RE: Verifiable Credentials with JSON Web Signatures from Nikos Fotiou on 2022-12-07 (public-vc-wg@w3.org from December 2022)

From: Nikos Fotiou <fotiou@aueb.gr>
Date: Wed, 7 Dec 2022 09:58:44 +0200
To: "'Markus Sabadello'" <markus@danubetech.com>, <public-vc-wg@w3.org>
Message-ID: <003b01d90a11$bad763a0$30862ae0$@aueb.gr>

+1

From: Markus Sabadello <markus@danubetech.com>
Sent: Tuesday, December 6, 2022 10:04 PM
To: public-vc-wg@w3.org
Subject: Re: Verifiable Credentials with JSON Web Signatures

Very interesting. I like how this cleanly separates the data model layer from 
the security layer.

Markus

On 11/30/22 20:30, Orie Steele wrote:

Friends,

Here is the link to the proposal to protect the core data model with a JWS 
*instead of or in addition to* a JWT.

https://transmute-industries.github.io/vc-jws/

I shared this link in today's meeting, you can see some of the related 
discussions in the minutes:

https://www.w3.org/2017/vc/WG/Meetings/Minutes/2022-11-30-vcwg

As we consider additional security formats, including SD-JWT, ACDCs or JWEs, 
it's important to be clear on "what" we are securing.

I believe it's helpful for the WG to consider defining and registering media 
types to make this clearer, especially in scenarios where multiple security 
formats might apply to the same media type.

I am preparing a COSE signature companion draft to explain this approach 
further.

I'm happy to explain this approach further on a special topic call if that 
would help the

WG evaluate if this approach should be pulled in as one of the securing the 
core data model specs, our charter authorizes us to consider.

Regards,

OS

-- 

ORIE STEELE

Chief Technical Officer

www.transmute.industries <http://www.transmute.industries>

 <https://www.transmute.industries/>

Attachments

application/pkcs7-signature attachment: smime.p7s

Received on Wednesday, 7 December 2022 07:59:01 UTC