Re: JSON-LD vs JWT for VC

>FYI : >https://paragonie.com/blog/2017/03/jwt-json-web-tokens-is-bad-standard-that-everyone-should-avoid <https://paragonie.com/blog/2017/03/jwt-json-web-tokens-is-bad-standard-that-everyone-should-avoid>>Might contain some useful pointers.

And this onehttps://openid.net/specs/draft-jones-json-web-token-07.html <https://openid.net/specs/draft-jones-json-web-token-07.html>Sorry if I repeat.

---
Regards,Alexey AnshakovCEO, webRunes https://wr.io <https://wr.io>skype: alexey_anshakov


25. Окт 2018 08:09 от melvincarvalho@gmail.com <mailto:melvincarvalho@gmail.com>:


>
>
> On Thu, 25 Oct 2018 at 02:12, Pelle Braendgaard <> pelle.braendgaard@consensys.net <mailto:pelle.braendgaard@consensys.net>> > wrote:
>
>> We had a session at IIW trying to figure out what the primary problems/benefits are with JSON-LD and JWT. While this was a general conversation it was seen in the context of W3C Verifiable Credentials.
>> JSON-LD 
>> Pros:>> - Semantics>> - Graph>> - Human Readable
>> Cons:>> - Difficult to integrity/canonicalization of graph for signing purposes>> - Canonicalization requirement>> - Difficult to understand what is signed>> - Cognitive overload when understanding data>> - Lack of diversity in tooling>> - You have to really know what you do to verify a signed json-ld document
>> Asks of JSON-LD community to make it useful for Verifiable Credentials:>> - Better Tooling (automatically resolve DIDs and verify signatures)
>> - Better documentation for specific use cases>> - Middleware for various server implementations to automatically verify signatures etc of json-ld requests>> - Remove embedded schema
>> JWTs>> Pros:>> - Simple>> - You always know what is signed (easy to verify)>> - No canonicalization needed>> - Good tooling
>> Cons:>> - Key definition/lookup part is not very well defined>> - No built in semantics/schemas>> - Not Human Readable
>> Asks of JWT community:>> - Libraries should support DID resolution (eg implementation >> https://github.com/uport-project/did-jwt <https://github.com/uport-project/did-jwt>>> )>> - Help work on defining Verifiable Credentials using JWT
>> Most people present felt that JWTs are the safest format at the moment, due in larger part to its simplicity. To be able to support JSON-LD signed VCs we need better tooling. The JSON-LD community should invest time in this, to make it as easy as being able to easily verify the data and understand what was signed.
>
> FYI : 
>
> https://paragonie.com/blog/2017/03/jwt-json-web-tokens-is-bad-standard-that-everyone-should-avoid <https://paragonie.com/blog/2017/03/jwt-json-web-tokens-is-bad-standard-that-everyone-should-avoid>
> Might contain some useful pointers.
>  
>>
>> Regards>> Pelle>> -- 
>> Pelle Brændgaard // uPort Engineering Lead
>> pelle.braendgaard@consensys.net <mailto:pelle.braendgaard@consensys.net>
>> 49 Bogart St, Suite 22, Brooklyn NY 11206>> Web <https://consensys.net/>>>  | >> Twitter <https://twitter.com/ConsenSys>>>  >> | >> Facebook <https://www.facebook.com/consensussystems>>>  >> | >> Linkedin <https://www.linkedin.com/company/consensus-systems-consensys->>>  | >> Newsletter <http://consensys.us11.list-manage.com/subscribe?u=947c9b18fc27e0b00fc2ad055&id=257df01285&utm_content=buffer1ce12&utm_medium=social&utm_source=facebook.com&utm_campaign=buffer>