Re: JSON-LD vs JWT for VC from Dean Kevin Poulsen on 2018-10-27 (public-credentials@w3.org from October 2018)

From: Dean Kevin Poulsen <dean@authenticity.ac>
Date: Sat, 27 Oct 2018 11:46:22 -0700
To: Anders Rundgren <anders.rundgren.net@gmail.com>
Cc: pelle.braendgaard@consensys.net, public-credentials@w3.org
Message-Id: <179D23CC-CBF0-4BDC-B09E-4E3EE9158B66@authenticity.ac>

> On Oct 27, 2018, at 4:52 AM, Anders Rundgren <anders.rundgren.net@gmail.com> wrote:
> 
> Anticipated (but unproven) hurdles with JSON canonicalization was why the JOSE group created JWS/JWT/JWE which uses Base64Url as stable representation.  This has two major drawbacks:
> - Not human readable
> - Disrupts the message structure
> 
> Anders
> https://tools.ietf.org/html/draft-erdtman-jose-cleartext-jws-01 <https://tools.ietf.org/html/draft-erdtman-jose-cleartext-jws-01>

Anders,

I’m very familiar with JWT/JWS/JWK/JWE formats.  In addition to having the same structural problems when verifying the signature (signed data is modified after being signed), JWS isn’t compatible with Linked Data (at least, it's not practical).  JWS was designed for URL variables.  It’s not accessible in a Linked-Data way until it's untangled.

Is no one using these signed JSON formats?  Have these issues not been encountered already?  We need a viable signed JSON-LD format now, not 3 years from now.  What’s currently out there isn’t viable.  That’s why I’ve suggested the change in format.

Thanks for your response and the additional info.

Kevin

Received on Saturday, 27 October 2018 18:46:50 UTC