Re: Securing Verifiable Credentials using JOSE and COSE is a W3C Candidate Recommendation (Call for implementations)

On Fri, May 3, 2024 at 5:22 PM Brian Campbell
<bcampbell@pingidentity.com> wrote:
> Are there any concerns from the W3C or the Verifiable Credentials Working Group regarding the use of some of the YAML constructs from the OpenWallet Foundation’s SD-JWT Reference Implementation in the 'Securing Verifiable Credentials using JOSE and COSE' publication?

Speaking as an Editor of some of the specifications in the VCWG, yes,
I am concerned. The content seemed questionable when I saw it, but
assumed the Editors of that specification had cleared all the
necessary IP hurdles to include that markup.

> Specifically, these constructs appear in two examples* without attribution, explanation or reference. Could this raise issues related to publication process/procedure, intellectual property rights, or document clarity?

I had presumed that these examples were using things that were cleared
by the Editors of that document and/or approved by or worked on at
IETF. I believe one of the former Editors added that markup to the
document w/o much of a discussion in the group and the current Editors
took over the document w/o the sort of warning you're providing.

It looks like we need to have a discussion about using markup/content
that does not have clear IP protections wrt. SD-JWT examples. I have
raised an issue to track this concern:

https://github.com/w3c/vc-jose-cose/issues/269

-- manu

-- 
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
https://www.digitalbazaar.com/

Received on Saturday, 4 May 2024 13:02:12 UTC