Re: Verifiable Credentials with JSON Web Signatures from Shawn Butterfield on 2022-12-07 (public-vc-wg@w3.org from December 2022)

From: Shawn Butterfield <sbutterfield@salesforce.com>
Date: Wed, 7 Dec 2022 07:12:08 -0800
To: Nikos Fotiou <fotiou@aueb.gr>
Cc: Markus Sabadello <markus@danubetech.com>, public-vc-wg@w3.org
Message-ID: <CADtMrnBEuheaYyQFGdsfuEeXPb3uTw=-P17AJP8q6qY6=Zw+CA@mail.gmail.com>

This is great, Orie. I appreciate where this is going, and I support new
media type registration as a way to switch on formats or profiles as you've
labeled it.
[image: image.png]

In this case, would some additional IANA registered or fully specified
properties be required for implementors to switch on media type, then
profile type? Or is the URI here intended to be entirely abstract such that
any profile address could be provided and it's up to relying parties to
figure out if they support that profile?

While you've specified that application/credential+json is equivalent to
application/ld+json, do you foresee this causing any major problems with
LD-consuming applications that are expecting application/ld+json and are
unaware of the application/credential+json equivalence? And if there is a
concern, would application/credential+json need some left-shift into the VC
Data Model?

Butters @ Salesforce | Software Architect

On Tue, Dec 6, 2022 at 11:59 PM Nikos Fotiou <fotiou@aueb.gr> wrote:

> +1
>
>
>
> *From:* Markus Sabadello <markus@danubetech.com>
> *Sent:* Tuesday, December 6, 2022 10:04 PM
> *To:* public-vc-wg@w3.org
> *Subject:* Re: Verifiable Credentials with JSON Web Signatures
>
>
>
> Very interesting. I like how this cleanly separates the data model layer
> from the security layer.
>
> Markus
>
> On 11/30/22 20:30, Orie Steele wrote:
>
> Friends,
>
> Here is the link to the proposal to protect the core data model with a JWS
> *instead of or in addition to* a JWT.
>
> https://transmute-industries.github.io/vc-jws/
>
> I shared this link in today's meeting, you can see some of the related
> discussions in the minutes:
>
> https://www.w3.org/2017/vc/WG/Meetings/Minutes/2022-11-30-vcwg
>
> As we consider additional security formats, including SD-JWT, ACDCs or
> JWEs, it's important to be clear on "what" we are securing.
>
> I believe it's helpful for the WG to consider defining and registering
> media types to make this clearer, especially in scenarios where multiple
> security formats might apply to the same media type.
>
>
> I am preparing a COSE signature companion draft to explain this approach
> further.
>
> I'm happy to explain this approach further on a special topic call if that
> would help the
>
> WG evaluate if this approach should be pulled in as one of the securing
> the core data model specs, our charter authorizes us to consider.
>
> Regards,
>
> OS
>
>
>
> --
>
> *ORIE STEELE*
>
> Chief Technical Officer
>
> www.transmute.industries
>
>
>
> <https://www.transmute.industries/>
>
>

Attachments

image/png attachment: image.png

Received on Wednesday, 7 December 2022 19:11:00 UTC