- From: Oliver Terbu <oliver.terbu@consensys.net>
- Date: Fri, 26 Oct 2018 11:20:55 -0700
- To: a.a@tutanota.com
- Cc: Melvin Carvalho <melvincarvalho@gmail.com>, Pelle Braendgaard <pelle.braendgaard@consensys.net>, W3C Credentials Community Group <public-credentials@w3.org>
- Message-Id: <8B9408D7-CF77-44FD-8E6A-1E98AC8EADFD@consensys.net>
Hi, I guess the posting was not about using one or the other. The IIW community identified clear needs for improvements on both ends and we should respect that needs:: - We should make progress in defining JWT verifiable credentials and support JWT DID resolution. - We should make progress in addressing the concerns that the IIW community identified with JSON-LD. It doesn’t help to copy & paste links. Thanks, Oliver > On 25. Oct 2018, at 01:58, a.a@tutanota.com wrote: > > >FYI : > >https://paragonie.com/blog/2017/03/jwt-json-web-tokens-is-bad-standard-that-everyone-should-avoid <https://paragonie.com/blog/2017/03/jwt-json-web-tokens-is-bad-standard-that-everyone-should-avoid>>Might contain some useful pointers. > > And this one > https://openid.net/specs/draft-jones-json-web-token-07.html <https://openid.net/specs/draft-jones-json-web-token-07.html> > Sorry if I repeat. > > --- > Regards, > Alexey Anshakov > CEO, webRunes https://wr.io <https://wr.io/> > skype: alexey_anshakov > > > 25. Окт 2018 08:09 от melvincarvalho@gmail.com <mailto:melvincarvalho@gmail.com>: > > > > On Thu, 25 Oct 2018 at 02:12, Pelle Braendgaard <pelle.braendgaard@consensys.net <mailto:pelle.braendgaard@consensys.net>> wrote: > We had a session at IIW trying to figure out what the primary problems/benefits are with JSON-LD and JWT. While this was a general conversation it was seen in the context of W3C Verifiable Credentials. > > JSON-LD > Pros: > - Semantics > - Graph > - Human Readable > > Cons: > - Difficult to integrity/canonicalization of graph for signing purposes > - Canonicalization requirement > - Difficult to understand what is signed > - Cognitive overload when understanding data > - Lack of diversity in tooling > - You have to really know what you do to verify a signed json-ld document > > Asks of JSON-LD community to make it useful for Verifiable Credentials: > - Better Tooling (automatically resolve DIDs and verify signatures) > - Better documentation for specific use cases > - Middleware for various server implementations to automatically verify signatures etc of json-ld requests > - Remove embedded schema > > JWTs > Pros: > - Simple > - You always know what is signed (easy to verify) > - No canonicalization needed > - Good tooling > > Cons: > - Key definition/lookup part is not very well defined > - No built in semantics/schemas > - Not Human Readable > > Asks of JWT community: > - Libraries should support DID resolution (eg implementation https://github.com/uport-project/did-jwt <https://github.com/uport-project/did-jwt>) > - Help work on defining Verifiable Credentials using JWT > > Most people present felt that JWTs are the safest format at the moment, due in larger part to its simplicity. To be able to support JSON-LD signed VCs we need better tooling. The JSON-LD community should invest time in this, to make it as easy as being able to easily verify the data and understand what was signed. > > FYI : > > https://paragonie.com/blog/2017/03/jwt-json-web-tokens-is-bad-standard-that-everyone-should-avoid <https://paragonie.com/blog/2017/03/jwt-json-web-tokens-is-bad-standard-that-everyone-should-avoid> > > Might contain some useful pointers. > > > Regards > Pelle > -- > > Pelle Brændgaard // uPort Engineering Lead > pelle.braendgaard@consensys.net <mailto:pelle.braendgaard@consensys.net> > 49 Bogart St, Suite 22, Brooklyn NY 11206 > Web <https://consensys.net/> | Twitter <https://twitter.com/ConsenSys> | Facebook <https://www.facebook.com/consensussystems> | Linkedin <https://www.linkedin.com/company/consensus-systems-consensys-> | Newsletter <http://consensys.us11.list-manage.com/subscribe?u=947c9b18fc27e0b00fc2ad055&id=257df01285&utm_content=buffer1ce12&utm_medium=social&utm_source=facebook.com&utm_campaign=buffer>
Received on Friday, 26 October 2018 18:47:25 UTC