In (the just published) draft 06 of JSON Web Proof, an addition was made
calling out fully detached payloads, similar to detached content in JWS [1] .
This allows for an application to remove all payloads from a serialized form,
with the idea that the application provides instructions for a recipient to
reconstruct the ordered set of payloads.
One additional option which was discussed was the possibility of partially
detached payloads. In this case, a subset of the payloads could be omitted,
while others are still included within the JWP.
In addition to increased implementation complexity, this carries with it the
risk that a recipient (such as a verifier of a presentation) will not have
obvious differentiation between a payload which has been redacted, and one that
it is expected to be provided as part of application-specific logic.
As troubleshooting of cryptographic verification is already a significant
challenge, I wanted to get feedback from this group - would partial detachment
be something you would have a use case for that would justify specifying
behavior here? Alternatively, does it seem like something we should actively
discourage?
-DW
[1]:
https://www.ietf.org/archive/id/draft-ietf-jose-json-web-proof-06.html#name-detached-payloads
_______________________________________________
jose mailing list -- [email protected]
To unsubscribe send an email to [email protected]
