Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change typ values for JSON-LD claim sets? #57

Closed
OR13 opened this issue Feb 24, 2023 · 5 comments
Closed

Change typ values for JSON-LD claim sets? #57

OR13 opened this issue Feb 24, 2023 · 5 comments

Comments

@OR13
Copy link
Contributor

OR13 commented Feb 24, 2023
edited

currently we have:

vc+ld+jwt
vc+ld+cwt

I think this may not be correct, since +ld is not a valid suffix?

However I like this approach because of how intuitive it is compared to

credential+ld+json

potential alternative would be:

vc-ld+jwt
vc-ld+cwt
@TallTed
Copy link
Member

TallTed commented Feb 24, 2023

I strongly advise discussing media types with their full names, rather than dropping the application/ that JWTs advise to omit when building the JWT (I could not find similar advice about CWTs), but which is then treated as being invisibly present.

I think this may not be correct, since +ld is not a valid suffix?

The application/ suffixes which must be valid do not include +ld; rather, they are
+ld+jwt (and +jwt) and
+ld+cwt (and +cwt),
which means that
application/ld+jwt,
application/jwt,
application/ld+cwt, and
application/cwt
must be defined and registered, before or simultaneously with definition and registration of
application/vc+ld+jwt and
application/vc+ld+cwt.

If I correctly understand the interrelationships of these types, a better set might be
application/vc+ld+json+jwt,
application/ld+json+jwt,
application/json+jwt,
application/jwt,
application/ld+cbor+cwt,
application/vc+ld+cbor+cwt,
application/cbor+cwt, and
application/cwt,
because these are somewhat likely to increase comprehension of derivation,
though I realize cbor and json are implicit in cwt and jwt, respectively,
and neither application/json+jwt nor application/cbor+cwt are really subtypes of application/jwt or application/cwt ....

All that said — I am not convinced of

  • the intuitiveness of any of these to people outside our groups
  • that we have decided how to handle {presentation|verifiable presentation} media types alongside {credential|verifiable credential} media types
  • whether we have decided to have a single media type that encompasses both verifiable (with proofs) and non-verifiable (without proofs) {credentials|presentations}, and if so, whether that/those type/s reflects the possibility of verifiability

@thomas-fossati
Copy link

potential alternative would be:

vc-ld+jwt
vc-ld+cwt

The +cwt structured suffix is not present in the SSS registry. In an IETF-RATS draft we are requesting its registration though, so you may want to keep an eye on that document -- and possibly help pushing it through the RFC Editor line ;-)

@OR13
Copy link
Contributor Author

OR13 commented Jun 30, 2023

I don't think we can call JSON-LD secured with a CoseSign1 a CWT, based on this:

https://mailarchive.ietf.org/arch/msg/cose/sTWvCwbX6RjMi1pV3kTn6huX1fk/

@OR13
Copy link
Contributor Author

OR13 commented Jun 30, 2023

This PR can be closed when #120 is merged

@Sakurann
Copy link
Contributor

Sakurann commented Sep 8, 2023

PR was merged

@Sakurann Sakurann closed this as completed Sep 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@TallTed @OR13 @thomas-fossati @Sakurann