoxNDYxNDI1MjI1LCJpYXQiOjE0NjE0MjE2MjUsImp0aSI6ImlkMTIzNDU2IiwidHlwIjoiaHR0c
HM6Ly9leGFtcGxlLmNvbS9yZWdpc3RlciJ9.lxoG1nWRCitcr45hNqQzaglIQZuSlmEjzPZ1Zb0wTS
FQoes3VVieYpBRXw0TqMYluMHh5Y4id8NQXwdg4bOBfV4X7fmwhCCnq8GrA3WI5HKzvEo57-XMHBrV
xFp8BPjjwQZLB_vvLUzWUG1QpjXsoepyKi7XLD2MzWFNjASkf7iqH53B7EhlqNw7bCF7tgzkBfKlEw
0DCa7jO_nPuIUe7_BPEv7Ozm-VMthZVJeNPKewIwqi5ld3Mef0F-Ft1-A7o7Z-tnnuzOzPc7S0G6xg
HRnD08RrmTM2R2LLrgKFuBsMKJ8GD4QnEgTzmhiaFPlvH2NRY9OPBOFNCNm1FAFXJg
The JWT signature size is 612 bytes (and grows based on the size of the payload - so could be 1MB if payload is around 1MB)
Questions to ponder wrt. the JWT signature:
- How do you solve the graph isomorphism problem?
- What happens when developer syntax preferences change?
- Is the signature valid across a variety of syntaxes?
- The data is unreadable by a human being (developer). Is that a problem?
- How do you express it in an HTML web page so a search crawler can pick up the data?