search

w3c / vc-jose-cose

Verifiable Credentials Working Group — VC JSON Web Tokens specification
https://w3c.github.io/vc-jose-cose/
Other
30 stars 9 forks source link

COSE algorithms and examples not specified #207

Closed msporny closed 5 months ago

msporny commented 7 months ago

The entire specification is devoid of any COSE algorithms or examples. The issues with COSE are the same as raised in issue #205. The COSE semantics are unclear wrt. the VC semantics for properties that express the same information. Furthermore, embedding text in COSE is a questionable usage of the technology. While it can be done, no mention of why this is useful is outlined in the specification.

At a minimum, COSE examples should be included in the specification and algorithms on how one secures and verifies a COSE-protected VC should be defined.

Edit: I see now that Section 10.5 contains incomplete COSE Examples. Some complete COSE examples should be provided.

selfissued commented 7 months ago

The COSE examples are at https://w3c.github.io/vc-jose-cose/#cose-examples. It's not clear that it's necessary to duplicate the VCDM payloads in these examples, as they would be the same as those in the other examples.

We can say that, if you like.

msporny commented 7 months ago

Not having any test vectors or full examples for a major serialization format of the specification is not acceptable. Stating that we don't have those test vectors or full examples is also not acceptable.

selfissued commented 7 months ago

I will add the clarification in the examples that the payload is the same as when secured with SD-JWT.

Test vectors don't belong in the spec. They belong in the test suite.

decentralgabe commented 5 months ago

We have an opportunity to make the COSE examples more human friendly.

Related: https://github.com/transmute-industries/edn