W3C home > Mailing lists > Public > public-credentials@w3.org > July 2016

Re: JWT. Re: Agenda: Verifiable Claims Teleconference - Tuesday, July 19th 2016

From: David Chadwick <d.w.chadwick@kent.ac.uk>
Date: Tue, 19 Jul 2016 20:25:10 +0100
To: public-credentials@w3.org
Message-ID: <ae08591a-731b-a6d8-3a70-32a070747e28@kent.ac.uk>

On 19/07/2016 18:05, Anders Rundgren wrote:
> Why would anybody (in their right mind...) provide a claim like this?

Ditto for an X.509 certificate, but they do.

We must differentiate between data transferred in a format for computers
to process, and tools that render data in a human readable format. X.509
software providers screwed up badly in providing good GUIs for
displaying X.509 certificates. Lets hope that JOSE software providers do
a much better job. If they do, the transfer format is not that
important. If they dont, then a transfer format that is human readable
becomes highly desirable

David

> 
> EXAMPLE 4: A JOSE JWT verifiable claim
> 
> eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2Rtdi
> 5leGFtcGxlLmdvdiIsImlhdCI6MTI2MjMwNDAwMCwiZXhwIjoxNDgzMjI4ODAwL
> CJhdWQiOiJ3d3cuZXhhbXBsZS5jb20iLCJzdWIiOiJkaWQ6ZWJmZWIxZjcxMmVi
> YzZmMWMyNzZlMTJlYzIxIiwiZW50aXR5Q3JlZGVudGlhbCI6eyJAY29udGV4dCI
> 6Imh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvdjEiLCJpZCI6Imh0dHA6Ly9leG
> FtcGxlLmdvdi9jcmVkZW50aWFscy8zNzMyIiwidHlwZSI6WyJDcmVkZW50aWFsI
> iwiUHJvb2ZPZkFnZUNyZWRlbnRpYWwiXSwiaXNzdWVyIjoiaHR0cHM6Ly9kbXYu
> ZXhhbXBsZS5nb3YiLCJpc3N1ZWQiOiIyMDEwLTAxLTAxIiwiY2xhaW0iOnsiaWQ
> iOiJkaWQ6ZWJmZWIxZjcxMmViYzZmMWMyNzZlMTJlYzIxIiwiYWdlT3ZlciI6Mj
> F9fX0.LwqH58NasGPeqtTxT632YznKDuxEeC59gMAe9uueb4pX_lDQd2_UyUcc6
> NW1E3qxvYlps4hH_YzzTuXB_R1A9UHXq4zyiz2sMtZWyJkUL1FERclT2CypX5e1
> fO4zVES_8uaNoinim6VtS76x_2VmOMQ_GcqXG3iaLGVJHCNlCu4
> 
> AFAICT, JWT was designed for short-lived tokens.
> 
> Anders
> 
> 
Received on Tuesday, 19 July 2016 19:25:45 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:30 UTC