- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Sun, 7 Oct 2018 08:01:53 +0200
- To: Pelle Braendgaard <pelle.braendgaard@consensys.net>, Carlos Bruguera <cbruguera@gmail.com>
- Cc: Christopher Allen <ChristopherA@lifewithalacrity.com>, "W3C Credentials CG (Public List)" <public-credentials@w3.org>, kim@learningmachine.com
On 2018-10-07 07:19, Pelle Braendgaard wrote:
<snip>
>
> We see most usecase as best implemented as smaller self contained VCs and that JWTs are superior for that.
A drawback with JWTs is that they shroud the data in Base64Url.
By keeping the signature system of JWT (i.e. JWS) and combining it with a simple canonicalization scheme (JCS) you can get away from this problem:
https://github.com/cyberphone/jws-jcs#combining-detached-jws-with-jcs-json-canonicalization-scheme
JCS is currently available for Java, JavaScript, C# and Python.
Anders
> P
>
> On Fri, Oct 5, 2018 at 7:01 AM Carlos Bruguera <cbruguera@gmail.com <mailto:cbruguera@gmail.com>> wrote:
>
> Thanks guys for your valuable input.
>
> In this regard, how "production-ready" is the current LD signatures library for use in a DID/Creds system? Any limitations known? Perhaps Manu or someone else involved could provide a summary of its current state?
>
> Regards,
> Carlos
>
> On Thu, Oct 4, 2018 at 11:59 PM Anders Rundgren <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> wrote:
>
> Hi Christopher,
>
> The scheme obviously only supports signing JSON "as is".
> However, this is compatible with JSON-LD as well.
>
> If you want to support LD canonicalization that is also possible but it would have to be supplied as a "crit" extension like:
>
> {
> "Some properties to be signed":...,
> .
> .
> "__cleartext_signature" {
> "crit": ["json-ld-canonicalization"],
> "json-ld-canonicalization": {
> "algorithm": "JSON-LD Algorithm Identifier",
> "sha256hash": "h64slk97gG9Ff7gg"
> },
> .
> .
> "signature": "h5e4se3w3wfgr5566d5e5s44w4waa33a3a3a3a33q"
> }
> }
>
>
> Regarding the state of this work-item from a standards perspective, the question seems to be "who is your customer" which I don't have a good answer to. The JSON and JOSE WGs have ceased their activities and the members appear to rather be targeting CBOR these days. Personally, I don't believe there is a need for CBOR for dealing with "Information Systems".
>
> There is an even simpler solution in the workings: https://github.com/cyberphone/jws-jcs#combining-detached-jws-with-jcs-json-canonicalization-scheme
> on-line <https://github.com/cyberphone/jws-jcs#combining-detached-jws-with-jcs-json-canonicalization-schemeon-line> demo: https://mobilepki.org/jws-jcs/home
>
> Regards,
> Anders
>
> On 2018-10-04 09:25, Christopher Allen wrote:
> > (resending CC'ing all as I didn't in first iteration of this)
> >
> > On Thu, Oct 4, 2018 at 3:39 AM Anders Rundgren <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com> <mailto:anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>>> wrote:
> >
> > There is yet another alternative based on "pure JSON":
> > https://tools.ietf.org/html/draft-erdtman-jose-cleartext-jws-01
> >
> > It seems to address the issues below.
> >
> >
> > On Wed, Oct 3, 2018 at 8:39 PM Anders Rundgren <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com> <mailto:anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>>> wrote:
> >
> > On 2018-10-04 03:27, Kim Hamilton Duffy wrote:
> > There is yet another alternative based on "pure JSON":
> > https://tools.ietf.org/html/draft-erdtman-jose-cleartext-jws-01
> >
> > It seems to address the issues below.
> >
> >
> > The challenge is that this draft is completely dependent on the canonicalization scheme, which is
> > https://tools.ietf.org/html/draft-rundgren-json-canonicalization-scheme-01
> >
> > What I’ve heard repeatedly is that this canonicalization scheme doesn’t address some number of other requirements, including supporting graph data models.
> >
> > I too would like to understand more precisely what these other requirements are so I can effectively articulate them.
> >
> > -- Christopher Allen
> >
>
Received on Sunday, 7 October 2018 06:02:20 UTC