W3C home > Mailing lists > Public > public-credentials@w3.org > February 2022

Re: CBOR-LD for VC

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Tue, 15 Feb 2022 14:36:06 +0100
Message-ID: <46062892-ecb8-7457-2633-4cbb938d899a@gmail.com>
To: Jonny Crunch <jonnycrunch@gmail.com>, Manu Sporny <msporny@digitalbazaar.com>
Cc: public-credentials@w3.org
On 2022-02-15 0:07, Jonny Crunch wrote:
> Correct!
> 
>> No version of CBOR-LD ever had any relation to IPLD. 
> 
> 
> CBOR-LD is not IPLD!   However, IPLD has been suggested as a general pattern for DID documents and Verifiable credentials:
> 
> https://github.com/WebOfTrustInfo/rwot7-toronto/blob/master/final-documents/ipld-did.pdf <https://github.com/WebOfTrustInfo/rwot7-toronto/blob/master/final-documents/ipld-did.pdf>
> 
> CBOR-LD is distinctly different from IPLD!
> 
> 
> That said,  COSE-signed payloads for DID documents and VCs has been suggested for over 2 years (using tag 42):
> 
> https://github.com/WebOfTrustInfo/rwot10-buenosaires/blob/master/topics-and-advance-readings/ipld-cbor.md <https://github.com/WebOfTrustInfo/rwot10-buenosaires/blob/master/topics-and-advance-readings/ipld-cbor.md>

FWIW, this is my opinion about COSE:

COSE was loosely derived from JOSE which in turn was based on the assumption that canonicalization is an altogether bad idea.  The IETF has so far rejected all "standard track" proposals for JSON canonicalization.  Been there, done that :( However, CBOR's deterministic serialization is not canonicalization since there is no translation of any kind of involved.

Deterministic serialization permits creating provably interoperable cryptographic constructs like enveloped signatures which are way nicer than JWTs and CWTs.

That CBOR (properly implemented NB), unlike JSON does not overload a singular Number type is IMO also a major advantage.

The ability keeping binary as binary is of course pretty useful as well.

Anders

> 
> 
> Here is a refresher for why that initiative failed if anyone that’s interested:
> 
> https://www.w3.org/2019/did-wg/Meetings/Minutes/2020-09-10-did-topic <https://www.w3.org/2019/did-wg/Meetings/Minutes/2020-09-10-did-topic>
> 
> 
> 
> Of note:  this approach is totally valid under different standard bodies!
> 
> 
> Jonny
> 
> 
>> On Feb 14, 2022, at 4:37 PM, Manu Sporny <msporny@digitalbazaar.com <mailto:msporny@digitalbazaar.com>> wrote:
>>
>> On 2/14/22 4:15 PM, Dmitri Zagidulin wrote:
>>> I don't think the new version of CBOR-LD has any component of, or relation
>>> to, IPLD.
>>
>> No version of CBOR-LD ever had any relation to IPLD. That doesn't mean IPLD
>> couldn't be used in a CBOR-LD (or JSON-LD payload); it's just that there is no
>> dependency.
>>
>> Verifiable Credentials and DIDs do make heavy use of IPFS data models and
>> protocols such as multibase, multihash, and multicodec. We do that largely
>> because since those values are self-describing, we can take advantage of that
>> fact in CBOR-LD and provide the maximum amount of binary compression possible.
>>
>> In any case, CBOR-LD's only dependency is on JSON-LD. Here's a refresher for
>> how it works anyone that's interested:
>>
>> https://docs.google.com/presentation/d/1ksh-gUdjJJwDpdleasvs9aRXEmeRvqhkVWqeitx5ZAE/edit <https://docs.google.com/presentation/d/1ksh-gUdjJJwDpdleasvs9aRXEmeRvqhkVWqeitx5ZAE/edit>
>>
>> -- manu
>>
>> -- 
>> Manu Sporny - https://www.linkedin.com/in/manusporny/
>> Founder/CEO - Digital Bazaar, Inc.
>> News: Digital Bazaar Announces New Case Studies (2021)
>> https://www.digitalbazaar.com/
>>
>>
> 
Received on Tuesday, 15 February 2022 13:37:21 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:25:28 UTC