Reading the notes for the last committer call, I see that there was an open question about whether the result of a fixity check should be persisted in the repository. The work that has been done to date on the fixity spec has presumed that, but without a documented design goal for the service I don't know how to judge the necessity of that.
There's an argument to be made that all we ought to require is that a LDP-S support:
1. LDP-NR with description, so that there's a resource to attach fixity info to
2. Want-Digest
and that everything else is a client application (eg, the client application can decide where it will store the original checksum in the repository, issue HEAD with Want-Digest on its own schedule, and do what it will with match data). Even the versioning spec is optional if the client only cares about the most recent state.
This has the considerable advantage of being a minimal departure from LDP 1 (and very easy to implement), but I think it also means the API Spec doesn't have a Fixity Spec- the requirement of Want-Digest can just go into CRUD/LDP refinement, and fixity becomes a use case. It also means clarifying that fixity assertions stored in the repo don't have any endorsement by the repo: the client is just inserting assertions in the user data space. That seems like it would also relocate some responsibilities attached to TDR verification to the application layer.
If we go in that direction, it may also be worth considering whether we should propose an Expect header token to LDP-Next for expected digest values.
- Ben