- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Fri, 18 Feb 2022 10:03:05 -0500
- To: public-credentials@w3.org
On 2/18/22 9:45 AM, Orie Steele wrote: > We really didn't get enough engagement regarding CBOR in DID Core, and I > would expect us to not be successful at addressing COSE without some > serious recruitment. +1 to this. The "abstract data model" for DID Core was a politically motivated disaster, IMHO. It added a ton of complexity to the spec, the people that suggested that we do it ended up not turning up and doing work (dumping it mostly onto the Editor's laps to actually make the technology work), and then the reasons we added it to the specification (CBOR!, YAML!) never actually materialized in a way that made any sort of material difference to the ecosystem today, other than allowing the JSON-only and CBOR-only crowd to declare victory. To be clear, VC's protected via COSE (VC-CWT or COSE cryptosuites) are an easier lift than re-inventing the entire VC data model... ultimately, VC-CWT or utilizing COSE is just cryptosuite work. I'll note that VC-CWTs will inevitably suffer from the same limitations that are being discussed in the "Recommendations for Storing VC-JWT" thread. Specifying COSE-based cryptosuites, while do-able, seem to provide little benefit over raw signatures (unless I'm missing something?). -- manu -- Manu Sporny - https://www.linkedin.com/in/manusporny/ Founder/CEO - Digital Bazaar, Inc. News: Digital Bazaar Announces New Case Studies (2021) https://www.digitalbazaar.com/
Received on Friday, 18 February 2022 15:03:22 UTC