- From: Shawn Butterfield <sbutterfield@salesforce.com>
- Date: Wed, 7 Dec 2022 07:12:08 -0800
- To: Nikos Fotiou <fotiou@aueb.gr>
- Cc: Markus Sabadello <markus@danubetech.com>, public-vc-wg@w3.org
- Message-ID: <CADtMrnBEuheaYyQFGdsfuEeXPb3uTw=-P17AJP8q6qY6=Zw+CA@mail.gmail.com>
This is great, Orie. I appreciate where this is going, and I support new media type registration as a way to switch on formats or profiles as you've labeled it. [image: image.png] In this case, would some additional IANA registered or fully specified properties be required for implementors to switch on media type, then profile type? Or is the URI here intended to be entirely abstract such that any profile address could be provided and it's up to relying parties to figure out if they support that profile? While you've specified that application/credential+json is equivalent to application/ld+json, do you foresee this causing any major problems with LD-consuming applications that are expecting application/ld+json and are unaware of the application/credential+json equivalence? And if there is a concern, would application/credential+json need some left-shift into the VC Data Model? Butters @ Salesforce | Software Architect On Tue, Dec 6, 2022 at 11:59 PM Nikos Fotiou <fotiou@aueb.gr> wrote: > +1 > > > > *From:* Markus Sabadello <markus@danubetech.com> > *Sent:* Tuesday, December 6, 2022 10:04 PM > *To:* public-vc-wg@w3.org > *Subject:* Re: Verifiable Credentials with JSON Web Signatures > > > > Very interesting. I like how this cleanly separates the data model layer > from the security layer. > > Markus > > On 11/30/22 20:30, Orie Steele wrote: > > Friends, > > Here is the link to the proposal to protect the core data model with a JWS > *instead of or in addition to* a JWT. > > https://transmute-industries.github.io/vc-jws/ > > I shared this link in today's meeting, you can see some of the related > discussions in the minutes: > > https://www.w3.org/2017/vc/WG/Meetings/Minutes/2022-11-30-vcwg > > As we consider additional security formats, including SD-JWT, ACDCs or > JWEs, it's important to be clear on "what" we are securing. > > I believe it's helpful for the WG to consider defining and registering > media types to make this clearer, especially in scenarios where multiple > security formats might apply to the same media type. > > > I am preparing a COSE signature companion draft to explain this approach > further. > > I'm happy to explain this approach further on a special topic call if that > would help the > > WG evaluate if this approach should be pulled in as one of the securing > the core data model specs, our charter authorizes us to consider. > > Regards, > > OS > > > > -- > > *ORIE STEELE* > > Chief Technical Officer > > www.transmute.industries > > > > <https://www.transmute.industries/> > >
Attachments
- image/png attachment: image.png
Received on Wednesday, 7 December 2022 19:11:00 UTC