- From: Daniel Burnett <daniel.burnett@consensys.net>
- Date: Tue, 19 Mar 2019 07:42:43 -0400
- To: Justin Richer <jricher@mit.edu>
- Cc: "public-vc-wg@w3.org" <public-vc-wg@w3.org>
- Message-ID: <CAJ-gw3ESyA8LG0wrw_qVJ_iSkGa7QdfxVCv5ezQD9kNFMWVQhQ@mail.gmail.com>
Thanks Justin. Can you please add this as an issue at https://github.com/w3c/vc-data-model/issues ? I will mark it as a Clarification, meaning these are non-normative changes that don't block us from going to CR but still need discussion and conclusion by the group after we enter the CR phase. -- dan On Mon, Mar 18, 2019 at 11:45 PM Justin Richer <jricher@mit.edu> wrote: > While reading through the CR draft, I noticed what I think are > discrepancies in the non-normative JWS examples. In several portions of the > document, the JWS detached signature method is used. This method uses JWS > to create a signature over an external body without putting it inline with > the header and signature, so you end up with “header..signature” > structures. However, in the JWT section on serializations, only the JWT > compact format is specified, which is “header.payload.signature” inline. I > don’t understand why two different methods are used — are there guidelines > or limitations on where each can be processed within a VC? > > Furthermore, the JWS detached signature specification, RFC7797, is never > referenced or mentioned. While it may not be a normative requirement, as > best as I can see anyway so correct me if I’m wrong, the examples should at > least call out the nature of the signature and provide an informative > reference to detached JWS. Alternatively, a different signature mechanism > with proper references should be used in all examples. > > — Justin > >
Received on Tuesday, 19 March 2019 11:43:21 UTC