Re: More questions about the VC Document 2.0 (part 2)

Hi. 

We’re preparing a JOSE Manual for VCs and VPs that should close the gap and also introduce advanced electronic digital signatures. JOSE can be directly translated to COSE.

If the WG agrees, we’d first like to present the full proposal and then move the relevant parts to the JOSE/COSE guidelines.

We need another week or two to finalise the version.

BR, Alen

> On 31 Oct 2023, at 17:01, Orie Steele <orie@transmute.industries> wrote:
> 
> +1 Manu
> 
> On Tue, Oct 31, 2023 at 9:27 AM Manu Sporny <msporny@digitalbazaar.com <mailto:msporny@digitalbazaar.com>> wrote:
>> On Tue, Oct 31, 2023 at 9:51 AM Orie Steele <orie@transmute.industries> wrote:
>> >> In the document, there is this line about multiple issuers in a VP: "The data in a presentation is often about the same subject, but might have been issued by multiple issuers. The aggregation of this information typically expresses an aspect of a person, organization, or entity. "
>> >> Has anyone here experimented with it before?
>> >
>> > Multiple issuer's use case is not supported by the current drafts, and having been a part of those discussions, it seems unlikely to be supported in the future.
>> 
>> That sentence is about the ability for a VP to carry multiple VCs.
>> Each VC can be about the same subject, but signed by different
>> issuers.
>> 
>> > Some people are still working on BBS at W3C, I will let them speak to that topic.
>> 
>> Work continues on both the selective disclosure mechanism for ECDSA:
>> 
>> https://w3c.github.io/vc-di-ecdsa/#ecdsa-sd-2023
>> 
>> ... and a selective disclosure mechanism using BBS (but that trails
>> the work above). At present, there seems to be support for SD-JWT, but
>> not a lot of deployment experience w/ VC v2.0 data model secured using
>> SD-JWT (though, we see no reason a profile of SD-JWT focused on VC
>> v2.0 data model wouldn't work). There are some gotchas there (like
>> selectively disclosing `@context` values, `id` values, and `type`
>> values)... but I'm sure those suggesting usage of SD-JWT for securing
>> VCs will get that language right as they document that profile.
>> 
>> > In my opinion, W3C should drop the vc-jose-cose item entirely, or should fix the core data model so that it does not lead to the conclusion that data integrity proofs are required.
>> 
>> ... or put more work into vc-jose-cose to bring it up to par with
>> what's necessary for a production usage of the technology as applied
>> to VCs.
> 
> It's possible that the reason this is not happening at W3C, is that it's happening elsewhere, at IETF and OIDF, and maybe ISO.
> 
> Sometimes you need to bring work to experts, instead of trying to bring experts to work.
>  
>> If you'd like to help with that work, please join the group
>> and help those working on vc-jose-cose to advance that spec. 
> 
> You don't need to pay money, you can apply for invited expert status!
> 
>> I agree
>> with Orie that engagement has not been great on that spec, but people
>> continue to use JOSE w/ VCs, so we do need to (as a community)
>> document how to properly use it and the traps/pitfalls to watch out
>> for when implementing using things like SD-JWT. 
> 
> People use JOSE and COSE for lots of things, VCs and VPs are just two specific JSON content types.
> 
>> It's not rocket
>> science, we just need more people that have an interest in moving that
>> work forward involved in moving that work forward.
>> 
> 
> Sure, but it's possible that there genuinely is no interest in doing this work at W3C.
> 
> I would not interpret "lack of interest in doing work at W3C" as "lack of interest in doing the work"
> 
>  
>> -- manu
>> 
>> -- 
>> Manu Sporny - https://www.linkedin.com/in/manusporny/
>> Founder/CEO - Digital Bazaar, Inc.
>> https://www.digitalbazaar.com/
>> 
> 
> 
> -- 
> 
> ORIE STEELE
> Chief Technology Officer
> www.transmute.industries <http://www.transmute.industries/>
>  <https://transmute.industries/>

Received on Friday, 3 November 2023 14:23:26 UTC