WebSig: A Digital Signature Framework for the Web

McCusker, Jamie

Author

McCusker, Jamie

Other Contributors

Date Issued

2015-08-31

Degree

Terms of Use

Metadata

Show full item record

URI

http://archive.tw.rpi.edu/media/latest/websig_jpm_thesis.pdf; https://hdl.handle.net/20.500.13015/4479

Abstract

WebSig is a digital signature scheme for the web that uses Resource Description Framework (RDF) graphs to express its documents, document metadata, and signature data in a way that leverages existing trustable digital signature schemes to create signatures on computable documents that are trustable and minimally repudiable. WebSig is a proof of concept that shows that a digital signature scheme for RDF can be trustable across any possible representation of an RDF document and minimize the opportunities for repudiation of those signatures. We demonstrate this by showing how digital signature scheme that are attributable, verifiable, linkable, revisable, and portable, are also computable and trustable digital signature schemes. We also introduce evaluation criteria for those five qualities and demonstrate how WebSig provides all five. WebSig supports the verifiable signing of any RDF graph through the use of another contribution, the Functional Requirements for Information Resources (FRIR) information identity framework. FRIR is a provenance-driven identity framework that can provide interrelated identities for RDF graphs and other information resources. The RDF Graph Digest Algorithm 1 (RGDA1), a third contribution, provides an algorithm that can create platform-independent, cryptographically secure, reproducible identifiers for all RDF graphs. FRIR and the RGDA1 both supply the means to securely identify the signed document and any supporting RDF graphs, and are essential to supplying all five qualities needed to provide computable and trustable signatures. WebSig builds off of existing technologies and vocabularies from the domains of cryptography, computer security, semantic web services, semantic publishing, library science, and provenance. This dissertation’s contributions will be presented as follows: 1) Sufficiency proof that attributable, verifiable, portable, linkable, revisable digital signature schemes are trustable, computable, and minimally repudiable; 2) Functional Requirements for Information Re- sources (FRIR), a provenance-enabled, trustable, computable identity framework for information resources; 3) experimental evidence that RDF Graph Digest Algorithm 1 (RGDA1) provides reproducible identifiers for all RDF graphs in average case polynomial time; and 4) WebSig, a framework that lets users create legally-binding electronic documents that are both trustable and computable.;