JWT credentials from Carlos Bruguera on 2018-10-03 (public-credentials@w3.org from October 2018)

From: Carlos Bruguera <cbruguera@gmail.com>
Date: Wed, 3 Oct 2018 17:30:37 +0700
To: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Message-ID: <CAJrRL-FcvBC5cP3dzjr0g3pO6AkgLKqixRr-AOBBYbpL=-Z1Dw@mail.gmail.com>

Hello everyone. Recently I've been evaluating JWT vs JSON-LD signatures as
the preferred aproach for a Vcreds implementation I'm working on, and I
just stumbled into this note in the VC data model document
<https://w3c.github.io/vc-data-model/#json>:

A number of the concerns have been raised around security, composability,
> reusability, and extensibility with respect to the use of JWTs for
> Verifiable Credentials. These concerns will be documented in time in at
> least the Verfiable Claims Model and Security Considerations section of
> this document.
>

Could anyone provide more details on what are these concerns and potential
issues with regard to the use of JWT for credentials? Thanks beforehand.

Regards,
Carlos

Received on Wednesday, 3 October 2018 10:31:12 UTC