search

w3c / identity-web-impact

This document proposes an overview of Digital Identities on the Web and an analysis through different use cases of the systemic impact on both the market side and the human side, as well as the role that Web standardization may play in managing that impact
https://www.w3.org/reports/identity-web-impact/
1 stars 4 forks source link

[standards] please reference sd-jwt vc in the data model section in addition to mdoc and w3c vcdm #14

Open Sakurann opened 3 months ago

Sakurann commented 3 months ago

that is a format mainly planned to be used in Europe with this digital credentials browser API. https://drafts.oauth.net/oauth-sd-jwt-vc/draft-ietf-oauth-sd-jwt-vc.html

msporny commented 2 months ago

If a reference is to be made from W3C to SD-JWT VC, there will need to be a discussion over the confusion that has been created by the SD-JWT VC specification by re-using the name of a W3C Recommendation while being thoroughly incompatible with the W3C Recommendation. Using "verifiable credentials" to describe two formats that are incompatible with one another is creating market confusion.

To be clear, I am objecting to the re-use of the term "verifiable credential" in a specification at the IETF that has, as admitted by that specification, no relationship to W3C's use of the term in their W3C Recommendation. It is confusing people. In addition, given that the application/vc media type is registered by the W3C VCWG, it is inappropriate for the SD-JWT VC specification to re-use it given that there are objections by the VCWG in doing so in a way that creates confusion about the contents of the media type. I also object on those grounds.

These objections will not go away without consensus forming between the W3C VCWG and the IETF OAuth group -- avoiding that discussion, and attempting to ship things to production knowing that there is no consensus on SD-JWT VC's terminology use and media type use is behavior that is frowned upon.