-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Definition of all key formats are left out of scope of the VC data model and crypto suites #97
Comments
In order to consolidate discussion as @quartzjer pointed out in #83 this will help focus this issue a bit so we can close #83. Potential key formats to consider:
One approach is to not couple the method chosen to the signature suite. This way implementations could choose which they support just as they choose which signature suites they support or which algorithms they support. Another approach is to specifically tie a one or many identifer -> key format patterns to each spec used for securing verifiable credentials. Both are credible paths with different tradeoffs and I believe we should be making a scoping discussion about this now because it will affect whether or not we need to bring new key formats such as blockchain accounts or multibase into the normatively defined documents section so that we can reference that document in the securing verifiable credential documents. |
closing, based on meeting conversation |
The issue was discussed in a meeting on 2022-03-23
View the transcript2.6. Definition of all key formats are left out of scope of the VC data model and crypto suites (issue vc-wg-charter#97)See github issue vc-wg-charter#97. Brent Zundel: Definition of all key formats are left out of scope of the VC data model and crypto suites. Orie Steele: Kyle and I have been chatting about this a lot. Manu Sporny: There's nothing we're doing that prevents arbitrary key format conversion. Michael Jones: Two points.
Michael Jones: Again, modelling after OpenID Connect, there are places where JWTs are used, but there are places where keys are included and those keys are JWK format. That promotes interop. To the extent that keys will be passed as protocol elements, we are better off having a small or singleton set to promote interoperability. I'm not asking to put this into the charter, but once we're in the WG, whether we want to make JWK support mandatory is a fair question.. Brent Zundel: This is something the WG needs to continue talking about.
|
I'm not sure this can be completely left to a future VCWG discussion for one small reason. I see two potential changes to the charter that need to be made to enable certain discussions. While I do think this is largely a design choice that fits under the patterns and design choices of the specific conditional normative cryptosuites (and wouldn't require any charter changes on that front), the statement "The normative specification of APIs or protocols" will impact the ability to normatively define the authorization model and checks within those cryptosuites. This is because the cryptosuites will require a normative protocol definition in order to resolve the identifiers to the public keys as well as to perform the necessary authorization checks in order to validate that the keys usage is being done properly. I'd propose that to resolve this issue we need to allow ourselves the ability to normatively define how the identifier to public key mapping is being done as well as we need the ability to normatively define the proper authorization checks that need to be done. This is regardless of if we support a single format for each suite, if we support a many to one definition for each suite, or if we leave this undefined and consider it an extension point like I've advocated before (which I think are all options that can be left to the WG later). The other potential argument to be made is whether multibase/multikey is going to be normatively defined within this WG (and as such needs to be listed in the charter) or if that work will be done elsewhere and then the cryptosuites will reference those definitions. For other formats like PEM/DER/JWK/CWK etc we've got normative references that can be referenced so no concerns on that front. |
At the request of @msporny in #82 I'm opening this issue in order remove key formats from the scope of the VC WG Charter. This has a direct impact on the decision made in #82 as well
The text was updated successfully, but these errors were encountered: