Inconsistent versions

[David-Chadwick]

The latest versions of the draft specification, published on 21 December 2023, are inconsistent. Specifically the latest published version at https://www.w3.org/TR/vc-jose-cose/ contains Example 1 that does not have any encodings (it only contains the example VC), whereas the latest editor's draft at https://w3c.github.io/vc-jose-cose/ contains Example 1 with Committed Issued Disclosed Presented and Verified tabs

[David-Chadwick]

Neither is correct. The final specification should contain the union of both examples i.e. it should contain the example VC along with the five SD-JWT tabs.

[selfissued]

@iherman is there a build error?

[iherman]

@iherman is there a build error?

I do not see any.

You can see the github actions at: https://github.com/w3c/vc-jose-cose/actions and these do not refer to any error. Both the editor's draft and the official W3C versions are dated 1st of January '24.

I cannot comment on the original discrepancies.

(B.t.w., if there is an error, it is visible on that list; clicking on the erroneous entry reveals the reasons which may reveal the reason of a fail. It is usually, but not always, a publication validation error thrown by respec.)

[iherman]

The issue was discussed in a meeting on 2024-01-09

• no resolutions were taken

View the transcript

#### 1.5. Inconsistent versions (issue vc-jose-cose#214) _See github issue [vc-jose-cose#214](https://github.com/w3c/vc-jose-cose/issues/214)._ **Michael Jones:** sounds like this says the drafts published in diff places have different content. … maybe I misunderstood though. **David Chadwick:** it may well be a tooling issue. All I know is two links take you to specs with different examples. … neither examples are wholly correct. … The examples should be a superset of both. … not sure what the base document is here. … there is some JSON in the spec with a VC. In one spec the spec contains the JSON of the VC. In the other it just shows the sd-jwt without showing the original VC. … we should include both. **Ivan Herman:** The github action seem to be okay. Not looking into this further. … I know in VCDM document, there is some transformation of the VC JSON in the document that happens. … maybe this is not in the JOSE spec. … looks like something to do with that tooling. **Manu Sporny:** I know the details, issue here is that the extension to respec. Called respec-vc has been modified to support sd-jwt. … believe this has been done in a way that is not compatible at publication time. … Think this is a known issue, needs to be fixed. … this is a non trivial exercise. … code written for respec, does not work in publication. … handed respec over to W3C. … All examples need to be updated to use software to generate the examples. … We need to put effort and work into fixing respec vc to support all securing methods. … Do we pull in orie's code for sd-jwt into the respec-vc extension. I suggest we do this. **Michael Jones:** does the vc extension work when publishing in both cases. **Manu Sporny:** two options, we either hack on orie's code to get this working. Or we integrate some of orie's code into respec-vc. … our intention with respec vc is to get it into a form that will work across all different specifications. **Michael Jones:** no need to bikeshed, but orie did custom code to be able to represent all forms of sd-jwt. **Brent Zundel:** this is affecting the examples, which are non-normative. Can handle after CR. **David Chadwick:** most of the tabs on the right had side of the example are good. The disclosed tab is not good. No description. … We need another tab that shows the raw example. … show the raw VC and how it has been manipulated. **Manu Sporny:** The examples DavidC is pointing to, I have not seen this before. … where has this notation come from. It is the expression of a VC in yaml format. … is this being specified anywhere. **Michael Jones:** my understanding is this was copied from how the sd-jwt test suite works. … I agree this is not clear. **Andres Uribe:** I know where this .yaml comes from. … selfissued is correct, these come from the testing suite. … sd-jwt has reference implementations. These include tests with the.yaml files. … .yaml files specify which claims will be made selectively disclosable in the payload. … If you are designing an api that allows issuers to select which statements are disclosable, you need something like that. **Brent Zundel:** thanks everyone, look forward to the spec moving into CR. ---

[decentralgabe]

Sounds like, from the call notes, this is a problem with rendering the examples and can be handled after CR. Labeling as such.

[decentralgabe]

related to https://github.com/w3c/respec-vc/issues/9

[David-Chadwick]

I dont think this should be labelled Post-CR but rather pre-CR. The reason is that the text talks about securing VCs with SD-JWT, and uses the sd-jwt media type. Thus the published CR should have an example of the securing mechanism that it specifies.

[decentralgabe]

agreed and this is related to @iherman's comment here, I will mark this as pre-cr.

[decentralgabe]

Closing, as this has been fixed with https://github.com/w3c/vc-jose-cose/pull/237

A follow-up to add examples for JOSE without SD-JWT is open here https://github.com/w3c/vc-jose-cose/issues/240