Improve examples #104
Improve examples #104
Conversation
|
The issue was discussed in a meeting on 2023-06-07
View the transcript1.2. JWT PRs.Orie Steele: There are 2 new PRs on VC-JWT, 103 and 104. See github pull request vc-jwt#103. See github pull request vc-jwt#104. Orie Steele: There are 2 new PRs on VC-JWT, 103 and 104. See github pull request vc-data-model#1144. Orie Steele: PRs up in the core data model 1144.
Joe Andrieu: Added a comment to 103. Would it be useful to reuse the pattern for VCs. A base media type plus securing?
Dave Longley: agrees it is following the same pattern. Orie Steele: talking about confidence method in registry.
Brent Zundel: 9 open PRs, please review and look thru them. Ted Thibodeau Jr.: suggest that we call out specific issues and PRs in agenda ahead of time.
|
|
thank you @OR13 !!! |
| <h2>Controllers</h2> | ||
| <pre class="example" title="A verifiable credential controller document"> |
There was a problem hiding this comment.
This example seems out of place. What's the intent of putting a DID document example in vc-jwt?
There was a problem hiding this comment.
Its necessary to explain controller documents, because they are related to iss and kid, similar to:
https://w3c.github.io/vc-data-integrity/#controller-documents
There was a problem hiding this comment.
Just read that section, and I have to say that it's not intuitive at all. I think it would be worth either: adding an example that refers to this controller document, pointing to the spec you mentioned, or explicitly stating the relationship between controller docs and iss & kid.
| Presentations | ||
| </h2> | ||
|
|
||
| <pre class="example" title="Credential"> |
There was a problem hiding this comment.
| <pre class="example" title="Credential"> | |
| <pre class="example" title="A Verifiable Presentation referencing and containing Verifiable Credentials"> |
There was a problem hiding this comment.
Good suggestion, but it does not contain them... it contains one and references many, can you amend your suggestion to "A Verifiable Presentation referencing and containing Verifiable Credentials" ? or something similar?
| "did:example:123", | ||
| "urn:uuid:01ec9426-c175-4e39-a006-d30050e28214", | ||
| "urn:ietf:params:oauth:jwk-thumbprint:sha-256:_Fpfe27AuGmEljZE9s2lw2UH-qrZLRFNrWbJrWIe4SI", |
There was a problem hiding this comment.
Curious how these 3 items are Verifiable Credentials?
There was a problem hiding this comment.
they are not, but this RDF term defines what verifiableCredential means when it is in a presentation.
https://github.com/w3c/vc-data-model/blob/main/contexts/credentials/v2#L84
As you can see, its not defined in the vocabulary... cc @iherman ...
https://www.w3.org/2018/credentials#verifiableCredential
However, you can tell from the @context the above syntax is intended, see:
"verifiableCredential": {
"@id": "https://www.w3.org/2018/credentials#verifiableCredential",
"@type": "@id", // this tells you `id` values are acceptable
"@container": "@graph" // this tells you members are separate graphs.
},
| data:application/vp+ld+json;base64,eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvbnMvY3JlZGVudGlhbHMvdjIiXSwidHlwZSI6WyJWZXJpZmlhYmxlUHJlc2VudGF0aW9uIl0sInZlcmlmaWFibGVDcmVkZW50aWFsIjpbImRhdGE6YXBwbGljYXRpb24vdmMrbGQranNvbjtiYXNlNjQsZXlKQVkyOXVkR1Y0ZENJNld5Sm9kSFJ3Y3pvdkwzZDNkeTUzTXk1dmNtY3Zibk12WTNKbFpHVnVkR2xoYkhNdmRqSWlYU3dpZEhsd1pTSTZXeUpXWlhKcFptbGhZbXhsUTNKbFpHVnVkR2xoYkNKZExDSnBjM04xWlhJaU9pSm9kSFJ3Y3pvdkwybHpjM1ZsY2k1MlpXNWtiM0l1WlhoaGJYQnNaU0lzSW5aaGJHbGtSbkp2YlNJNklqSXdNak10TURZdE1EZFVNakU2TVRRNk1UUXVNVFE0V2lJc0ltTnlaV1JsYm5ScFlXeFRkV0pxWldOMElqcDdJbWxrSWpvaWFIUjBjSE02THk5emRXSnFaV04wTG5abGJtUnZjaTVsZUdGdGNHeGxJbjE5Il19 | ||
| </pre> | ||
|
|
||
| <pre class="example" title="Nested Unsecured JWT"> |
There was a problem hiding this comment.
The nested threw me off for a bit. What's the purpose of base64 encoding a JWT, which is already base64 encoded?
There was a problem hiding this comment.
Compliance with https://datatracker.ietf.org/doc/html/rfc2397 requires it.
This highlights why COSE is nice, helps avoid the double encoding.
Regarding why this particular example, we need to show examples that are confusing / dangerous, because this is a security specification and we need to warn implementers about them.
There was a problem hiding this comment.
Thanks for the explanation!
There was a problem hiding this comment.
confusing
Double encoding bad
Co-authored-by: Andres Uribe <[email protected]>
Co-authored-by: Andres Uribe <[email protected]>
Co-authored-by: Andres Uribe <[email protected]>
Co-authored-by: Andres Uribe <[email protected]>
Co-authored-by: Andres Uribe <[email protected]>
|
@andresuribe87 Thank you for such a thorough review! I have accepted most of your suggestions, if you agree with the refinements to the ones I did not accept yet, please apply them and ping me to review again. |
There was a problem hiding this comment.
@OR13 I've updated the suggestions so you can apply them. This is 🔥
Preview | Diff