Re: VC formats from Orie Steele on 2024-03-20 (public-credentials@w3.org from March 2024)

From: Orie Steele <orie@transmute.industries>
Date: Wed, 20 Mar 2024 10:35:18 +1000
To: Kim Hamilton <kimdhamilton@gmail.com>
Cc: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Message-ID: <CAN8C-_Le4oHwWPAgSJJAnWEJmsx2UuPcR1H-VBjJ0m8r5yxZGQ@mail.gmail.com>

The VCDM is JSON-LD, and both JSON and RDF do not support selective
disclosure in their base media types.

SD-JWT only supports selective disclosure on JSON.

ECDSA-SD only supports selective disclosure in JSON-LD (I think).

MDoc only supports selective disclosure of in CBOR.

There are basically 2 ways to secure media types... You can secure them in
a media type agnostic manner, like JWS or COSE Sign1. Or you can secure
them in a media type aware manner, like JWT, SD-JWT, mDoc, SD-CWT etc.

The W3C VCDM is a media type that is built on +ld+json meaning it's always
JSON-LD that you are securing... Regardless of how you secure it.

OS

On Wed, Mar 20, 2024, 10:27 AM Kim Hamilton <kimdhamilton@gmail.com> wrote:

> Thanks for stating it clearly. This is why the statement "VCDM lacks
> selective disclosure" trips the brain wires. It belongs at the
> signature/proof level. And of course, selective disclosure can be performed
> in different ways. Just wondering if I missed the boat on any
> considerations that make the credential data model itself more or less
> conducive to selective disclosure, which that statement appears to say.
>
> Or maybe it refers to a specific brand of selective disclosure, and not
> selective disclosure in the general sense.
>
> Does SD-JWT-VC imply a landscape in which there will be a different VC
> format for each signature suite? This is very different from my mental
> model of VC data model, with the possibility of using different signature
> suites. I'd be eager to learn more about the advantages of that.
>
> On Tue, Mar 19, 2024 at 5:10 PM Orie Steele <orie@transmute.industries>
> wrote:
>
>> Selective disclosure is a property of the securing format, not the data
>> model.
>>
>> Sd-jwt and ecdsa-sd both support selective disclosure, but with very
>> different performance and security trade offs.
>>
>> It's not correct to say that CBOR, YAML, JSON, XML or JSON-LD support
>> selective disclosure.
>>
>> It is correct to say SD-JWT, SD-CWT, mDoc, goridan envelopes or ecdsa-sd
>> support selective disclosure.
>>
>> It seems jades as a requirement precludes the use of CBOR or Data
>> Integrity Proofs, or even JWT, given JWTs are always compact (no JSON
>> Serialization).
>>
>> OS
>>
>> On Wed, Mar 20, 2024, 9:53 AM Kim Hamilton <kimdhamilton@gmail.com>
>> wrote:
>>
>>> Hi all,
>>> I'm trying to get my head around the variety of VC formats. I ran across
>>> this deck and I'm curious why it would say VCDM lacks selective disclosure
>>> (included screenshot and deck). It does via signature suites, so in a sense
>>> the statement "does not compute".
>>>
>>> Eager to learn about the new VC formats, similarities and differences.
>>>
>>> Thanks,
>>> Kim
>>> [image: Screenshot 2024-03-19 at 4.36.16 PM.png]
>>>
>>

Attachments

image/png attachment: Screenshot_2024-03-19_at_4.36.16___PM.png

Received on Wednesday, 20 March 2024 00:35:36 UTC