From a073db56124d11d32cc5374ea59bac3ff966b26c Mon Sep 17 00:00:00 2001 From: Michael Jones Date: Fri, 13 Sep 2024 12:48:10 -0700 Subject: [PATCH 1/6] Move Conformance section into Introduction --- index.html | 194 ++++++++++++++++++++++++++--------------------------- 1 file changed, 97 insertions(+), 97 deletions(-) diff --git a/index.html b/index.html index e28d983..84b040b 100644 --- a/index.html +++ b/index.html @@ -198,6 +198,103 @@

Introduction

asymmetric encryption algorithms.

+
+
+

Conformance Classes

+

+ A conforming JWS document is one that conforms to all of the + "MUST" statements in Section . +

+

+ A conforming JWS issuer implementation produces + [=conforming JWS documents=] and MUST secure them as described in Section + . +

+ A conforming JWS verifier implementation verifies + [=conforming JWS documents=] as described in Section + . +

+

+ A conforming SD-JWT document is one that conforms to all of the + "MUST" statements in Section . +

+

+ A conforming SD-JWT issuer implementation produces + [=conforming SD-JWT documents=] and MUST secure them as described in Section + . +

+ A conforming SD-JWT verifier implementation verifies + [=conforming SD-JWT documents=] as described in Section + . +

+

+ A conforming COSE document is one that conforms to all of the + "MUST" statements in Section . +

+

+ A conforming COSE issuer implementation produces + [=conforming COSE documents=] and MUST secure them as described in Section + . +

+

+ A conforming COSE verifier implementation verifies + [=conforming COSE documents=] as described in Section + . +

+
+
+

Securing Verifiable Credentials

+

The describes + the approach taken by JSON Web Tokens to secure JWT Claims Sets as applying an + external proof. +

+

The normative statements in Securing + Mechanisms apply to securing + application/vc-ld+jwt and + application/vp-ld+jwt, + application/vc-ld+sd-jwt and + application/vp-ld+sd-jwt, + as well as + application/vc-ld+cose and + application/vp-ld+cose. +

+

+ JSON Web Token implementers are advised to review Implementation + Requirements. +

+

+ Accordingly, Issuers, Holders, and Verifiers MUST understand the + JSON Web Token header parameter + "alg": "none" when securing [[VC-DATA-MODEL-2.0]] + with JSON Web Tokens. + When content types from [[VC-DATA-MODEL-2.0]] are secured using + JSON Web Tokens, the header parameter "alg": "none", + MUST be used to communicate that a JWT Claims Set (a + Verifiable Credential or a Verifiable Presentation) has no + integrity protection. + When a JWT Claims Set (a Verifiable Credential or a + Verifiable Presentation) contains + proof, and the JSON Web Token header contains + "alg": "none", the JWT Claims Set MUST be considered to + have no integrity protection. +

+

+ Verifiable Credentials and Verifiable Presentations are not + required to be secured or integrity protected or to contain a + proof member. +

+

+ Issuers, Holders, and Verifiers MUST ignore all JWT Claims Sets that + have no integrity protection. +

+

+ The JWT Claim Names vc and vp + MUST NOT be present in any JWT Claims Set. +

+
+ +
+
@@ -1055,103 +1152,6 @@

Using Controller Documents

-
-
-

Conformance Classes

-

- A conforming JWS document is one that conforms to all of the - "MUST" statements in Section . -

-

- A conforming JWS issuer implementation produces - [=conforming JWS documents=] and MUST secure them as described in Section - . -

- A conforming JWS verifier implementation verifies - [=conforming JWS documents=] as described in Section - . -

-

- A conforming SD-JWT document is one that conforms to all of the - "MUST" statements in Section . -

-

- A conforming SD-JWT issuer implementation produces - [=conforming SD-JWT documents=] and MUST secure them as described in Section - . -

- A conforming SD-JWT verifier implementation verifies - [=conforming SD-JWT documents=] as described in Section - . -

-

- A conforming COSE document is one that conforms to all of the - "MUST" statements in Section . -

-

- A conforming COSE issuer implementation produces - [=conforming COSE documents=] and MUST secure them as described in Section - . -

-

- A conforming COSE verifier implementation verifies - [=conforming COSE documents=] as described in Section - . -

-
-
-

Securing Verifiable Credentials

-

The describes - the approach taken by JSON Web Tokens to secure JWT Claims Sets as applying an - external proof. -

-

The normative statements in Securing - Mechanisms apply to securing - application/vc-ld+jwt and - application/vp-ld+jwt, - application/vc-ld+sd-jwt and - application/vp-ld+sd-jwt, - as well as - application/vc-ld+cose and - application/vp-ld+cose. -

-

- JSON Web Token implementers are advised to review Implementation - Requirements. -

-

- Accordingly, Issuers, Holders, and Verifiers MUST understand the - JSON Web Token header parameter - "alg": "none" when securing [[VC-DATA-MODEL-2.0]] - with JSON Web Tokens. - When content types from [[VC-DATA-MODEL-2.0]] are secured using - JSON Web Tokens, the header parameter "alg": "none", - MUST be used to communicate that a JWT Claims Set (a - Verifiable Credential or a Verifiable Presentation) has no - integrity protection. - When a JWT Claims Set (a Verifiable Credential or a - Verifiable Presentation) contains - proof, and the JSON Web Token header contains - "alg": "none", the JWT Claims Set MUST be considered to - have no integrity protection. -

-

- Verifiable Credentials and Verifiable Presentations are not - required to be secured or integrity protected or to contain a - proof member. -

-

- Issuers, Holders, and Verifiers MUST ignore all JWT Claims Sets that - have no integrity protection. -

-

- The JWT Claim Names vc and vp - MUST NOT be present in any JWT Claims Set. -

-
- -
-

IANA Considerations

From eaf8cc6a06f1401b767016a769c7bc62b4f6ee46 Mon Sep 17 00:00:00 2001 From: Gabe <7622243+decentralgabe@users.noreply.github.com> Date: Fri, 20 Sep 2024 13:18:57 -0700 Subject: [PATCH 2/6] Update index.html Co-authored-by: Ted Thibodeau Jr --- index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.html b/index.html index 84b040b..7b65374 100644 --- a/index.html +++ b/index.html @@ -198,7 +198,7 @@

Introduction

asymmetric encryption algorithms.

-
+

Conformance Classes

From bd0df62799f39b6b8b22cf0e642366670148bde4 Mon Sep 17 00:00:00 2001 From: Gabe <7622243+decentralgabe@users.noreply.github.com> Date: Fri, 20 Sep 2024 13:19:07 -0700 Subject: [PATCH 3/6] Apply suggestions from code review Co-authored-by: Ted Thibodeau Jr --- index.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/index.html b/index.html index 7b65374..ce177c2 100644 --- a/index.html +++ b/index.html @@ -263,8 +263,8 @@

Securing Verifiable Credentials

Requirements.

- Accordingly, Issuers, Holders, and Verifiers MUST understand the - JSON Web Token header parameter + Issuers, Holders, and Verifiers MUST understand the + JSON Web Token header parameter setting "alg": "none" when securing [[VC-DATA-MODEL-2.0]] with JSON Web Tokens. When content types from [[VC-DATA-MODEL-2.0]] are secured using From e661352552c1270d5315b401b7b72ce369e85f23 Mon Sep 17 00:00:00 2001 From: Gabe <7622243+decentralgabe@users.noreply.github.com> Date: Fri, 20 Sep 2024 13:19:48 -0700 Subject: [PATCH 4/6] Apply suggestions from code review Co-authored-by: Ted Thibodeau Jr --- index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.html b/index.html index ce177c2..3a449bd 100644 --- a/index.html +++ b/index.html @@ -268,7 +268,7 @@

Securing Verifiable Credentials

"alg": "none" when securing [[VC-DATA-MODEL-2.0]] with JSON Web Tokens. When content types from [[VC-DATA-MODEL-2.0]] are secured using - JSON Web Tokens, the header parameter "alg": "none", + JSON Web Tokens, the header parameter setting "alg": "none", MUST be used to communicate that a JWT Claims Set (a Verifiable Credential or a Verifiable Presentation) has no integrity protection. From 63798366baf87d9ebaf9946e0042cd57dc1669a3 Mon Sep 17 00:00:00 2001 From: Gabe <7622243+decentralgabe@users.noreply.github.com> Date: Fri, 20 Sep 2024 13:19:59 -0700 Subject: [PATCH 5/6] Apply suggestions from code review Co-authored-by: Ted Thibodeau Jr --- index.html | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/index.html b/index.html index 3a449bd..13f0223 100644 --- a/index.html +++ b/index.html @@ -269,18 +269,18 @@

Securing Verifiable Credentials

with JSON Web Tokens. When content types from [[VC-DATA-MODEL-2.0]] are secured using JSON Web Tokens, the header parameter setting "alg": "none", - MUST be used to communicate that a JWT Claims Set (a - Verifiable Credential or a Verifiable Presentation) has no + MUST be used to communicate that a JWT Claims Set that comprises a + Verifiable Credential or a Verifiable Presentation has no integrity protection. - When a JWT Claims Set (a Verifiable Credential or a - Verifiable Presentation) contains + When a JWT Claims Set that comprises a Verifiable Credential or a + Verifiable Presentation contains proof, and the JSON Web Token header contains "alg": "none", the JWT Claims Set MUST be considered to have no integrity protection.

Verifiable Credentials and Verifiable Presentations are not - required to be secured or integrity protected or to contain a + required to be secured nor integrity protected, nor to contain a proof member.

From 2fa8fe9671586d09279e98259ab7a73a163653f4 Mon Sep 17 00:00:00 2001 From: Gabe <7622243+decentralgabe@users.noreply.github.com> Date: Fri, 20 Sep 2024 13:20:21 -0700 Subject: [PATCH 6/6] Apply suggestions from code review Co-authored-by: Ted Thibodeau Jr --- index.html | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/index.html b/index.html index 13f0223..2e1b82c 100644 --- a/index.html +++ b/index.html @@ -284,12 +284,14 @@

Securing Verifiable Credentials

proof member.

- Issuers, Holders, and Verifiers MUST ignore all JWT Claims Sets that - have no integrity protection. + Issuers, Holders, and Verifiers of Verifiable Credentials and/or + Verifiable Presentations MUST ignore all, and MUST NOT produce any, + JWT Claims Sets that have no integrity protection.

The JWT Claim Names vc and vp - MUST NOT be present in any JWT Claims Set. + MUST NOT be present in any JWT Claims Set that comprises a + Verifiable Credential or a Verifiable Presentation.