From 0a721fb9b8e69f4bc42961eba887d0d9e0449db3 Mon Sep 17 00:00:00 2001 From: Michael Jones Date: Wed, 13 Sep 2023 15:43:53 +0200 Subject: [PATCH 1/5] Use Correct Names for Things --- index.html | 83 ++++++++++++++++++++++++++---------------------------- 1 file changed, 40 insertions(+), 43 deletions(-) diff --git a/index.html b/index.html index 5f34fe2b..01fc1cc3 100644 --- a/index.html +++ b/index.html @@ -346,14 +346,13 @@

Securing JSON-LD VCs with COSE

for the COSE "typ" (type) header parameter.

When using this approach, the content type (3) - SHOULD be application/vc+ld+json

+ SHOULD be application/vc+ld+json.

See Common COSE Header Parameters for additional details.

-

See Concise - Binary Object Representation (CBOR) Tags for additional - details.

+

See the IANA Concise Binary Object Representation (CBOR) Tags registry + for additional details.

@@ -410,24 +409,24 @@

Key Discovery

-

Registered Claim Names

+

Registered Header Parameter and Claim Names

- When found in the Protected Header, or - the Protected Claimset, members present in - IANA Assignments for JSON Web Token (JWT) and - IANA Assignments for JSON Object Signing and Encryption (JOSE) - are to be interpreted according to the associated specifications referenced by IANA. + When present in + the JOSE Header or + the JWT Claims Set + members registered in + the IANA JSON Web Token Claims registry or + the IANA JSON Web Signature and Encryption Header Parameters registry + are to be interpreted as defined by the specifications referenced in the registries.

- Registered claims that are present in either - the Protected Header - or the Claimset can be used to help + These parameters and claims can be used to help verifiers discover verification keys.

kid

- If kid is present in the Protected Header, + If kid is present in the JOSE Header, a verifier can use this parameter to obtain a JSON Web Key to use in the verification process. @@ -436,7 +435,7 @@

kid

iss

- If iss is present in the Protected Header + If iss is present in the JOSE Header or the JWT Claims , a verifier can use this parameter to obtain a JSON Web Key to use in the @@ -450,7 +449,7 @@

iss

If kid is also present in the - Protected Header, it is expected to be useful to + JOSE Header, it is expected to be useful to distinguish the specific key used.

@@ -462,7 +461,7 @@

iss

cnf

- If cnf is present in the Protected Header + If cnf is present in the JOSE Header or the JWT Claims , a verifier can use this parameter to obtain a JSON Web Key to use in the @@ -470,7 +469,7 @@

cnf

If kid is also present in the - Protected Header, it is expected to be + JOSE Header, it is expected to be useful to distinguish the specific key used.

@@ -498,7 +497,7 @@

JWT Issuer

-

Protected Header Parameters

+

JOSE Header Parameters

The normative statements in Registered Header Parameter Names @@ -509,7 +508,7 @@

Protected Header Parameters

apply to securing credentials and presentations.

- The data model for the protected header is JSON + The data model for the JOSE Header is JSON (application/json), not JSON-LD (application/ld+json).

@@ -518,27 +517,25 @@

Protected Header Parameters

apply to securing claims about a credential subject.

- When replicating claims from the claimset to the header, it is - RECOMMENDED to use [[RFC7519]], IANA - Assignments for Header Parameters, and IANA - Assignments for JSON Web Token (JWT) - to identify any reserved claims that might be confused with - members of the [[VC-DATA-MODEL]. This includes but is not + When replicating claims from the JWT Claims Set to Header Parameters, it is + RECOMMENDED to use [[RFC7519]], + the IANA JSON Web Token Claims registry, or + the IANA JSON Web Signature and Encryption Header Parameters registry + to identify any claims that might be confused with + members defined by the [[VC-DATA-MODEL]. This includes but is not limited to: iss, kid, alg, iat, - exp and cnf. + exp, and cnf.

- The registered claim names vc and vp + The JWT Claim Names vc and vp MUST NOT be present as header parameters.

When present, members of the header are to be interpreted and - processed according to - IANA - Assignments for JSON Web Token (JWT) and - IANA - Assignments for JSON Object Signing and Encryption (JOSE). + processed according to the definitions referenced from + the IANA JSON Web Signature and Encryption Header Parameters registry and + the IANA JSON Web Token Claims registry.

Additional members may be present, if they are not understood, @@ -551,7 +548,7 @@

Protected Header Parameters

Securing Verifiable Credentials

The describes the approach taken by JSON Web - Tokens to secure claimsets as applying an + Tokens to secure JWT Claims Sets as applying an external proof.

The normative statements in Securing @@ -615,23 +612,23 @@

Securing Verifiable Credentials

Requirements.

- Accordingly, Issuers, Holders and Verifiers MUST understand the + Accordingly, Issuers, Holders, and Verifiers MUST understand the JSON Web Token header parameter "alg": "none" when securing the [[VC-DATA-MODEL]] with JSON Web Tokens.

When content types from the [[VC-DATA-MODEL]] are secured using - JSON Web Tokens, the header parameter "alg": - "none", MUST be used to communicate that a claimset (a + JSON Web Tokens, the header parameter "alg": "none", + MUST be used to communicate that a JWT Claims Set (a Verifiable Credential or a Verifiable Presentation) has no integrity protection.

- When a JSON Web Token claimset (a Verifiable Credential or a + When a JWT Claims Set (a Verifiable Credential or a Verifiable Presentation) contains proof, and the JSON Web Token header contains - "alg": "none", the claimset MUST be considered to + "alg": "none", the JWT Claims Set MUST be considered to have no integrity protection.

@@ -639,7 +636,7 @@

Securing Verifiable Credentials

required to be secured or integrity protected or to contain a proof member.

-

Issuers, Holders and Verifiers MUST ignore all claimsets that +

Issuers, Holders, and Verifiers MUST ignore all JWT Claims Sets that have no integrity protection.

@@ -1243,7 +1240,7 @@

Selective Disclosure

The following examples are taken from .

These example are from a work in progress draft.

- An issuer might start with a vc+ld+json claimset, for example: + An issuer might start with a vc+ld+json JWT Claims Set, for example: 

 {
@@ -1286,7 +1283,7 @@ 
Selective Disclosure

 }

- The issuer converts this claimset into the SD-JWT payload, and encodes the token, for example: + The issuer converts this JWT Claims Set into the SD-JWT payload, and encodes the token, for example: 

 eyJhbGciOiAiRVMyNTYifQ.eyJpc3MiOiAiaHR0cHM6Ly9leGFtcGxlLmNvbS9pc3N1Z
@@ -1336,7 +1333,7 @@ 
Selective Disclosure

Notice that, in the case of sd-jwt, the decoded payload - is different from the input claimset: + is different from the input JWT Claims Set: 

 {

From 99dac5038337e23728dc1a5c4d1088e3f5a0681e Mon Sep 17 00:00:00 2001
From: "Michael B. Jones" 
Date: Wed, 20 Sep 2023 14:41:32 -0700
Subject: [PATCH 2/5] Update index.html

Co-authored-by: Ted Thibodeau Jr 
---
 index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.html b/index.html
index 01fc1cc3..f19c5d45 100644
--- a/index.html
+++ b/index.html
@@ -519,7 +519,7 @@ 
JOSE Header Parameters

       

         When replicating claims from the JWT Claims Set to Header Parameters, it is
         RECOMMENDED to use [[RFC7519]],
-	the IANA JSON Web Token Claims registry, or
+	the IANA JSON Web Token Claims registry, and
 	the IANA JSON Web Signature and Encryption Header Parameters registry
         to identify any claims that might be confused with
         members defined by the [[VC-DATA-MODEL]. This includes but is not

From c3a64fac2521236b25a6d5cea72d2ec240ef9b7b Mon Sep 17 00:00:00 2001
From: "Michael B. Jones" 
Date: Wed, 20 Sep 2023 14:42:07 -0700
Subject: [PATCH 3/5] Update index.html

Co-authored-by: Ted Thibodeau Jr 
---
 index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.html b/index.html
index f19c5d45..e21a2f20 100644
--- a/index.html
+++ b/index.html
@@ -522,7 +522,7 @@ 
JOSE Header Parameters

 	the IANA JSON Web Token Claims registry, and
 	the IANA JSON Web Signature and Encryption Header Parameters registry
         to identify any claims that might be confused with
-        members defined by the [[VC-DATA-MODEL]. This includes but is not
+        members defined by the [[VC-DATA-MODEL]. These include but are not
         limited to: iss, kid,
         alg, iat,
         exp, and cnf.

From 73263ec3d2575d961afdf2b8c5ca0691ccccf4fe Mon Sep 17 00:00:00 2001
From: "Michael B. Jones" 
Date: Wed, 20 Sep 2023 14:42:24 -0700
Subject: [PATCH 4/5] Update index.html

Co-authored-by: Ted Thibodeau Jr 
---
 index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.html b/index.html
index e21a2f20..f6e7159c 100644
--- a/index.html
+++ b/index.html
@@ -533,7 +533,7 @@ 
JOSE Header Parameters

       

       

         When present, members of the header are to be interpreted and
-        processed according to the definitions referenced from
+        processed according to the corresponding definitions found in
 	the IANA JSON Web Signature and Encryption Header Parameters registry and
 	the IANA JSON Web Token Claims registry.
       


From 439e94d05e56f867d0f6556dea5187844e4f4df2 Mon Sep 17 00:00:00 2001
From: "Michael B. Jones" 
Date: Wed, 20 Sep 2023 14:42:40 -0700
Subject: [PATCH 5/5] Update index.html

Co-authored-by: Ted Thibodeau Jr 
---
 index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.html b/index.html
index f6e7159c..7a2c36eb 100644
--- a/index.html
+++ b/index.html
@@ -538,7 +538,7 @@ 
JOSE Header Parameters

 	the IANA JSON Web Token Claims registry.
       

       

-        Additional members may be present, if they are not understood,
+        Additional members may be present. If they are not understood,
         they MUST be ignored.