second attempt to add sd-jwt vcdm #147
Conversation
| { | ||
| "vct": "https://credentials.example.com/identity_credential", | ||
| //W3C VCDM 2.0 compliant claims | ||
| "vcdm": { |
There was a problem hiding this comment.
There was a problem hiding this comment.
resolving since discussion is continuing in another thread
| //W3C VCDM 2.0 compliant claims | ||
| "vcdm": { | ||
| "@context": ["https://www.w3.org/ns/credentials/v2"], | ||
| "type": ["VerifiableCredential", "https://credentials.example.com/identity_credential"], |
There was a problem hiding this comment.
should be top level and relationship with vct must be explained
There was a problem hiding this comment.
There are various options, see above, but it seems that only one is reasonable.
There was a problem hiding this comment.
I disagree. See my question on data model governance: https://github.com/openid/oid4vc-haip/pull/147/files#r1922674086
|
|
||
| SD-JWT VCDM is a data model that follows IETF SD-JWT VC [@!I-D.ietf-oauth-sd-jwt-vc], but allows the usage of [@!W3C.VCDM1.1] or [@!W3C.VCDM2.0]. When IETF SD-JWT VC is mentioned in this specification, SD-JWT VCDM define in this section MAY be used. | ||
|
|
||
| For backward compatibility with JWT processors, the following registered JWT claims MUST be used, instead of their respective counterpart properties in [@!W3C.VCDM1.1] or [@!W3C.VCDM2.0]: |
There was a problem hiding this comment.
need to add a paragraph on vct claim and type property
There was a problem hiding this comment.
option 1: keep completely independent. implementations need to define both - easiest to request via DCQL even if harder for the issuers.
option 2: redefine sd-jwt vc to make vct optional - would impact the rest of sd-jwt vc implementations
option 3: static vct for this case - makes it impossible to request using DCQL
option 4: define how to determine a vct value based on type values - hard to define
based on the discussion with @c2bo @danielfett @awoie @bc-pi choosing option 1.
There was a problem hiding this comment.
The data model should not be impacted by DCQL. If it is, there's an issue in the design and should be resolved.
There was a problem hiding this comment.
added this:
Implementaters of SD-JWT VCDM MUST use valid values for both vctClaim defined in IETF SD-JWT VC [@!I-D.ietf-oauth-sd-jwt-vc] andtype proprty defined in W3C VCDM [@!W3C.VCDM1.1] or [@!W3C.VCDM2.0].
|
|
||
| IETF SD-JWT VC is extended with the following claims: | ||
|
|
||
| * `vcdm`: OPTIONAL. Contains properties defined in [@!W3C.VCDM1.1] or [@!W3C.VCDM2.0] that are not represented by their counterpart JWT Claims as defined above. |
There was a problem hiding this comment.
How is "vcdm" different from the good old "vc" claim?
There was a problem hiding this comment.
I recommend removing the "vcdm" if the governance of the data model is well defined. (see my question on how to express claims from different vocabularies)
There was a problem hiding this comment.
The vcdm claim is there to allow JSON-LD processors to process the vcdm object which has to be a valid JSON-LD object in compact form. Some JSON-LD processors would have issues with terms that are not included in a context definition. There might be some SD-JWT and SD-JWT VC claims today or in the future that are not included and therefore cause issues. By encapsulating the JSON-LD stuff within vcdm, we guarantee this won't cause any issues. See my processing model suggestions https://github.com/openid/oid4vc-haip/pull/147/files#r1922554997.
There was a problem hiding this comment.
By encapsulating the JSON-LD stuff within
vcdm
Isn't that exactly the same reason why you introduced vc a few years ago? Why not re-use that?
There was a problem hiding this comment.
I guess vc would be fine, but it is an IANA-registered claim that's defined for use in a different context. Might be okay to re-use though. vcdm would make it clear that this claim is to be used with the processing model in mind that @awoie describes in one of the other suggested changes.
There was a problem hiding this comment.
If implementations had issues
a) what are the issues?
b) can we contact them and learn more about the issues?
There was a problem hiding this comment.
I think
vcwon't be used. It would be"vcdm": { VCDM 1.1 or VCDM 2.0 stuff }.
But @Sakurann said:
IANA reserved
vcfor w3c vcdm 1.1
Wouldn't there be a lot of ambiguity and interop problems if you define two different JWT claims that can be used for the same purpose (VCDM 1.1)?
There was a problem hiding this comment.
I don't see how that would be a problem. The SD-JWT VC DM wrapper is new and has to be implemented anyway; any claim name would work. What is important is what is in the vcdm claim.
There was a problem hiding this comment.
any claim name would work
So are you saying if an Issuer wants to use VCDM 1.1 wrapped inside a JWT, they could use either the vc or vcdm claim, since both serve the same purpose? And would Verifiers also be expected to support both? Or pick one of the two?
There was a problem hiding this comment.
I meant to say that we can define any claim name here, without much impact on implementations. Whether they process vcdm, vc or foo doesn't matter. Of course we need to settle on one.
There may be a preference of one over the other for historic reasons, or because one has an existing IANA definition, or because one has clearer semantics, but other than that, it doesn't matter.
| //W3C VCDM 2.0 compliant claims | ||
| "vcdm": { | ||
| "@context": ["https://www.w3.org/ns/credentials/v2"], | ||
| "type": ["VerifiableCredential", "https://credentials.example.com/identity_credential"], |
There was a problem hiding this comment.
I would remove the relationship between vct and type. We should acknowledge that the typing can be different. I assume that JSON-LD processors want their JSON-LD type system. To guarantee interop on the protocol level, e.g., query credentials in OID4VP, the vct value has to be used.
| "type": ["VerifiableCredential", "https://credentials.example.com/identity_credential"], | |
| "type": ["VerifiableCredential", "IdentityCredential"], |
There was a problem hiding this comment.
This means you could have a situation where you request a driver's license on the OID4VP level, but then receive a VC with a type of birth certificate?
There was a problem hiding this comment.
To guarantee interop on the protocol level, e.g., query credentials in OID4VP, the vct value has to be used.
I always thought OID4VP supports different credential formats? Is it now getting more tightly coupled to SD-JWT VC?
There was a problem hiding this comment.
This means you could have a situation where you request a driver's license on the OID4VP level, but then receive a VC with a type of birth certificate?
@peacekeeper It is the issuer's responsibility to avoid nonsensical situations like this. If the issuer is trusted, I'd assume this not going to happen and they would make sure that vct value and business logic object would align. For instance, this could be done via vct Type Metadata where the Type Metadata would say that for a given vct value the type property has to have certain values as well.
There was a problem hiding this comment.
I always thought OID4VP supports different credential formats? Is it now getting more tightly coupled to SD-JWT VC?
@peacekeeper It is not getting more tightly coupled. OID4VP does support any format. This PR is specifically about SD-JWT VCDM. Also note that this is the HAIP repository, not the OID4VP repository.
There was a problem hiding this comment.
The goal is to have the selective disclosure capabilities of SD-JWT VC, but re-use existing data structures in W3C VCDM format. See the modified intro text: "SD-JWT VCDM credentials contain a data structure that can be processed using a JSON-LD processor after applying SD-JWT processing."
There was a problem hiding this comment.
The goal is to have the selective disclosure capabilities of SD-JWT VC, but re-use existing data structures in W3C VCDM format.
Apart from the fact that VCDM already supports selective disclosure using Data Integrity proofs (no SD-JWT needed), it ALSO supports securing VCDM with SD-JWT directly (no SD-JWT VC needed).
So why SD JWT VCDM?
There was a problem hiding this comment.
So why SD JWT VCDM
If you asked me personally, one major advantage is that no JSON-LD is required whereas VCDM 2.0 requires the payload to be a valid JSON-LD object in compact form. It has more overhead and the idea is that while this should stay possible, it shouldn't be required. SD-JWT VCDM would allow for this.
There was a problem hiding this comment.
@peacekeeper because SD-JWT VC does not cover several subjects like microcredentials, references to external formats. On other hand Selective Disclosure much easier as well as the subjects Olivermentioned. That's why SD-JWT VCDM needed. Also in context eIDAS. Recommend to focus on technical subjects here
There was a problem hiding this comment.
- base data format is JSON
- if use cases want to use JSON-LD, JSON-LD should cover all the definitions needed to successfully process the data model (again, depending on for what purpose JSON-LD is used)
- JSON-LD context MUST be treated as any referenced content in the data model (integrity protection, ability to share the data as unsigned payload); See related discussion: Data Integrity -> external resources w3c/vc-data-integrity#323 (comment)
Hence, I propose to remove the "VCDM" claim and the double-processing rules as it is creating confusion and repeating the error from the past.
… clarify that the verifier has a choice
|
|
||
| SD-JWT VCDM credentials contain a data structure that can be processed using a JSON-LD processor after applying SD-JWT processing. | ||
|
|
||
| When IETF SD-JWT VC is mentioned in this specification, SD-JWT VCDM defined in this section MAY be used. | ||
|
|
||
| For backward compatibility with JWT processors, the following registered JWT claims MUST be used, instead of their respective counterpart properties in [@!W3C.VCDM1.1] or [@!W3C.VCDM2.0]: | ||
| Implementaters of SD-JWT VCDM MUST use valid values for both `vct` Claim defined in IETF SD-JWT VC [@!I-D.ietf-oauth-sd-jwt-vc] and `type` proprty defined in W3C VCDM [@!W3C.VCDM1.1] or [@!W3C.VCDM2.0]. |
There was a problem hiding this comment.
Do they have to match or not? What happens if one client processes the vct claim, and another processes the type claim, and they arrive at different conclusions? To me it sounds like a huge source of ambiguity and potential problems if a data model contains basically the same concept twice ("type of a Verifiable Credential"). Especially if not only the values can be different, but also the way how the values are being expressed is different.
Saying that "it's the responsibility of the issuer" is a bit naïve I think...
| @@ -255,6 +254,91 @@ Note: The issuer MAY decide to support both options. In which case, it is at the | |||
|
|
|||
| A Credential Format Profile for Credentials complying with IETF SD-JWT VCs [@!I-D.ietf-oauth-sd-jwt-vc] is defined in Annex A.3 of [@!OIDF.OID4VCI] and Annex A.4 of [@!OIDF.OID4VP]. | |||
|
|
|||
| ## SD-JWT VC Data Model (SD-JWT VCDM) | |||
|
|
|||
| SD-JWT VCDM is a credential format that is compliant to IETF SD-JWT VC [@!I-D.ietf-oauth-sd-jwt-vc] that allows the usage of existing data structures represented using W3C VCDM [@!W3C.VCDM1.1] or [@!W3C.VCDM2.0], while enabling selective disclosure. | |||
There was a problem hiding this comment.
Please change this sentence. While admittedly not strictly untrue, to most readers, this paragraph will only perpetuate the false claim that W3C VCDM does not support selective disclosure, which has been spread at various conferences and communities in the last years. The claim that SD-JWT VCDM is needed to do SIMPLE selective disclosure with W3C VCDM is equally untrue, as you can also just use plain SD-JWT if you really want. The introduction should explain this to avoid risk of further confusion and deception.
|
|
||
| When IETF SD-JWT VC is mentioned in this specification, SD-JWT VCDM defined in this section MAY be used. | ||
|
|
||
| Implementaters of SD-JWT VCDM MUST use valid values for both `vct` Claim defined in IETF SD-JWT VC [@!I-D.ietf-oauth-sd-jwt-vc] and `type` proprty defined in W3C VCDM [@!W3C.VCDM1.1] or [@!W3C.VCDM2.0]. |
There was a problem hiding this comment.
| Implementaters of SD-JWT VCDM MUST use valid values for both `vct` Claim defined in IETF SD-JWT VC [@!I-D.ietf-oauth-sd-jwt-vc] and `type` proprty defined in W3C VCDM [@!W3C.VCDM1.1] or [@!W3C.VCDM2.0]. | |
| Implementers of SD-JWT VCDM MUST use valid values for both `vct` Claim defined in IETF SD-JWT VC [@!I-D.ietf-oauth-sd-jwt-vc] and `type` property defined in W3C VCDM [@!W3C.VCDM1.1] or [@!W3C.VCDM2.0]. |
| @@ -255,6 +254,91 @@ Note: The issuer MAY decide to support both options. In which case, it is at the | |||
|
|
|||
| A Credential Format Profile for Credentials complying with IETF SD-JWT VCs [@!I-D.ietf-oauth-sd-jwt-vc] is defined in Annex A.3 of [@!OIDF.OID4VCI] and Annex A.4 of [@!OIDF.OID4VP]. | |||
|
|
|||
| ## SD-JWT VC Data Model (SD-JWT VCDM) | |||
|
|
|||
| SD-JWT VCDM is a credential format that is compliant to IETF SD-JWT VC [@!I-D.ietf-oauth-sd-jwt-vc] that allows the usage of existing data structures represented using W3C VCDM [@!W3C.VCDM1.1] or [@!W3C.VCDM2.0], while enabling selective disclosure. | |||
There was a problem hiding this comment.
This, of course, doesn't strictly speak to the false cry of perpetuating claims that W3C VCDM does not support selective disclosure but might be more relatable to many readers.
| SD-JWT VCDM is a credential format that is compliant to IETF SD-JWT VC [@!I-D.ietf-oauth-sd-jwt-vc] that allows the usage of existing data structures represented using W3C VCDM [@!W3C.VCDM1.1] or [@!W3C.VCDM2.0], while enabling selective disclosure. | |
| SD-JWT VCDM is a credential format that is compliant to IETF SD-JWT VC [@!I-D.ietf-oauth-sd-jwt-vc] that allows the usage of existing data structures represented using W3C VCDM [@!W3C.VCDM1.1] or [@!W3C.VCDM2.0], while enabling a consistent approach to selective disclosure. |
There was a problem hiding this comment.
false cry
I don't think it's helpful to bring emotions into this thread. There is no "cry", and it is not "false" to simply observe that SD-JWT (VC(DM)) proponents have made false claims about selective disclosure in W3C VCDM.
There was a problem hiding this comment.
To try and be productive, I don't think this suggested change is helpful, since it still doesn't explain why SD-JWT VCDM is needed. If you want to enable "a consistent approach to selective disclosure", as this suggestion says, you can also just use plain SD-JWT with VCDM directly, without the SD-JWT VC extensions.
Therefore I still think this introduction needs to explain somehow what this work adds to what's already out there.
| ```json | ||
| { | ||
| "vct": "https://credentials.example.com/identity_credential", | ||
| "vcdm": { //W3C VCDM 2.0 compliant claims |
There was a problem hiding this comment.
| "vcdm": { //W3C VCDM 2.0 compliant claims | |
| "vcdm": { //W3C VCDM 2.0 or 1.1 compliant claims |
There was a problem hiding this comment.
What does this mean for:
IANA reserved
vcfor w3c vcdm 1.1
| } | ||
| ``` | ||
|
|
||
| The following is a non-normative example of how an unsecured payload of an SD-JWT VCDM above can be used for the SD-JWT: |
There was a problem hiding this comment.
Still not sure this sentience makes sense but the "an"s here weren't helping.
| The following is a non-normative example of how an unsecured payload of an SD-JWT VCDM above can be used for the SD-JWT: | |
| The following is a non-normative example of how the unsecured payload of the SD-JWT VCDM above can be used for the SD-JWT: |
There was a problem hiding this comment.
I think this sentence is trying to say:
The following is a non-normative example of how to secure "application/vc" with "application/dc+sd-jwt":
| ```json | ||
| { | ||
| "_sd": [ | ||
| "vwUhdFvpylx9Sqi2YNBV1dfVK6lCbhXvkH0nThfKFT0" |
There was a problem hiding this comment.
I realize it's just a "a non-normative example" but to my naïve little mind this implies that the vcdm claim is the only thing made selectively disclosable. And that doesn't make much sense to me.
|
|
||
| When IETF SD-JWT VC is mentioned in this specification, SD-JWT VCDM defined in this section MAY be used. | ||
|
|
||
| Implementaters of SD-JWT VCDM MUST use valid values for both `vct` Claim defined in IETF SD-JWT VC [@!I-D.ietf-oauth-sd-jwt-vc] and `type` proprty defined in W3C VCDM [@!W3C.VCDM1.1] or [@!W3C.VCDM2.0]. |
There was a problem hiding this comment.
| Implementaters of SD-JWT VCDM MUST use valid values for both `vct` Claim defined in IETF SD-JWT VC [@!I-D.ietf-oauth-sd-jwt-vc] and `type` proprty defined in W3C VCDM [@!W3C.VCDM1.1] or [@!W3C.VCDM2.0]. | |
| Implementaters of SD-JWT VCDM MUST use valid values for both `vct` Claim defined in IETF SD-JWT VC [@!I-D.ietf-oauth-sd-jwt-vc] and `type` property defined in W3C VCDM [@!W3C.VCDM1.1] or [@!W3C.VCDM2.0]. |
|
|
||
| * `vcdm`: OPTIONAL. Contains properties defined in [@!W3C.VCDM1.1] or [@!W3C.VCDM2.0] that are not represented by their counterpart JWT Claims as defined above. | ||
|
|
||
| The following outlines a suggested non-normative processing steps for SD-JWT VCDM: |
There was a problem hiding this comment.
| The following outlines a suggested non-normative processing steps for SD-JWT VCDM: | |
| The following outlines a suggested non-normative set of processing steps for SD-JWT VCDM: |
|
Since there are discussions about the relationship between the Does SD-JWT VCDM support Verifiable Presentations? |
IMO, the |
That sounds pretty useless indeed, where is that defined? :) But I was asking about Verifiable Presentations in general, I assume you wouldn't consider those an "unnecessary construct"? There are many projects and applications that use Verifiable Presentations. The Verifiable Credentials Data Model defines BOTH Verifiable Credentials and Verifiable Presentations. Would it be correct to say that SD-JWT VC DM only supports the Verifiable Credentials part, but not the Verifiable Presentations part? |
With all due respect, this is yet another unnecessary false claim. We should avoid such statements, as they detract from the quality of the discussion and tend to favor those who shout the loudest over those who present reasoned arguments. The W3C VP enables the combination of multiple credentials into a single presentation, which is signed by the holder and then presented to a verifier. This mechanism plays a critical role in the interaction between the holder and the verifier. As an independent open-source engineer and a European - directly affected by these issues - it's disheartening to see critical technologies being discussed in this manner, where valid points are diminished by false claims and dismissive rhetoric. |
The reason this is unnecessary in this context (OID4VP as a transmission protocol) is something I should have explained better—my apologies for that. While it has some value when combined with Data Integrity Proofs, it does not add any value when used with COSE/JOSE/SD-JWT. Here’s why: The W3C VCDM 2.0 defines Example:
|
|
I fully agree "EnvelopedVerifiableCredential" and "EnvelopedVerifiablePresentation" are "fascinatingly unnecessary constructs with a purpose that remains a mystery". The same is true for this SD-JWT VCDM work. In both cases, two incompatible data models are being mixed up in a complicated way, without any clear explanation other than "people want it". |
|
|
||
| When IETF SD-JWT VC is mentioned in this specification, SD-JWT VCDM defined in this section MAY be used. | ||
|
|
||
| Implementaters of SD-JWT VCDM MUST use valid values for both `vct` Claim defined in IETF SD-JWT VC [@!I-D.ietf-oauth-sd-jwt-vc] and `type` proprty defined in W3C VCDM [@!W3C.VCDM1.1] or [@!W3C.VCDM2.0]. |
There was a problem hiding this comment.
| Implementaters of SD-JWT VCDM MUST use valid values for both `vct` Claim defined in IETF SD-JWT VC [@!I-D.ietf-oauth-sd-jwt-vc] and `type` proprty defined in W3C VCDM [@!W3C.VCDM1.1] or [@!W3C.VCDM2.0]. | |
| Implementaters of SD-JWT VCDM MUST use valid values for both `vct` Claim defined in IETF SD-JWT VC [@!I-D.ietf-oauth-sd-jwt-vc] and `type` property defined in W3C VCDM [@!W3C.VCDM1.1] or [@!W3C.VCDM2.0]. |
|
|
||
| For backward compatibility with JWT processors, the following registered JWT claims MUST be used, instead of their respective counterpart properties in W3C VCDM [@!W3C.VCDM1.1] or [@!W3C.VCDM2.0]: | ||
|
|
||
| * To represent the validity period of SD-JWT VCDM (i.e., cryptographic signature), `exp`/`iat` Claims encoded as a UNIX timestamp (NumericDate) MUST be used, and not `expirationDate` and `issuanceDate` properties defined in [@!W3C.VCDM1.1], `validFrom` and `validTo` properties defined in [@!W3C.VCDM2.0]. |
There was a problem hiding this comment.
| * To represent the validity period of SD-JWT VCDM (i.e., cryptographic signature), `exp`/`iat` Claims encoded as a UNIX timestamp (NumericDate) MUST be used, and not `expirationDate` and `issuanceDate` properties defined in [@!W3C.VCDM1.1], `validFrom` and `validTo` properties defined in [@!W3C.VCDM2.0]. | |
| * To represent the validity period of SD-JWT VCDM (i.e., cryptographic signature), `exp`/`nbf` Claims encoded as a UNIX timestamp (NumericDate) MUST be used, and not `expirationDate` and `issuanceDate` properties defined in [@!W3C.VCDM1.1], `validFrom` and `validTo` properties defined in [@!W3C.VCDM2.0]. |
There was a problem hiding this comment.
See:
- https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.5
- https://www.w3.org/TR/vc-data-model-2.0/#validity-period
iat is the time the token is issued, not the time at which the token is to be considered valid.
It's conceivable that a mismatch here would prevent use cases where I issue a credential now, that becomes active a day from now.
You could also say that for simplicity it is not possible to issue sd-jwt-vc with validity periods which exist in the future, and leave the current text, and resolve this comment.
There was a problem hiding this comment.
Could there be valid scenarios where exp, iat, nbf, validFrom, validTo all have different values?
Or is the idea that validFrom, validTo are ignored, just like this PR also proposes to ignore other VC properties?
There was a problem hiding this comment.
| * To represent the validity period of SD-JWT VCDM (i.e., cryptographic signature), `exp`/`iat` Claims encoded as a UNIX timestamp (NumericDate) MUST be used, and not `expirationDate` and `issuanceDate` properties defined in [@!W3C.VCDM1.1], `validFrom` and `validTo` properties defined in [@!W3C.VCDM2.0]. | ||
| * `iss` Claim MUST represent the identifier of the `issuer` property, i.e., the `issuer` property value if `issuer` is a String, or the `id` property of the `issuer` object if `issuer` is an object. `issuer` property MUST be ignored if present. | ||
| * `status` Claim MUST represent `credentialStatus` property. `credentialStatus` property MUST be ignored if present. | ||
| * `sub` Claim MUST represent the `id` property of `credentialSubject` property. `credentialSubject` property MUST be ignored if present. |
There was a problem hiding this comment.
| * `sub` Claim MUST represent the `id` property of `credentialSubject` property. `credentialSubject` property MUST be ignored if present. | |
| * `sub` Claim MUST represent the `id` property of `credentialSubject` property. `credentialSubject` property MUST be ignored if present. There is no support for the case where `credentialSubject` is an array. |
|
|
||
| IETF SD-JWT VC is extended with the following claims: | ||
|
|
||
| * `vcdm`: OPTIONAL. Contains properties defined in [@!W3C.VCDM1.1] or [@!W3C.VCDM2.0] that are not represented by their counterpart JWT Claims as defined above. |
There was a problem hiding this comment.
Don't do this.
Just let the claimset be defined as a JWT claimset.
And allow any properties that are not understood to be ignored.
Do not introduce a nested object, it breaks compatibility with the TR defined here:
There was a problem hiding this comment.
Agree with @OR13 , inserting one data model as a nested object inside another data model will lead to interop problems.
| 1. SD-JWT VC Processing: | ||
|
|
||
| - A receiver (holder or verifier) of an SD-JWT VCDM applies the processing rules outlined in Section 4 of [@!I-D.ietf-oauth-sd-jwt-vc], including verifying signatures, validity periods, status information, etc. | ||
| - If the `vct` value is associated with any SD-JWT VC Type Metadata, schema validation of the entire SD-JWT VCDM is performed, including the nested `vcdm` claim. |
There was a problem hiding this comment.
Just say that when vct is present it overrides any application profile type specific processing that might have been implied by type as described in https://www.w3.org/TR/vc-data-model-2.0/#types
| "type": ["VerifiableCredential", "https://credentials.example.com/identity_credential"], | ||
| "credentialSubject": { | ||
| "given_name": "John", | ||
| "family_name": "Doe", |
There was a problem hiding this comment.
these terms are not defined in https://www.w3.org/ns/credentials/v2, so you either need to add another context to the top level, or leave them defined like this to highlight that the RDF part of JSON-LD rarely works.
The "correct" way to fix this is to put a second context in the claimset which you are intending to be well formed JSON-LD, like this:
"@context": [
"https://www.w3.org/ns/credentials/v2",
"https://credentials.example.com/ns/credentials/examples/v2"
],
or
"@context": [
"https://www.w3.org/ns/credentials/v2",
{ "@vocab": "https://schema.org/" }
],
There was a problem hiding this comment.
Drop the "vcdm" claim... Or... use the existing "vc" claim which at one point was planned to be deprecated, and now its unclear how it would relate to this PR... I filled w3c/vc-jose-cose#329
There was a problem hiding this comment.
@leecam commented during today's working group call that anything we put in HAIP effectively creates implementation requirements for all ecosystem participants. Therefore, there should be a high bar for deciding to add things to HAIP. I agree.
Personally, I don't think that creating an implementation requirement for VCDM 1.1 would be a step forward. I'd therefore prefer not to add this.
As long as HAIP should be used in eIDAS Framework the SD-JWT VCDM is essential in order to achieve legal compliance and interoperability with existing ecosystems and standardization framework. But as it´s focused on Europe maybe it might be better to shift the standardization work on this subject to European standardization body to avoid affects for non-European parties. |
|
@selfissued Presumably you comment does not apply to VCDM 2.0? (which is why I gave it a thumbs up) |
resolves #128
intended as an altenative that supercedes #134
todo: