From ad467785c5d227e5481df8853c1f588a04b8549c Mon Sep 17 00:00:00 2001 From: Orie Steele Date: Thu, 24 Aug 2023 17:34:51 -0500 Subject: [PATCH 1/5] Changes to normative statements --- index.html | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/index.html b/index.html index 1a32ec3a..c7f0d487 100644 --- a/index.html +++ b/index.html @@ -215,10 +215,10 @@

Securing JSON-LD Verifiable Credentials with JOSE

[[rfc7515]] MAY be used to secure this media type.

- The typ parameter MUST be vc+ld+json+jwt + The typ parameter SHOULD be vc+ld+json+sd-jwt

- When present, the cty MUST be + When present, the cty SHOULD be vc+ld+json

@@ -256,10 +256,10 @@

Securing JSON-LD Verifiable Presentations with JOSE

application/vp+ld+json with JOSE.

[[rfc7515]] MAY be used to secure this media type.

-

The typ parameter MUST be +

The typ parameter SHOULD be vp+ld+json+jwt

-

When present, the cty parameter MUST be +

When present, the cty parameter SHOULD be vp+ld+json

@@ -308,7 +308,7 @@

With COSE

COSE [[rfc9052]] is a common approach to encoding and securing information using CBOR [[rfc8949]]. Verifiable credentials MAY - be secured using COSE [[rfc9052]] and MUST be identified through + be secured using COSE [[rfc9052]] and SHOULD be identified through use of content types as outlined in this section.

@@ -319,7 +319,7 @@

Securing JSON-LD VCs with COSE

with COSE.

[[rfc9052]] MAY be used to secure this media type.

-

When using this approach, the type (TBD) MUST be +

When using this approach, the type (TBD) SHOULD be vc+ld+json+cose

@@ -327,7 +327,7 @@

Securing JSON-LD VCs with COSE

regarding progress towards explicit typing for COSE.

When using this approach, the content type (3) - MUST be application/vc+ld+json

+ SHOULD be application/vc+ld+json

See Common COSE Header Parameters for additional details. From 6a821e1795c9caa792dbb47821a50d28769a9ee6 Mon Sep 17 00:00:00 2001 From: Orie Steele Date: Tue, 5 Sep 2023 14:58:10 -0500 Subject: [PATCH 2/5] Add guidance on why SHOULD over MUST for typ --- index.html | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/index.html b/index.html index e4da81dc..f3481d7d 100644 --- a/index.html +++ b/index.html @@ -204,6 +204,15 @@

Securing the VC Data Model

transformation, while at the same time supporting registered claims that are understood in the context of JOSE and COSE.

+

+ It is RECOMMENDED using media types to distinguish verifiable credentials, + and verifiable presentations from other kinds of secured JSON or CBOR. +

+

+ If a more specific media type is available, it SHOULD be used over the generic media types. + For example, instead of using application/sd-jwt, use application/vc+ld+json+sd-jwt, + unless there is a more specific media type that can be used to better identify the secured envelope format. +

With JOSE

From 973b50060d9e4b6266c13ff4267ae612696445ee Mon Sep 17 00:00:00 2001 From: Orie Steele Date: Wed, 6 Sep 2023 13:07:40 -0500 Subject: [PATCH 3/5] Update index.html Co-authored-by: Ted Thibodeau Jr --- index.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/index.html b/index.html index f3481d7d..e222600e 100644 --- a/index.html +++ b/index.html @@ -205,8 +205,8 @@

Securing the VC Data Model

claims that are understood in the context of JOSE and COSE.

- It is RECOMMENDED using media types to distinguish verifiable credentials, - and verifiable presentations from other kinds of secured JSON or CBOR. + It is RECOMMENDED that media types be used to distinguish verifiable credentials + and verifiable presentations from other kinds of secured JSON or CBOR.

If a more specific media type is available, it SHOULD be used over the generic media types. From 2c56d85cfae9e2278973d62352644bce210ecffc Mon Sep 17 00:00:00 2001 From: Orie Steele Date: Wed, 6 Sep 2023 13:07:51 -0500 Subject: [PATCH 4/5] Update index.html Co-authored-by: Ted Thibodeau Jr --- index.html | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/index.html b/index.html index e222600e..defa8e0f 100644 --- a/index.html +++ b/index.html @@ -209,9 +209,11 @@

Securing the VC Data Model

and verifiable presentations from other kinds of secured JSON or CBOR.

- If a more specific media type is available, it SHOULD be used over the generic media types. - For example, instead of using application/sd-jwt, use application/vc+ld+json+sd-jwt, - unless there is a more specific media type that can be used to better identify the secured envelope format. + The most specific media type (or subtype) available SHOULD be used, instead of + more generic media types (or supertypes). For example, rather than the general + application/sd-jwt, application/vc+ld+json+sd-jwt + ought to be used, unless there is a more specific media type that would even + better identify the secured envelope format.

With JOSE

From cab349dae5932c37951c26f1fc6c2a4074112eb8 Mon Sep 17 00:00:00 2001 From: Orie Steele Date: Thu, 7 Sep 2023 19:04:53 -0500 Subject: [PATCH 5/5] Update index.html Co-authored-by: Kristina <52878547+Sakurann@users.noreply.github.com> --- index.html | 3 +++ 1 file changed, 3 insertions(+) diff --git a/index.html b/index.html index defa8e0f..bc13df6b 100644 --- a/index.html +++ b/index.html @@ -215,6 +215,9 @@

Securing the VC Data Model

ought to be used, unless there is a more specific media type that would even better identify the secured envelope format.

+

+ If implementations do not know which media type to use, media types defined in this specification MUST be used. +

With JOSE