Orie Steele <[email protected]> wrote: > https://github.com/w3c/vc-jose-cose/pull/123#pullrequestreview-1537381740 > Summarizing for folks who won't read the above link.
Yeah, that discussion seems allover the place :-(
> The include:
> https://github.com/w3c/did-core - requests `did+ld+json`.
> https://github.com/w3c/vc-data-model - requests `vc+ld+json`.
> Also a quick note that the W3C Tag has an open issues related to this
> topic: https://github.com/w3ctag/design-principles/issues/239
> The problem we are having is that it is not clear how multiple suffixes
> apply to envelope formats, like JOSE and COSE.
Agreed.
> For example:
> Should it be `application/vc+ld+json+jwt` or `application/vc+ld+jwt`
> (because JWT always secures a JSON claimset and a JSON header).
I'm not even sure I know what the "+ld" part is supposed to imply or permit.
Are there VCs which are *NOT* LD, but are also still JSON (JOSE)?
> Similar question for COSE, should it be `application/vc+ld+json+cose` ?
Typo for vc+ld+cbor+cose? What would the LD mean here?
To me, there are two things that the media types need to convey.
a) to some tool looking at content from the outside. Debugger, wireshark,
(including humans pasting stuff at each other through chat during an
online interop session).
Do I know how to decode this stuff in a useful way?
For +gz (and a few others) there is a very strong utility here.
The computer can decompress the content easily, and the human (looking a
hex-dump or equivalent) can *NOT*.
{I used to be able to read 6502 machine code in hex, and I know people who
still can, but I can't decompress anything in my head}
That +jwt is useful because it means that the human being aided by a
competent debugger can easily see which parts are the signature, and which
parts are the different headers, payloads, and which need to have their
base64url encoding removed and reparse. I don't see any other use.
b) Accept: headers tell the responder what kinds of things the requester is
willing to accept. Again here, the +gz is very easy to add and cope with
at a generic level.
The +jwt isn't: you either know you are signing the VC, or you don't know
what a VC is.
Again, I don't what information "+ld" is conveying. That's probably on me
though.
Regardless, ANIMA is having similar difficulties as we could easily build
multiple + into our media-types, and our documents are basically all in WGLC
(because of circular dependancies), and this topic is holding us up.
We'd sure like media-man to make some progress.
There might not be time or the right constituency at IETF117 to do this, so
maybe a virtual interim and/or wide-ranging design team meeting is in order.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | IoT architect [
] [email protected] http://www.sandelman.ca/ | ruby on rails [
--
Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
