Description
I created this draft a while ago for discussion:
https://github.com/OR13/draft-osteele-vc-jose
The key point of this document was to clarify the boundary between the "Core Data Model" and the "Securing the Core Data Model".
In particular, I think that securing a JSON data model is best accomplished with JSON Web Signatures... not JSON Web Tokens.
Similarly, I think Verifiable Presentations are best secured with JSON Web Encryptions not JSON Web Tokens.
It's my understanding, that there was interest in creating a new form of "securing the core data model" at TPAC, oriented towards JOSE more generally, and not relegated to JSON Web Tokens only.
I've done implementations of both, I find the mappings massively simpler... In part because of the unfortunate mapping that shipped for VC-JWT... specifically the. "instead of or in addition to" language.
It's very tempting to create a clean new format that sidesteps some of the mistakes made in the VC-JWT mapping, and is not encumbered by "breaking changes" since vc-jws
and vp-jwe
do not exist yet.