Re: VC formats

Lucy and I have written two reports explaining this landscape of formats
and signatures.

Here is the first one and infographic during the pandemic:
https://www.lfph.io/wp-content/uploads/2021/02/Verifiable-Credentials-Flavors-Explained.pdf
https://www.lfph.io/wp-content/uploads/2021/04/Verifiable-Credentials-Flavors-Explained-Infographic.pdf

This was written last year
https://medium.com/@identitywoman-in-business/new-paper-and-infographic-on-flavors-of-digital-credentials-released-b9b6ec5b95af
https://drive.google.com/file/d/1mZVcGlcxAqQaOr-pBUt6-Amh2NocuaNp/view

- Kaliya


On Tue, Mar 19, 2024 at 5:42 PM Kim Hamilton <kimdhamilton@gmail.com> wrote:

> Right, in the base media type. But SD-JWT describes a mechanism for
> performing SD on JSON. It would be good to have a more transparent
> mechanism to allow anchoring statements in something reference-able. It
> seems a bit muddy now. Perhaps DIF, CCG, OIDF, and more can collaborate on
> some rubric here.
>
> On Tue, Mar 19, 2024 at 5:35 PM Orie Steele <orie@transmute.industries>
> wrote:
>
>> The VCDM is JSON-LD, and both JSON and RDF do not support selective
>> disclosure in their base media types.
>>
>> SD-JWT only supports selective disclosure on JSON.
>>
>> ECDSA-SD only supports selective disclosure in JSON-LD (I think).
>>
>> MDoc only supports selective disclosure of in CBOR.
>>
>> There are basically 2 ways to secure media types... You can secure them
>> in a media type agnostic manner, like JWS or COSE Sign1. Or you can secure
>> them in a media type aware manner, like JWT, SD-JWT, mDoc, SD-CWT etc.
>>
>> The W3C VCDM is a media type that is built on +ld+json meaning it's
>> always JSON-LD that you are securing... Regardless of how you secure it.
>>
>> OS
>>
>> On Wed, Mar 20, 2024, 10:27 AM Kim Hamilton <kimdhamilton@gmail.com>
>> wrote:
>>
>>> Thanks for stating it clearly. This is why the statement "VCDM lacks
>>> selective disclosure" trips the brain wires. It belongs at the
>>> signature/proof level. And of course, selective disclosure can be performed
>>> in different ways. Just wondering if I missed the boat on any
>>> considerations that make the credential data model itself more or less
>>> conducive to selective disclosure, which that statement appears to say.
>>>
>>> Or maybe it refers to a specific brand of selective disclosure, and not
>>> selective disclosure in the general sense.
>>>
>>> Does SD-JWT-VC imply a landscape in which there will be a different VC
>>> format for each signature suite? This is very different from my mental
>>> model of VC data model, with the possibility of using different signature
>>> suites. I'd be eager to learn more about the advantages of that.
>>>
>>> On Tue, Mar 19, 2024 at 5:10 PM Orie Steele <orie@transmute.industries>
>>> wrote:
>>>
>>>> Selective disclosure is a property of the securing format, not the data
>>>> model.
>>>>
>>>> Sd-jwt and ecdsa-sd both support selective disclosure, but with very
>>>> different performance and security trade offs.
>>>>
>>>> It's not correct to say that CBOR, YAML, JSON, XML or JSON-LD support
>>>> selective disclosure.
>>>>
>>>> It is correct to say SD-JWT, SD-CWT, mDoc, goridan envelopes or
>>>> ecdsa-sd support selective disclosure.
>>>>
>>>> It seems jades as a requirement precludes the use of CBOR or Data
>>>> Integrity Proofs, or even JWT, given JWTs are always compact (no JSON
>>>> Serialization).
>>>>
>>>> OS
>>>>
>>>> On Wed, Mar 20, 2024, 9:53 AM Kim Hamilton <kimdhamilton@gmail.com>
>>>> wrote:
>>>>
>>>>> Hi all,
>>>>> I'm trying to get my head around the variety of VC formats. I ran
>>>>> across this deck and I'm curious why it would say VCDM lacks selective
>>>>> disclosure (included screenshot and deck). It does via signature suites, so
>>>>> in a sense the statement "does not compute".
>>>>>
>>>>> Eager to learn about the new VC formats, similarities and differences.
>>>>>
>>>>> Thanks,
>>>>> Kim
>>>>> [image: Screenshot 2024-03-19 at 4.36.16 PM.png]
>>>>>
>>>>