We had a session at IIW trying to figure out what the primary problems/benefits are with JSON-LD and JWT. While this was a general conversation it was seen in the context of W3C Verifiable Credentials.

JSON-LD 

Pros:

- Semantics

- Graph

- Human Readable

Cons:

- Difficult to integrity/canonicalization of graph for signing purposes

- Canonicalization requirement

- Difficult to understand what is signed

- Cognitive overload when understanding data

- Lack of diversity in tooling

- You have to really know what you do to verify a signed json-ld document

Asks of JSON-LD community to make it useful for Verifiable Credentials:

- Better Tooling (automatically resolve DIDs and verify signatures)

- Better documentation for specific use cases

- Middleware for various server implementations to automatically verify signatures etc of json-ld requests

- Remove embedded schema

JWTs

Pros:

- Simple

- You always know what is signed (easy to verify)

- No canonicalization needed

- Good tooling

Cons:

- Key definition/lookup part is not very well defined

- No built in semantics/schemas

- Not Human Readable

Asks of JWT community:

- Libraries should support DID resolution (eg implementation https://github.com/uport-project/did-jwt)

- Help work on defining Verifiable Credentials using JWT

Most people present felt that JWTs are the safest format at the moment, due in larger part to its simplicity. To be able to support JSON-LD signed VCs we need better tooling. The JSON-LD community should invest time in this, to make it as easy as being able to easily verify the data and understand what was signed.

Regards

Pelle

--

Pelle Brændgaard // uPort Engineering Lead

pelle.braendgaard@consensys.net
49 Bogart St, Suite 22, Brooklyn NY 11206

Web | Twitter | Facebook | Linkedin | Newsletter