Support JWT-secured VCs

[msporny]

The current specification does not support JWT-secured VCs and focuses on SD-JWT instead. This is concerning for two reasons:

1. The WG's charter expires in six months and it is doubtful that SD-JWT will reach IETF RFC status in that timeframe, which will leave the specification with no fallback for JOSE-based mechanisms.
2. If the goal of the specification is "to be implemented with standards for signing and encryption that are widely adopted." (as the Abstract states), then SD-JWT does not meet that criteria, and there does not seem to be broad support for COSE-secured VCs in any community at present.

At a minimum, the specification should elaborate on how a VC can be secured using a JWT.

Section 3.1.1 adds to the confusion by referencing RFC7515 (JSON Web Signatures), but then specifies the media type as vc+ld+json+sd-jwt. This is confusing because RFC7515 does not contain any information on how to secure anything using SD-JWT.

[David-Chadwick]

I already raised a similar issue to this (#191). My proposal is to keep the focus on SD-JWT, now that the work has advanced from vanilla JOSE securing to securing with selectively disclosure. Many implementations are migrating from vanilla JOSE to SD-JWT. I think it will be very widely adopted. Consequently I believe we need to improve the descriptions of using SD-JWT. I have raised PRs #212, #213 and #215 as a start. We will also need similar text for securing VPs in Example 2 in section 3.1.2.

As to support for COSE securing, I cannot comment on the support that there is for this.

[selfissued]

The working group already made a deliberate decision to remove pure JWS signing in favor of SD-JWT signing to remove choices. SD-JWT has a superset of JWT functionality. If no claims are selectively disclosable they are equivalent. (Yes, there's a trailing ~ added to the JWT as a marker that the data structure is an SD-JWT, but once that's removed, it can be processed by a standard JWT library.)

I'm open to discussing re-adding JWS signing, but I view that as a fallback we'll pursue in the future only if something goes terribly wrong with SD-JWT.

[msporny]

If no claims are selectively disclosable they are equivalent.

No, they are not. The SD-JWT really needs to stop saying this. Yes, you can easily convert from one format to the other, but to say that they're equivalent is just simply not true and the JOSE group will continue to be reminded of this point until the way SD-JWT is being presented to the world is changed to reflect the fact that you can't just pick up a standard JWT library and start processing SD-JWTs, primarily because that standard JWT library falls apart the second an entity does a selective disclosure, which you would expect every implementation to support given that you are using a selectively disclosable format.

SD-JWT is not JWT and MUST NOT be presented as such, even in prose.

I will note that there are production deployments of VC-JWT v1.1 and some of those organizations are probably expecting standard JWTs to continue to be supported. There are also ecosystems that don't need SD-JWT and would rather continue to use JWTs.

If the specification is not going to specify VCs protected by standard JWTs, it needs to clearly document why and that it MUST NOT be done to focus on SD-JWT.

I'm open to discussing re-adding JWS signing, but I view that as a fallback we'll pursue in the future only if something goes terribly wrong with SD-JWT.

A decision needs to be made one way or the other. I'll note that not all VC use cases need SD-JWT and many are negatively impacted by the complexity of SD-JWT. If a system receives an SD-JWT, it cannot presume that there will be no selective disclosures attempted, nor can it expect to use "off the shelf" JWT tooling and get away with it.

[decentralgabe]

I agree we should be explicit to either support all of JOSE or just SD-JWT before proceeding.

[iherman]

The issue was discussed in a meeting on 2024-01-09

List of resolutions:

• Resolution No. 1: VC JOSE COSE will add JWS signing before CR.

View the transcript

#### 1.1. Support JWT-secured VCs (issue vc-jose-cose#201) _See github issue [vc-jose-cose#201](https://github.com/w3c/vc-jose-cose/issues/201)._ **Michael Jones:** this issue asks us to reinstate signing of jose jwt. > *Will Abramson:* jws. **Michael Jones:** Currently the signing method in the spec is sd-jwt. … in a degenerate case it is compatible with jws accept it includes a tilde. … manu and DavidC pointed out that people were using JWS in v1. … given sd-jwt is not fully compatible with JWS maybe we should add JWS back in. … if we use JWS signature there is nothing selectively disclosable. … I am a proponent that standards should rely on standards, not working drafts. **David Chadwick:** been looking at the specs. I raised an issue suggesting a draft saying how we create sd-jwt's for vcs. Then learnt it was in the JOSE spec. … not opposed to sd-jwt, think it is a good enhancement. … because you can produce both selectively and non selectively disclosable VC. … think there are incompatibilities in the title and abstract because it still refers to JOSE when it doesn't use this. … I raised three PRs to address this. … examples in the spec are quite confusing. … Two points. First we need to stop saying that sd-jwt is compatible with regular jwts. It is not. … at least going to be a single char difference in the degenerate case. … if you are doing selective disclose your system needs to think differently. … we need to say this in the spec and be very clear about this. … point 2 - with respect to support of sd-jwts, there is a lot of hope that sd-jwts will be the next big thing. … we need to support use cases that do not require selective disclosure. … if using json you can do selective disclosure. if using CBOR you can't. This is problematic. … need to specify how you can just use regular JOSE rather than sd-jwt claims. **Andres Uribe:** sd-jwt have requirement to go from vc data model to the payload that will be blinded by the issuer to decide which statments are selectively disclosable. … I suggest we start with these JOSE first, sd-jwt is not a standard. Unclear what the timeline is for this. … went through a lot of debates about how to figure out the mapping. Want this to make it into the specs. … especially how we are mapping vc data model into claims in the JWS payload. > *Manu Sporny:* +1 to what andres is saying. **Andres Uribe:** Think we need a way to secure things with regular JWS. **David Chadwick:** sounds like a way forward would be to revert current spec to previous JOSE version. … Then have a new spec that is a profile of sd-jwt for VCs. … that can progress at the speed of the sd-jwt standard. **Michael Jones:** let me respond to a few points. … manu you are right JOSE signing does not support selective disclosure. … might be added in future, but not reliable. … Adoption of VCs in market is the ability to do selective dislosure and other privacy techniques. … not willing to rip of sd-jwt at this point. Would be willing to put JOSE back. … don't think this is that hard. **Manu Sporny:** +1 to keep sd-jwt. Would be bad to take it out. **Michael Jones:** Proposal: VC JOSE COSE will add JWS signing before CR. **Manu Sporny:** clarification on this proposal. This is how to take a VC and express it in a vanilla JWT. … any other variations of jose that you feel important to add in scope selfissued? **Michael Jones:** that is contentious, would rather leave that for now. **Brent Zundel:** and clarifications of the proposal? > **Proposed resolution: VC JOSE COSE will add JWS signing before CR.** *(Brent Zundel)* > *Manu Sporny:* +1. > *Ivan Herman:* +1. > *Michael Jones:* +1. > *Brent Zundel:* +1. > *Will Abramson:* +1. > *Andres Uribe:* +1. > *Phillip Long:* +1. > *David Chadwick:* +1. > *Chris Abernethy:* +1. > *Joe Andrieu:* +1. > *Ted Thibodeau Jr.:* +1. > *Dmitri Zagidulin:* +1. > *Steve McCown:* +1. > ***Resolution #1: VC JOSE COSE will add JWS signing before CR.*** **Brent Zundel:** issue 201 is open to track this.

[decentralgabe]

Discussed today on the editors call we will add a section similar to JOSE/COSE sections for SD-JWT, may be under the JOSE section.