A question for people building Verified Credentials and more recently the EU
Digital Wallet is: why should we abandon JSON? To solve what problem?
With the combination of
- Deterministically Encoded CBOR
- OO-based decoder/encoder designs (CBOR encapsulation is the s***)
- Enveloped Signatures
they get something that blow the socks off JWTs (and CWTs).
Current: signature container embedding ("shrouding") an object
Future: object holding a signature element
The latter permits the creation of a *Universal Object Concept* where a
top-level tag contains the object's type. This also nullifies the need for
specific media types; application/cbor suffice.
This may very well be "Greek" for most experts in cryptography, but there are
(AFAICT...), no conflicts between these seemingly different paths!
Who could have imagined that a 25Y+ old idea would make a comeback? Don't
worry, this is just for starters, for payments I'm pushing the 30Y(!) old EMV
concept [1] as an alternative to OAuth2 [2]! 😆
Regards,
Anders
1]
https://github.com/eu-digital-identity-wallet/eudi-doc-architecture-and-reference-framework/issues/388
2] Since Merchants are neither OAuth clients, Resource owners, nor Relying
parties, the EU/SPRIND/OIDF folks are (AFAICT unsuccessfully), trying to put a
square peg in a round hole.
_______________________________________________
COSE mailing list -- [email protected]
To unsubscribe send an email to [email protected]
