dholms
commented
2 years ago I'll give a quick overview of the JOSE standards, and then where JSON Web Proofs fit in. I'm sure we're all familiar with JWTs, but maybe not with the whole family of JOSE specs. Prepare yourself for a hoard of "JW_" acronyms.
So JOSE (Javascript Object Signing & Encryption) is a standard for, well.... signing & encryption JSON. It includes several specs:
- JWA (JSON Web Algorithms) - describes the algorithms used in JOSE
- JWK (JSON Web Key) - describes the formatting & handling of keys used in JOSE
- JWS (JSON Web Signature) - describes signing & verifying messages
- JWE (JSON Web Encryption) - describes encrypting & decrypting messages
- JWT (JSON Web Token) - describes a "token" which is some set of claims encoded in JSON & protected by JWS or JWE
okay phew
Now a bit more background: Verifiable Credentials (VCs) are an emerging standard in the dweb space & a recent W3C spec. They are essentially signed attestations about a user from a trusted source that the user can then send around to other services to prove some piece of information about them (age, a certificate, etc). JWTs are commonly used for VCs. Here's a good article on them.
However, one downside of VCs in this format is that they are not terribly privacy preserving. VCs can often be linked together. Or require disclosure of multiple claims in order to validate just one.
JSON Web Proofs (JWP) are an extension of the JOSE spec that focuses on privacy preserving proofs.
A few more acronyms:
- JPA (JSON Proof Algorithms) - describes the algorithms used with JWPs
- JWP (JSON Web Proofs) - a new container similar to JWS that allows for more than one payload where each payload is unlinkable & can be selectively disclosed
- JPT (JSON Proof Token) - An application of JWP that is analogous to a JWT. JPT is to JWT as JWP is to JWS.
JWS requires two functions: sign & verify. JWP requires two extra functions (for a total of four): sign, verify, prove, & verify proof
A few example algorithms are given for JWPs:
- single use keys for each payload to maintain unlinkability
- BBS+ signatures: this is a signature scheme that uses a pairing curve (like bls12-381) to collating multiple signatures into one signature that allows selectively revealing the original signed messages.
- From the GH repo: "BBS+ Signatures allow for multi-message signing whilst producing a single output signature. With a BBS signature, a proof of knowledge based proof can be produced where only some of the originally signed messages are revealed at the discretion of the prover."
- Zero-knowledge proofs: the gold standard of selectively proving information without linkability. These seem to be the end goal of JWPs.
JWPs seem to really shine in the use case of VCs.
Comparison to UCANs JWPs and UCANs both build on top of and extend the JWT spec. However, JWPs are solving a different problem from UCANs. UCANs are authorization tokens that prove ability to do something and can be attenuated to delegate permissions to another actor. JWPs are a container to prove & selectively disclose some facts about a user.
JWPs don't have any semantics for attenuation of authorization. Their main use case seems to be proving some fact about a user (such as a VC).
For authorization, I still think UCANs are the tool that maps most nicely to what we want. But JWPs are certainly a powerful primitive to have at our disposal.
The Fission team has talked about shortening UCAN chains by compressing them into a ZKP in the proof (prf) field. Their might be a situation where we use JWP semantics to structure the presentation of this ZKP.
However, ZKPs are still a little ways off. The technology is still progressing (quickly!), and even the JWP docs suggest that ZKPs are the goal while punting on the actual implementation details for the time being.
pfrazee
Evaluate in comparison with UCANs https://github.com/json-web-proofs/json-web-proofs#user-content-fn-JWS-66165f84d74d387b4cbbf94b42d9a297
And think through what a demo might entail