- From: Orie Steele <orie@transmute.industries>
- Date: Wed, 30 Nov 2022 13:30:22 -0600
- To: W3C VC Working Group <public-vc-wg@w3.org>
- Message-ID: <CAN8C-_J_GFBYvSMMRE47yxGz+dEtoxERd-fZ8afZ-LgRNsF3cQ@mail.gmail.com>
Friends, Here is the link to the proposal to protect the core data model with a JWS *instead of or in addition to* a JWT. https://transmute-industries.github.io/vc-jws/ I shared this link in today's meeting, you can see some of the related discussions in the minutes: https://www.w3.org/2017/vc/WG/Meetings/Minutes/2022-11-30-vcwg As we consider additional security formats, including SD-JWT, ACDCs or JWEs, it's important to be clear on "what" we are securing. I believe it's helpful for the WG to consider defining and registering media types to make this clearer, especially in scenarios where multiple security formats might apply to the same media type. I am preparing a COSE signature companion draft to explain this approach further. I'm happy to explain this approach further on a special topic call if that would help the WG evaluate if this approach should be pulled in as one of the securing the core data model specs, our charter authorizes us to consider. Regards, OS -- *ORIE STEELE* Chief Technical Officer www.transmute.industries <https://www.transmute.industries>
Received on Wednesday, 30 November 2022 19:30:46 UTC