diff --git a/index.html b/index.html index 0fda6c0c..ef81ef3e 100644 --- a/index.html +++ b/index.html @@ -319,14 +319,13 @@

Securing JSON-LD VCs with COSE

for the COSE "typ" (type) header parameter.

When using this approach, the content type (3) - SHOULD be application/vc+ld+json

+ SHOULD be application/vc+ld+json.

See Common COSE Header Parameters for additional details.

-

See Concise - Binary Object Representation (CBOR) Tags for additional - details.

+

See the IANA Concise Binary Object Representation (CBOR) Tags registry + for additional details.

@@ -381,24 +380,24 @@

Key Discovery

-

Registered Claim Names

+

Registered Header Parameter and Claim Names

- When found in the Protected Header, or - the Protected Claimset, members present in - IANA Assignments for JSON Web Token (JWT) and - IANA Assignments for JSON Object Signing and Encryption (JOSE) - are to be interpreted according to the associated specifications referenced by IANA. + When present in + the JOSE Header or + the JWT Claims Set + members registered in + the IANA JSON Web Token Claims registry or + the IANA JSON Web Signature and Encryption Header Parameters registry + are to be interpreted as defined by the specifications referenced in the registries.

- Registered claims that are present in either - the Protected Header - or the Claimset can be used to help + These parameters and claims can be used to help verifiers discover verification keys.

kid

- If kid is present in the Protected Header, + If kid is present in the JOSE Header, a verifier can use this parameter as a hint indicating which key was used to secure the verifiable credential, when performing a verification process as defined in RFC7515. @@ -411,7 +410,7 @@

kid

iss

- If iss is present in the Protected Header + If iss is present in the JOSE Header or the JWT Claims , a verifier can use this parameter to obtain a JSON Web Key to use in the @@ -425,7 +424,7 @@

iss

If kid is also present in the - Protected Header, it is expected to be useful to + JOSE Header, it is expected to be useful to distinguish the specific key used.

@@ -437,7 +436,7 @@

iss

cnf

- If cnf is present in the Protected Header + If cnf is present in the JOSE Header or the JWT Claims , a verifier MAY use this parameter to identify a proof-of-possesion key in the manner described in [[rfc7800]] for use in the @@ -468,7 +467,7 @@

JWT Issuer

-

Protected Header Parameters

+

JOSE Header Parameters

The normative statements in Registered Header Parameter Names @@ -479,7 +478,7 @@

Protected Header Parameters

apply to securing credentials and presentations.

- The data model for the protected header is JSON + The data model for the JOSE Header is JSON (application/json), not JSON-LD (application/ld+json).

@@ -488,15 +487,15 @@

Protected Header Parameters

apply to securing claims about a credential subject.

- When replicating claims from the claimset to the header, it is - RECOMMENDED to use [[RFC7519]], IANA - Assignments for Header Parameters, and IANA - Assignments for JSON Web Token (JWT) - to identify any reserved claims that might be confused with - members of the [[VC-DATA-MODEL]. This includes but is not + When replicating claims from the JWT Claims Set to Header Parameters, it is + RECOMMENDED to use [[RFC7519]], + the IANA JSON Web Token Claims registry, and + the IANA JSON Web Signature and Encryption Header Parameters registry + to identify any claims that might be confused with + members defined by the [[VC-DATA-MODEL]. These include but are not limited to: iss, kid, alg, iat, - exp and cnf. + exp, and cnf.

When the iat and/or exp JWT claims are present, @@ -506,19 +505,17 @@

Protected Header Parameters

that represent the validity of the data that is being secured.

- The registered claim names vc and vp + The JWT Claim Names vc and vp MUST NOT be present as header parameters.

When present, members of the header are to be interpreted and - processed according to - IANA - Assignments for JSON Web Token (JWT) and - IANA - Assignments for JSON Object Signing and Encryption (JOSE). + processed according to the corresponding definitions found in + the IANA JSON Web Signature and Encryption Header Parameters registry and + the IANA JSON Web Token Claims registry.

- Additional members may be present, if they are not understood, + Additional members may be present. If they are not understood, they MUST be ignored.

@@ -528,7 +525,7 @@

Protected Header Parameters

Securing Verifiable Credentials

The describes the approach taken by JSON Web - Tokens to secure claimsets as applying an + Tokens to secure JWT Claims Sets as applying an external proof.

The normative statements in Securing @@ -592,23 +589,23 @@

Securing Verifiable Credentials

Requirements.

- Accordingly, Issuers, Holders and Verifiers MUST understand the + Accordingly, Issuers, Holders, and Verifiers MUST understand the JSON Web Token header parameter "alg": "none" when securing the [[VC-DATA-MODEL]] with JSON Web Tokens.

When content types from the [[VC-DATA-MODEL]] are secured using - JSON Web Tokens, the header parameter "alg": - "none", MUST be used to communicate that a claimset (a + JSON Web Tokens, the header parameter "alg": "none", + MUST be used to communicate that a JWT Claims Set (a Verifiable Credential or a Verifiable Presentation) has no integrity protection.

- When a JSON Web Token claimset (a Verifiable Credential or a + When a JWT Claims Set (a Verifiable Credential or a Verifiable Presentation) contains proof, and the JSON Web Token header contains - "alg": "none", the claimset MUST be considered to + "alg": "none", the JWT Claims Set MUST be considered to have no integrity protection.

@@ -616,7 +613,7 @@

Securing Verifiable Credentials

required to be secured or integrity protected or to contain a proof member.

-

Issuers, Holders and Verifiers MUST ignore all claimsets that +

Issuers, Holders, and Verifiers MUST ignore all JWT Claims Sets that have no integrity protection.