Closed mprorock closed 1 year ago
I have nits, but I don't know if any of them matter.
Please add the issue markers for tag, to assist them in their review
yeah - the nits are in sections i didn't touch - only non-format changes were in doc title and abstract/intro will add issue markers separately in a follow on PR
with new short name "vc-jose-cose"
Curious how this will be performed? Will this repository be renamed?
Will leave that to the chairs, but is suspect that will be the case
@selfissued need to get this one merged so that we are building on consistent formatting - blocking addressing of additional PRs to address notes from @OR13 above
since this is hard to read due to reformatting, the actual changes are here (everything else untouched):
changes:
<title>Securing Verifiable Credentials using JOSE and COSE</title>
shortName: "vc-jose-cose",
added/adjusted:
<section id="introduction">
<h2>Introduction</h2>
<p>
This specification describes how to secure media types
expressing Verifiable Credentials and Verifiable Presentations
as described in the [[VC-DATA-MODEL]], using approaches
described by the COSE and JOSE working groups at IETF. This
includes JWTs [[RFC7519]], JWS [[RFC7515]], and COSE [[RFC8152]]
and provides an approach using well defined content types
[[RFC6838]] to identify that the type of data being secured
conforms with the [[VC-DATA-MODEL]].
</p>
<p>
JSON Web Signatures (JWS) [[RFC7515]] provide a standardized
mechanism for digitally signing JSON data. It provides a means
to ensure the integrity, authenticity, and non-repudiation of
the information contained in a JSON object. JWS enables secure
communication and trust between parties by adding a
cryptographic signature to a payload. This signature is
generated using a private key and can be verified using the
corresponding public key. JWS enables content integrity, authentication and non repudiation,
protecting data from unauthorized modifications. The
versatility and wide adoption of JWS make it an essential
component for verifying the authenticity and integrity of
data in various applications, including
authentication, authorization, and secure data exchange. These
properties make JWS especially well suited to securing the
JSON-LD [[VC-DATA-MODEL]] and through this to provide a means of
supporting the three party model (issuer, verifier, holder) for
exchange of credentials enabled in verifiable credenials.
</p>
added:
<p>
CBOR Object Signing and Encryption (COSE) [[RFC8152]] is a
specification that defines a framework for signing and
encrypting CBOR (Concise Binary Object Representation) [RFC8949]
data structures. COSE provides a standardized way to secure the
integrity, authenticity, and confidentiality of CBOR-encoded
information. It offers a flexible and extensible set of
cryptographic options, allowing for a wide range of algorithms
to be used for signing and encryption.
COSE supports two main operations: signing and encryption. For
signing, COSE allows the creation of digital signatures over
CBOR data using various algorithms such as HMAC, RSA, ECDSA, or
EdDSA. These signatures provide assurance of data integrity and
authenticity. COSE also supports encryption, enabling the
confidentiality of CBOR data by encrypting it with symmetric or
asymmetric encryption algorithms.
</p>
</section>
Editorial, merging
Many line number changes here. Actual changes in this: 1) Reformat and reflow for consistent indentation in the html and line breaks 2) retitle to "Securing Verifiable Credentials using JOSE and COSE" with new short name "vc-jose-cose" 3) reorder sections so securing core data model comes first 4) adjust abstract, and add introductory text that refers to items we are actually doing in this spec
Preview | Diff