W3C home > Mailing lists > Public > public-credentials@w3.org > February 2022

Re: VCs expressed as CWTs - Two variants

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Fri, 18 Feb 2022 10:03:05 -0500
To: public-credentials@w3.org
Message-ID: <1dcb067f-8a4e-e359-17b0-fd5d7aed04dd@digitalbazaar.com>
On 2/18/22 9:45 AM, Orie Steele wrote:
> We really didn't get enough engagement regarding CBOR in DID Core, and I
> would expect us to not be successful at addressing COSE without some
> serious recruitment.

+1 to this. The "abstract data model" for DID Core was a politically motivated
disaster, IMHO.

It added a ton of complexity to the spec, the people that suggested that we do
it ended up not turning up and doing work (dumping it mostly onto the Editor's
laps to actually make the technology work), and then the reasons we added it
to the specification (CBOR!, YAML!) never actually materialized in a way that
made any sort of material difference to the ecosystem today, other than
allowing the JSON-only and CBOR-only crowd to declare victory.

To be clear, VC's protected via COSE (VC-CWT or COSE cryptosuites) are an
easier lift than re-inventing the entire VC data model... ultimately, VC-CWT
or utilizing COSE is just cryptosuite work. I'll note that VC-CWTs will
inevitably suffer from the same limitations that are being discussed in the
"Recommendations for Storing VC-JWT" thread.

Specifying COSE-based cryptosuites, while do-able, seem to provide little
benefit over raw signatures (unless I'm missing something?).

-- manu

-- 
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
News: Digital Bazaar Announces New Case Studies (2021)
https://www.digitalbazaar.com/
Received on Friday, 18 February 2022 15:03:22 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:25:28 UTC