Closed selfissued closed 2 weeks ago
bc-pi
commented
3 weeks ago I can imagine you may have comments on this pull request.
Yes, please consider using something other than application/vc+sd-jwt for identifying an SD-JWT with a payload conforming to the Verifiable Credential Data Model.
Perhaps one of:
application/vcdm+sd-jwt
application/vcdm2+sd-jwt
application/w3c-vc+sd-jwt
application/vc-ld+sd-jwt
application/vc-json-ld+sd-jwt
application/vc-ld-json+sd-jwt
selfissued
commented
3 weeks ago My initial reaction to the suggestion to change only application/vc+sd-jwt but not any of the other related proposed media types such as application/vp+sd-jwt, application/vc+jwt, application/vc+cose is that that's probably a non-starter with the VCWG because of the obviously inconsistencies in naming.
As I'd written to the OAuth WG, it’s my hope that the registrations of application/vc+sd-jwt and application/vp+sd-jwt will be able to be done in a way that works for both VC-JOSE-COSE and SD-JWT-VC. I'd like people's input on that.
If that ends up being infeasible, then yes, we'll have to come up a way to deconflict the names used by VC-JOSE-COSE and SD-JWT-VC. Thanks all for thinking about this.
bc-pi
commented
3 weeks ago My initial reaction to the suggestion to change only
application/vc+sd-jwtbut not any of the other related proposed media types such asapplication/vp+sd-jwt,application/vc+jwt,application/vc+coseis that that's probably a non-starter with the VCWG because of the obviously inconsistencies in naming.
In which case I'd suggest something derivative of, but consistent with, the set of media types requested recently by the W3C VC WG:
application/vc-ld-json
application/vp-ld-json
application/vc-ld-json+jwt
application/vp-ld-json+jwt
application/vc-ld-json+sd-jwt
application/vp-ld-json+sd-jwt
application/vc-ld-json+cose
application/vp-ld-json+cose
As I'd written to the OAuth WG, it’s my hope that the registrations of
application/vc+sd-jwtandapplication/vp+sd-jwtwill be able to be done in a way that works for both VC-JOSE-COSE and SD-JWT-VC. I'd like people's input on that.
I'll reply over there (oauth and mediaman lists) as well. But with respect to application/vc+sd-jwt, I hope you'd agree that an IETF SD-JWT VC and an SD-JWT with a payload conforming to the VCDM 2.0 are distinctly different things and that it'd be wholly inappropriate to use the same media type to represent them.
As far application/vp+sd-jwt goes, I don't personally see a reasonable justification for the existence of using SD-JWT to secure verifiable presentations conforming to the VCDM 2.0. But that's a digression that I don't have the energy or motivation to further try to convince the VCWG about. The concept isn't relevant in the IETF SD-JWT VC context though so there's nothing to do with respect to working for both.
If that ends up being infeasible, then yes, we'll have to come up a way to deconflict the names used by VC-JOSE-COSE and SD-JWT-VC. Thanks all for thinking about this.
It seems to me that the easiest way to deconflict would be to not introduce the conflict in the first place.
selfissued
commented
3 weeks ago Understood. @bc-pi, can you please file an issue for vc-data-model asking to change application/vc to application/vc-ld and application/vp to application/vp-ld? That change would set the stage for the VCWG to be able to consistently use names like application/vc-ld+sd-jwt, etc. Thanks.
OR13
commented
3 weeks ago In case folks wish to provide comments or review to OAuth or Spice, see
https://mailarchive.ietf.org/arch/msg/oauth/2qfLP2RFEehzUxrdmiXTAEqk7OQ/
https://github.com/oauth-wg/oauth-sd-jwt-vc
https://github.com/mesur-io/ietf-misc/blob/main/editor_drafts/draft-prorock-spice-cose-sd-cwt.md?plain=1 ( hopefully sd-cwt draft will move elsewhere soon ).
bc-pi
commented
3 weeks ago Understood. @bc-pi, can you please file an issue for vc-data-model asking to change
application/vctoapplication/vc-ldandapplication/vptoapplication/vp-ld? That change would set the stage for the VCWG to be able to consistently use names likeapplication/vc-ld+sd-jwt, etc. Thanks.
decentralgabe
commented
2 weeks ago Editorial approval, changes addressed, open for over a week. Merging.
Aligns with https://github.com/w3c/vc-data-model/pull/1478/
Preview | Diff