- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Mon, 8 May 2017 15:20:14 +0200
- To: Adrian Hope-Bailie <adrian@hopebailie.com>, "Stone, Matt" <matt.stone@pearson.com>
- Cc: Manu Sporny <msporny@digitalbazaar.com>, Credentials Community Group <public-credentials@w3.org>
On 2017-05-08 13:26, Adrian Hope-Bailie wrote: > Hey Manu, > > Any progress on this? Completely unrelated to my own work in this space, I hope the VC WG in progress realizes that founding their work on Linked Data Signatures would (as far as I can tell...) require credentials to be specified in JSON-LD. By rather using a signature scheme that only signs the actual "JSON bytes", people would be able to mix JSON and JSON-LD as they want. However, based on an off-list conversation with a JSON-LD enthusiast, the fact that Linked Data Signatures effectively builds on RDF normalization/expansion, both sides can verify that they indeed do the same interpretation of that. Another way of achieving same function would be to create a specific property holding a hash of the RDF normalization and embedding that in the JSON document signed by a "regular" signature method. Anders > > Adrian > > On 5 April 2017 at 01:20, Stone, Matt <matt.stone@pearson.com <mailto:matt.stone@pearson.com>> wrote: > > Great update Manu, thanks for the update and the creative work. > > -stone > > > ===== > Matt Stone > 501-291-1599 <tel:(501)%20291-1599> > > > On Tue, Mar 28, 2017 at 2:15 PM, Manu Sporny <msporny@digitalbazaar.com <mailto:msporny@digitalbazaar.com>> wrote: > > Hi all, > > I'm at IETF 98 this week along with some of the other participants in > this group. Some of the focus has been on searching for a clear path > forward for the Linked Data Signatures work that we're using for much of > the Verifiable Claims work. > > We've had multiple meetings with people associated in the Security Area > as well as people involved in digital signatures and crypto at IETF. > We've met with the core editors of the JOSE stack (John Bradley - PING > Identity and Mike Jones - Microsoft) and COSE work (Jim Schaad - creator > of S/MIME and Matt Miller - Mozilla) and have found a way forward that > will accelerate our ability to standardize the signature portions of > this work. > > We have not used the JOSE suite to date because of a number of > requirements around base64 encoding data, but there is an extension to > JOSE that would enable us to reuse a subset of the JWT by creating a > profile for JWT. John Bradley, Mike Jones, and I hammered out an > approach that we think might work that will give us all of the benefits > of the current Linked Signatures specification while re-using part of > the cryptography stack that already has buy-in from IETF. This is good > news as it will accelerate our ability to move some of the other > specifications related to this work along in parallel. This approach > accomplishes this because we won't be inventing anything new, but rather > reusing technologies that already exist at IETF. > > I'll provide more details to the group after I'm done traveling (mid-April). > > -- manu > > -- > Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) > Founder/CEO - Digital Bazaar, Inc. > blog: Rebalancing How the Web is Built > http://manu.sporny.org/2016/rebalancing/ <http://manu.sporny.org/2016/rebalancing/> > > >
Received on Monday, 8 May 2017 13:20:51 UTC