Should trusted metadata be documented in notebook file format?

[krassowski]

nbformat (Python package) handles trusted as described in https://nbformat.readthedocs.io/en/latest/api.html#module-nbformat.sign. The Cell metadata chapter of the Notebook file format does not describe trusted. Should trusted be added to specification, or is this an implementation detail which was intentionally omitted? If it is omitted by choice, what is the right place to document/discuss quirks around it?

Cross-referencing related discussions:

• Markdown cells break notebook trust jupyterlab/jupyterlab#12889
• Notebook trust is different compared to the Classic Notebook jupyterlab/jupyterlab#14025

[westurner]

W3C LD-PROOFS (& JSONLD) would be a better solution than the helpful existing ad-hoc digital signature solution: - LD-PROOFS expects signatureSuite to be a URI describing which digital signature algorithm a signatureValue was created with - LD- PROOFS specifies a graph normalization algorithm; how to sort any RDF format before signing - I believe it's possible to normalize and sign any JSON with ld-signatures; but would really like to see nbformat notebooks be JSON-LD documents (in order to publish Linked Data with Jupyter Notebooks; for meta-science) - "Add JSONLD @context to the top level .ipynb node" #44

…

On Sun, Feb 19, 2023, 4:41 PM Michał Krassowski ***@***.***> wrote: nbformat (Python package) handles trusted as described in https://nbformat.readthedocs.io/en/latest/api.html#module-nbformat.sign. The Cell metadata <https://nbformat.readthedocs.io/en/latest/format_description.html#cell-metadata> chapter of the Notebook file format does not describe trusted. Should trusted be added to specification, or is this an implementation detail which was intentionally omitted? If it is omitted by choice, what is the right place to document/discuss quirks around it? Cross-referencing related discussions: - jupyterlab/jupyterlab#12889 <jupyterlab/jupyterlab#12889> - jupyterlab/jupyterlab#14025 <jupyterlab/jupyterlab#14025> — Reply to this email directly, view it on GitHub <#349>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAAMNSZOWG4JPV44PPKQR6LWYKHPNANCNFSM6AAAAAAVBGAQJ4> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

[Carreau]

IIRC, trust metadata should not be part of the format as is should be only a transiant key that is not saved.

[krassowski]

If that is not part of nbformat, then where should the specification for it live?

[Carreau]

Good question, it use to be that the schema/validation had two modes:

• In memory and
• On disk
  Those transient keys should definitely not be on disk.