Closed anthonycamilleri closed 1 week ago
I'm not opposed to seeing an example in the spec that has been secured using JAdES, but the WG will need to come to consensus on that.
Has it been listed in the VC Specifications Directory as a viable securing mechanism? That should be the first step regardless.
@brentzundel added as https://github.com/w3c/vc-specs-dir/pull/36
@anthonycamilleri wrote:
@brentzundel added as w3c/vc-specs-dir#36
This has been merged and included in the VC Specs Directory.
I'll note that the example linked to above is really big and verbose. Do you think you could add a JADES extension to respec-vc? That is what we use to generate the digitally signed examples. We could include JADES as another tab in some of the examples if you did so.
In any case, we should capitalize JAdES (the "JSON format for AdES Signatures") correctly, painful though it may be...
The issue was discussed in a meeting on 2024-06-05
PR #1501 has been raised to address this issue. This issue will be closed once PR #1501 has been merged.
The issue was discussed in a meeting on 2024-06-12
PR #1501 has been merged, closing.
Digital Signatures in Europe are regulated by the eIDAS directive, which sets mandatory technical specifications for legally admissible digital signatures in Europe. There are a range of different signature options, covering enveloped, enveloping and detached signatures, with different 'baselines' which essentially add signed timestamps to a file for long-term preservation.
An example of a JADES-LTA signed credential is attached to this issue - this one contains the highest level of assurance, with extendable long-term archiving timestamps - as produced by the DSS libraries (reference libraries for implementing the JADES standards, distributed by the European Commission to all member states).
Given the geographic scope of JADES (27 countries adopting this standard through legislation),and the sheer number of users that will be covered by the implementation, I would suggest that at minimum the standard would recognise the existence of the JADES standard, and that JADES standards can be used with verifiable credentials, and are RECOMMENDED for users based in the EU.
The appropriate reference would be to (TS 119 182-1 - V1.1.1 - Electronic Signatures and Infrastructures (ESI); JAdES digital signatures; Part 1: Building blocks and JAdES baseline signatures (etsi.org)).