-
Notifications
You must be signed in to change notification settings - Fork 106
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change proof reference from JWT to JWS. #652
Conversation
@msporny As far as I understood, this PR does not change the "Proof Format" from JWT to JWS. Only the reference was corrected? If this assumption is correct, then I'm ok with this PR although the spec already says:
|
A JWT alone can't provide any proof, its the combination with JWS, this has not cleared up the issue |
index.html
Outdated
@@ -592,7 +592,7 @@ <h3>Use Cases and Requirements</h3> | |||
an essential part of processing a <a>verifiable credential</a>. At the time | |||
of publication, Working Group members had implemented | |||
<a>verifiable credentials</a> using at least three proof mechanisms: | |||
JSON Web Tokens [[RFC7519]], Linked Data Signatures [[?LD-SIGNATURES]], and | |||
JSON Web Signature [[RFC7515]], Linked Data Signatures [[?LD-SIGNATURES]], and |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perhaps --
JSON Web Tokens [[RFC7519]] with JSON Web Signatures [[RFC7515]]; Linked Data Signatures [[?LD-SIGNATURES]]; and
@TallTed Why LD-Signatures? its not a standard, it requires LD-C14N which is also not a standard? If these specs were in a standards track I would comment on them as the C14N aspects have serious issues. |
@nadalin - As the preceding text states, LD-Signatures is one of the proof mechanisms which have been used in verifiable credential implementations by members of the VCWG, and has been included in the spec since at least Apr 18, 2018. I do not understand you objecting to LD-Signatures now, given that it was quoted in the text with which you raised your issue with JWT vs JWS. To be quite clear, as it seems you did not understand @msporny's suggested revision in markup form, it reads:
(Note -- JWS is a normative reference; the other two are informative a/k/a non-normative references.) I now think you had not understood that, and may in fact be fine with it, in which case my follow-on is moot. That said, because you objected to @msporny's revision, I suggested the following:
(Note -- JWS and JWT are normative references; the other two are informative a/k/a non-normative references.) Hopefully you'll now be OK with one of the revisions above. |
@TallTed I think that to make it clear to the reader that there should be separate sentences. At the time of publication, Working Group members had implemented verifiable credentials using at least three proof mechanisms: JSON Web Tokens [RFC7519] with JSON Web Signatures [RFC7515]. Alternatively Linked Data Signatures [?LD-SIGNATURES]; and Camenisch-Lysyanskaya Zero-Knowledge Proofs [?CL-SIGNATURES] specifications that are still in development have been used at various iterations have been used. |
@nadalin - How about --
|
@TallTed close but "developing" does not quite capture or stress the unstableness or fully thought-out aspects. |
@awoie wrote:
Yes, that's correct. |
@nadalin wrote:
I've added the following text:
and this text:
That, coupled with the clear markers on each referenced spec (that they are or are not W3C/IETF standards) will give implementers more than enough of a warning to consider their implementation choices. |
Please re-review @nadalin to see if you agree with the changes. |
From VCWG call on 11 June 2019: |
@msporny This will come down to the discussion on interoperability and what is acceptable |
Multiple positive reviews, non-normative, non-substantive, merging. |
Related to #609.
Preview | Diff