JWS Examples from Justin Richer on 2019-03-19 (public-vc-wg@w3.org from March 2019)

From: Justin Richer <jricher@mit.edu>
Date: Tue, 19 Mar 2019 03:44:35 +0000
To: "public-vc-wg@w3.org" <public-vc-wg@w3.org>
Message-ID: <C520207C-B7E8-4B70-8344-AAF8FB76A9FE@mit.edu>

While reading through the CR draft, I noticed what I think are discrepancies in the non-normative JWS examples. In several portions of the document, the JWS detached signature method is used. This method uses JWS to create a signature over an external body without putting it inline with the header and signature, so you end up with “header..signature” structures. However, in the JWT section on serializations, only the JWT compact format is specified, which is “header.payload.signature” inline. I don’t understand why two different methods are used — are there guidelines or limitations on where each can be processed within a VC?

Furthermore, the JWS detached signature specification, RFC7797, is never referenced or mentioned. While it may not be a normative requirement, as best as I can see anyway so correct me if I’m wrong, the examples should at least call out the nature of the signature and provide an informative reference to detached JWS. Alternatively, a different signature mechanism with proper references should be used in all examples.

— Justin

Received on Tuesday, 19 March 2019 03:45:00 UTC