Re: JWS Examples

Hi Justin,

most of the examples use Linked Data Proofs. LD Proofs have a specification for JWS. However, section 6.3.1 specifically talks about JWT which use the JWS compact serialization.

The goal of the W3C specification is to support multiple proof formats. Currently, we have JWT and JSON-LD Proofs.

Oliver

> On 19. Mar 2019, at 12:42, Daniel Burnett <daniel.burnett@consensys.net> wrote:
> 
> Thanks Justin.  Can you please add this as an issue at https://github.com/w3c/vc-data-model/issues <https://github.com/w3c/vc-data-model/issues> ?  I will mark it as a Clarification, meaning these are non-normative changes that don't block us from going to CR but still need discussion and conclusion by the group after we enter the CR phase.
> 
> -- dan
> 
> On Mon, Mar 18, 2019 at 11:45 PM Justin Richer <jricher@mit.edu <mailto:jricher@mit.edu>> wrote:
> While reading through the CR draft, I noticed what I think are discrepancies in the non-normative JWS examples. In several portions of the document, the JWS detached signature method is used. This method uses JWS to create a signature over an external body without putting it inline with the header and signature, so you end up with “header..signature” structures. However, in the JWT section on serializations, only the JWT compact format is specified, which is “header.payload.signature” inline. I don’t understand why two different methods are used — are there guidelines or limitations on where each can be processed within a VC?
> 
> Furthermore, the JWS detached signature specification, RFC7797, is never referenced or mentioned. While it may not be a normative requirement, as best as I can see anyway so correct me if I’m wrong, the examples should at least call out the nature of the signature and provide an informative reference to detached JWS. Alternatively, a different signature mechanism with proper references should be used in all examples. 
> 
> — Justin
> 

Received on Tuesday, 19 March 2019 12:13:03 UTC