Re: JSON-LD vs JWT for VC

> On Oct 27, 2018, at 4:52 AM, Anders Rundgren <anders.rundgren.net@gmail.com> wrote:
> 
> Anticipated (but unproven) hurdles with JSON canonicalization was why the JOSE group created JWS/JWT/JWE which uses Base64Url as stable representation.  This has two major drawbacks:
> - Not human readable
> - Disrupts the message structure
> 
> Anders
> https://tools.ietf.org/html/draft-erdtman-jose-cleartext-jws-01 <https://tools.ietf.org/html/draft-erdtman-jose-cleartext-jws-01>

Anders,

I’m very familiar with JWT/JWS/JWK/JWE formats.  In addition to having the same structural problems when verifying the signature (signed data is modified after being signed), JWS isn’t compatible with Linked Data (at least, it's not practical).  JWS was designed for URL variables.  It’s not accessible in a Linked-Data way until it's untangled.

Is no one using these signed JSON formats?  Have these issues not been encountered already?  We need a viable signed JSON-LD format now, not 3 years from now.  What’s currently out there isn’t viable.  That’s why I’ve suggested the change in format.

Thanks for your response and the additional info.

Kevin

Received on Saturday, 27 October 2018 18:46:50 UTC