Add normative requirements regarding media type and proof

[OR13]

This PR adds normative requirements that connect the concept of the application/credential+ld+json to the concept of embedded and external proof.

---

Preview | Diff

[OR13]

@msporny there is some odd lint fencing around these references...

For example:

• https://github.com/w3c/vc-data-model/blob/main/index.html#L1719
• https://github.com/w3c/vc-data-model/blob/main/index.html#L1722

... not sure how best to leverage respec, but I figured it would be good to start simple, and try to rely on the existing definitions.

[msporny]

@msporny there is some odd lint fencing around these references...

Yes, we can remove the lint fencing now... I think I had to do it when we were doing FPWD and moving VC-JWT out of the spec (we ended up losing all references to the "external proof" definition). I expected that would be temporary, so left the dfn in, but quieted the respec errors. Now that you're referencing external proof again (I think?), you can get rid of the lint-ignore class for the terms you need to reference. It would be appropriate to do it in this PR. If you unset lint-ignore on the wrong dfn, respec will complain.

... not sure how best to leverage respec, but I figured it would be good to start simple, and try to rely on the existing definitions.

+1 to that approach.

[iherman]

The issue was discussed in a meeting on 2023-01-25

• no resolutions were taken

View the transcript

4.5. Add normative requirements regarding media type and proof (pr vc-data-model#1014)

See github pull request vc-data-model#1014.

Manu Sporny: normative requirements for media type and proof, follow on to PR from last week.
… media type "must not be used with embedded proof" is the discussion, as well as general media type discussion.
… please weigh in.

Orie Steele: believe that intention has been made clear in comments, good exchange on intention of PR.
… if you feel intention is not clear, let's clarify that, then we can discuss and clarify text that reflects that intention.

Manu Sporny: moving on to data integrity PRs.

[msporny]

I'm trying to figure out if we agree on this PR or not. There seems to be some kind of inversion of "what is a subset of what?" going on here... and I can see both mental models. We'd have to align on those mental models to make sure we're not talking past each other in order to merge this PR.

At present, I think what I'm reading in the commentary is:

• application/credential+ld+json either 1) MUST NOT express an embedded proof (@OR13's position), or 2) MAY express an embedded proof (@dlongley and @TallTed's position). I'm still on the fence about it... trying to think through the harm created if we don't care if it does or not and if it really is equivalent to alg=none.
• application/verifiable-credential+ld+json MUST express at least one embedded proof.
• We don't need an application/verifiable-credential+ld+json media type.

[OR13]

Consider that some folks will protect the media type by itself... And ignore any potential embedded proof when signed by JOSE or COSE....

I don't think we can assume that folks will care about data integrity proofs when using the media type application/credential+ld+json

Perhaps folks are required to care about data integrity proofs for application/verifiable-credential+ld+json

The goal is to communicate requirements clearly and unambiguously.

If the proof is present, ignoring it is either safe, or unsafe, for each media type.

If proof can be present in application/credential+ld+json it must be safe to ignore.

[dlongley]

@OR13,

If proof can be present in application/credential+ld+json it must be safe to ignore.

I think that's fine but the "it must be safe to ignore" part should be defined in specific applications or in appropriate specs that use the media type, not in the media type itself.

[dlongley]

I think the only way you can say something is "safe" regarding media types is if you trust the party that is sending you the payload that is tagged with that media type. There's no amount of "you can just trust this because someone tagged it with foo" that will ever be "safe". I don't think the media type is really the right place to say that, but if there's some language someone really wants to add to the media type about that, I don't think it's worth blocking -- just strange, IMO.

[iherman]

The issue was discussed in a meeting on 2023-02-01

• no resolutions were taken

View the transcript

3.3. Add normative requirements regarding media type and proof (pr vc-data-model#1014)

See github pull request vc-data-model#1014.

Manu Sporny: PR 1014 about media types. We're trying to figure out details regarding the media types, how many we're going to have, etc. This PR is about a very specific media type, and about whether you can include a proof in it, if it can be ignored, etc. Please jump in if you have opinions on media types..

[mprorock]

Perhaps folks are required to care about data integrity proofs for application/verifiable-credential+ld+json

This seems like the right approach to me, or something like application/credential+ld+json+data-integrity to clearly signify that there is an expected proof type conforming with the data integrity side of things, and registration of that could occur in the data integrity spec

We want to prevent confusion, not introduce more

[mprorock]

approved, with a slight preference to adjust language to the following:
This media type MUST NOT be used to describe a verifiable credential with an <dfn>embedded proof</dfn>.

[OR13]

@mprorock I would be happy to take that suggestion, if it is in a mergable format.

[OR13]

Not all credentials are verifiable credentials, but all verifiable credentials are credentials.

Why do you hate equal sides? :)

"In first-order logic with equality, the axiom of extensionality states that two sets which contain the same elements are the same set."

Is proof a member of either set ?

[msporny]

Is proof a member of either set ?

I'll note that proof does not always have to carry a Data Integrity Proof in it... someone could invent some totally different proof'ing mechanism in the future that has nothing to do with Data Integrity... and they might put that property in proof or in something else like betterProof.

I've been presuming that this has been in everyone's mental model so far, but just speaking it out loud in case that it wasn't. Just because you're using an external proof doesn't mean it's always going to be a JWT... and just because you're using an embedded proof doesn't mean it's always going to be a Data Integrity Proof.

Given the current v2.0 work and this PR, I believe the answer to @OR13's question boil down to what's below:

Option P1: If the VCWG decides that they DO want an application/verifiable-credential+SOMETHING media type to express a credential that contains an embedded proof, then proof MUST be a member of the application/verifiable-credential+SOMETHING set.

Option P2: If the VCWG decides that they DO NOT want an application/verifiable-credential+SOMETHING media type to express a credential that contains an embedded proof, then proof MAY be a member of the application/credential+SOMETHING set.

Option P3: If the VCWG decides that they DO want an application/verifiable-credential+SOMETHING media type AND a application/credential+SOMETHING one as well, then proof MAY be a member of the application/credential+SOMETHING set and it MUST be a member of the application/verifiable-credential+SOMETHING media type if doing an embedded proof.

... and in all cases, we should expect a subset of the ecosystem to get the media type wrong and have backup processing rules that ensure that proof checking, when necessary, does the right thing (and is resilient when the media type is wrong).

If there is no desire to register a media type for data integrity, and no requirement for proof in media types requested by this working group, I am happy to rework this PR to capture what is written above.

I don't think there is a desire to register a media type for data integrity at this point in time. It's an embedded proof format and is expected to ride along w/ existing media types without needing entirely new additions to the IANA media type tree.

We /might/ decide to register a media type suffix for it after a few years of implementation experience to see if people would find the media type suffix useful... but again, we expect that sort of thing to cause more problems (media type proliferation) than actually result in more secure systems. IOW, DI doesn't really need anything beyond application/credential+ld+json and (optionally) application/verifiable-credential+ld+json.

[OR13]

I don't think there is a desire to register a media type for data integrity at this point in time. It's an embedded proof format and is expected to ride along w/ existing media types without needing entirely new additions to the IANA media type tree.

We /might/ decide to register a media type suffix for it after a few years of implementation experience to see if people would find the media type useful...

IOW, DI doesn't really need anything beyond application/credential+ld+json and (optionally) application/verifiable-credential+ld+json.

I agree with this.

Thank for the options breakdown.

P1 & P2 seems less desirable after considering @dlongley 's points.

P3 directly contradicts what he has been saying.

Your proposals really boils down to the question "Does SOMETHING tell you about the required presence of proof".

Based on the current spec and @dlongley 's argument, which I am coming round too... I don't think it does.

I think proof remains optional in all cases, regardless of what SOMETHING is... optional means "allowed" but "not required".

I am going to restate your P3 so its easier to compare to my P4:

proof MUST be a member of application/verifiable-credential+SOMETHING.
proof MAY be a member of application/credential+SOMETHING

Compared to P4:

proof MAY be a member of application/verifiable-credential+SOMETHING.
proof MAY be a member of application/credential+SOMETHING

This reveals a contradiction with external proofs.

proof MUST be a member of application/vc+jwt.
proof MUST be a member of application/vc+ld+jwt.

^ this seems not desirable.

If we wanted to communicate that an embedded proof was required in a media type, we should follow the convention established by media type suffix, and define a suffix that communicates the required presence of proof.

It is true that proof might show up in other JSON objects, so we should be clear to distinguish them from data integrity proof protected objects with an appropriately specific suffix.

Another consideration is the layering of media types.

ld+json builds on json.

verifiable-credential+ld+json builds on credential+ld+json which builds on ld+json which builds on json.

To me, this implies the following:

verifiable-credential+data-integrity builds on credential+ld+json.

Perhaps verifiable-credential+data-integrity requires proof and verifiable-credential+SOMETHING does not.

Stated as P5:

proof MUST be a member of application/verifiable-credential+data-integrity.
(optional external proof, required embedded proof )

proof MAY be a member of application/verifiable-credential+jwt.
(required external proof, optional embedded proof)

Note this line from the spec:

https://w3c.github.io/vc-data-model/#proofs-signatures

P5 captures this requirement by explicitly acknowledging that a document with an embedded proof MAY be secured with an additional external proof.

Stated in terms of JSON Web Token Protected Header:

// one or more proof use case, external proof mandatory, embedded proof optional.
{
  "typ": "verifiable-credential+ld+jwt", 
  "cty": "verifiable-credential+data-integrity", // `proof` required.
  // OR 
  "cty": "credential+ld+json" // `proof` allowed but not required.
}

[TallTed]

@OR13 --

Another consideration is the layering of media types.
...
verifiable-credential+ld+json builds on credential+ld+json which builds on ld+json which builds on json.

Incorrect.

verifiable-credential+ld+json builds on ld+json which builds on json.
and
credential+ld+json builds on ld+json which builds on json.

verifiable-credential+ld+json and credential+ld+json are at the same level of media type. Neither builds upon the other.

If it were in play, verifiable+credential+ld+json would build on credential+ld+json which builds on ld+json which builds on json, but verifiable+credential+ld+json has not been discussed nor even mentioned in most of the several variable and confusing issues and PRs discussing media types.

---

verifiable-credential+data-integrity builds on credential+ld+json.

Not according to the rules of media types.

Also, application/data-integrity doesn't exist, so application/verifiable-credential+data-integrity is entirely invalid.

[OR13]

credential+ld+json also does not exist and multiple suffixes is not yet an RFC.

Your argument that verifiable-credential does not build on credential is interesting, not sure I disagree.

Since neither is defined formally yet, this would seem to be up to the working group.

[TallTed]

As a media type, verifiable-credential+... (with a hyphen) does not build on credential+..., though verifiable+credential+... (with a plus) does.

This is not a question of how the WG defines anything.

It's a question of the way that IANA-registered media types work.

We've been discussing application/credential+ld+json for some time, and we produced the RFC which should enable generalized use of multiple suffixes in the relatively near future.

I am not aware of any discussion of application/data-integrity which could inform further discussion of that as a (flawed? perfect? totally broken?) media type.

[Sakurann]

strongly agree with the this comment.

In addition... Usual rules for JWT processing would be ignore claims you do not understand. I do not believe it is safe for the same rule to apply to a proof JWT claim. For example, if a JWT is secured using a proof property, but the system does not understand it and ignores it and decides to accept the credential - would not be a good idea.

[jandrieu]

From the F2F today, it appeared to me that we are fundamentally talking about a single underlying data object with several different integrity mechanisms. That feels like the same media-type with parameters.

application/credential+ld+json; proof=none
application/credential+ld+json; proof=jwt
application/credential+ld+json; proof=cwt
application/credential+ld+json; proof=ld

All of these things represent that same underlying type of object: a credential as defined to be verifiable per VCDM.

This is in contrast to media types that vary

application/credential+ld+json
application/verifiable-credential+ld+json
application/credential-claim-set-1.1+jwt
application/vc-ld-jwt

Seeing these different mediatypes, no one would have any reason to know they are representing the same underlying object type.

Parameters seem like the right option.

[selfissued]

Embedded proofs and external proofs are syntactically different. One possibility is for us to add guidance to the use of objects identified with the application/credential+ld+json content type differentiating between these cases. For instance, we could say that, if used with an external proof, the JSON object SHOULD NOT also contain an internal proof, and that, if used with embedded proofs, the object MAY contain member(s) representing the embedded proof(s).

[andresuribe87]

I would slightly tweak what @jandrieu suggested in #1014 (comment)

Given that

The mission of the Verifiable Credentials Working Group is to make expressing, exchanging, and verifying credentials easier and more secure on the web", then I believe we should only register a media type for verifiable credentials, instead of credentials.

Then I propose to only register the following

application/vc+ld+json;proof={ld,jwt,cwt}

Additionally, the VCDM focuses on VCs throughout the spec (in contrast to only credentials). So I think a more consistent approach is to stick to VCs only.

[OR13]

Example of friends discussing if media type parameters are a good idea.

https://github.com/ietf-scitt/draft-birkholz-scitt-architecture/pull/44/files#r1105975998

[paulfdietrich]

From a newcomer's perspective, I want to see a single media type that conveys a document that meets this specification (and no more or no less). That is something like "w3c-vc+..." or "w3c-vc-2.0+..." and make it clear that it describes a document conformant with this specification (as I read it does not need to contain a proof but may contain one).

I've no strong preference on adding other media types that further restrict the data model to contain or not contain the proof but I realize that this can make things easier or harder.

[iherman]

The issue was discussed in a meeting on 2023-02-14

• no resolutions were taken

View the transcript

2. Content Types.

See github pull request vc-data-model#1014.

See github pull request vc-jwt#51.

Ivan Herman: slides starting at: https://docs.google.com/presentation/d/128DHWSzVxPgAhB0mq-h23_iATnbVeA4Y-JhNLjpcXJE/edit#slide=id.g1f24e2c0aad_14_271.

Orie Steele: We're going to be talking about content types and media types..
… Why do people say media type, conent type? Go read the links about what they are. Browsers care about this concept. It's a fundamental component of web architecture, conent type from web server. APIs protocols refer to these types, accept header, server will try to satisfy content types, lots of background here..
… Mozilla warning, browsers use the media type, not the file extension, to determine how to process the URL. If this is not correctly configured, browsers will misinterpret, files may be mishandled..
… We should be cautious to heed these warnings....
… Where are media types registered? Look at previous examples, excellent IETF mailing list for every type of media types..
… You can learn a lot from those registrations..

Ted Thibodeau Jr.: Mozilla documentation errs. It refers to "MIME types" (I fixed this on the slide), and it should say browsers *primarily* use the media type, *supplemented by* the file extension, to determine how to process the URL..

Orie Steele: They typically register because they want to distinguish content... there is a registry, it has useful entries, large number of existing registry entries..
… As a technical recommendation, you can register -- in W3C you can see IANA considerations, that's where you register stuff (initiate the registration of stuff).
… A few that you might be familiar with... application/did+ld+json ... application/credential+ld+json ... usually, you only see one plus, suffixes that come at the end, an RFC making its way through IETF that talks about how to interpret pluses (suffixes)..

Brian Campbell: there's also the Structured Syntax Suffixes registry.

Kristina Yasuda: time to register +ld.

Orie Steele: media types / content types -- looking at a few specifications, you should read them... in JSON Web Signatures, content type header parameter, in JWS, header and payload, one of the header parameters can be content type... secure CSV or JSON... declare cty using media type..
… oauth2 -- http endpoint using application/json -- might want to declare content type... might want to define HTTP.
… JSON-LD Link Header, application/ld+json media type... specifying that media type has all context information and normative requirement for the document, constraining document in some way, normatively..
… One of the useful things about media types and content types and describe constraints... naming can be hard..
… media types are a good way of describing content and attributing content w/o getting tied up....

Michael Jones: I'm excited about application/json because it does a lot of heavy lifting every day..

Orie Steele: one of the other places you see media types show up is in APis... developers and consumers tend to think more about APIs... APIs are a great place to see real value wrt. media types and content types..
… The swagger spec uses OAS now, rename was useful. Once you pick API shape, one endpoint HTTP endpoint, query parameters, required header parameters, post body arguments, you can define all of that with OAS 3. Valid response types... maybe endpoint returns JSON, maybe XML, maybe CSV, maybe you can ask... when you build an API, thinking about that is important... what will people request, what will they consume -- media types help here..
… Returning different content types for same resource can be helpful..
… Media tpe parameter is extra piece of information that can accompany a media type, text/html and charset is a parameter... utf-8 is a parameter..
… This is starting to get complicated... mozilla, content type... video/webm;codecs=vp8.0, browser API, inerested in video, concerned about video being processed consistently. Made use of the parameter, browsers can implement interfaces, implement different conent types, can manage complexity here -- nice text string to process can be valuable..
… application/credential+ld+json -- here's where the debate starts... is proof allowed? We haven't registered this yet, it's proposal at present..
… We could change the proposal at any point..

Mahmoud Alkhraishi: What's the timeline on te proposal?.

Orie Steele: This is in VC Data Model 2.0 -- has to go to CR first, that's timeline. It's up to us when it goes somewhere....

Ivan Herman: Formally speaking, W3C sends the request for media type when document is in CR, not before, right now nobody knows about this media type and won't know until we get to CR... if I'm still staff contact, this is the official process, I send it..

Michael Prorock: +1.

Brian Campbell: +1 can and does happen.

Michael Jones: One thing to add, it's good to send this when we're at CR because we can still make changes if IANA says we did something wrong. What we would be asking for at CR is a provisional recommendation, it does appear and it appears as "temporary"... once we have a REC, at that point we send another request to IANA to update registration from provisional to permanent..

Ivan Herman: +1 to Mike.

Ivan Herman: +1 to TallTed.

Michael Prorock: +1 ted.

Ted Thibodeau Jr.: One more wrinkle, because it has two plus signs at the right hand side, there is an RFC that is going through IETF, but indeterminate future, if it gets accepted then this media type is accepted, otherwise it gets rejected.
… then we'll have to figure that out at that point..

Samuel Smith: could't we use a specific parameter to provide the extra information that a double plus content type provides without having to wait for RFC to allow double pluses?.

Manu Sporny: rfc for multiple pluses is in good shape and getting ready for last call.

Shigeya Suzuki: FYI: https://datatracker.ietf.org/doc/draft-ietf-mediaman-suffixes/.

Orie Steele: Here we have our request, one of the questions that we've been asking is whether proof is a valid/expected member of this content type..
… What are the constraints, how can this be processed consistently, we want to be clear -- it's definitely alowed, or definitely disalloewd..
… There are content types where you might be more comfortable with membership being more optional, or where you might not be more comfortable. This PR was originally was very neutral, it didn't describe any constraints in our specification and we want to register a content type for it. We could say that proof is required, or we could say that proof is forbidden, what about "Verifiable Credential"? What will developers expect, what will browsers expect, what will people hat write government policy read this section for this particular type, will they agree with the normative statements or will they be frustrated?.
… We'll have to find consensus on these points, if you want to provide input, read #1014 -- it's long, it's getting longer, but the change set is not that large, just the threads can get long..
… This is a conversation about v2.0 and beyond, but there ar other pieces where we will talk abou tthe past. Talking about v1.1 vs. v2.0.

Samuel Smith: A problem with "proof" is that in general cryptographically proofs cannot be embedded in the thing being proven. So a a multi-part structure like a JWT makes explicit what is being proven. An embedding trick where the proof value is empty and then the proof is substitued later and stripped to validate fails when there is more thatn one proof..

Orie Steele: on to application/credential-claims-set-1.1+json ... maybe we want .v1+json -- those are questions, this one is requested to be registered in a different technical recommendation in our group..

Andres Uribe: +1.

Orie Steele: I'm referring to the credential-claims-set-1.1, the interesting piece is "claims-set" == in example you can see members of a payload, there's sub, jti, iat, exp, nonce -- all of those are registered claim names.... the one important to us is 'vc'.

Brian Campbell: see https://www.iana.org/assignments/jwt/jwt.xhtml.

Michael Jones: JWT Claims Set is defined by the JWT specification RFC 7519.

Michael Jones: The JWT Claims Registry is at https://www.iana.org/assignments/jwt/jwt.xhtml.

Orie Steele: For different registry than media types, for JOSE -- JSON Web Tokens Claims registry. VC, the member of this payload, has a structure that looks like a credential, ignoring proof for a second, it looks like JSON-LD... the claim set in vc, has the same sort of thing..
… In v1.1, the vc member has to have an @context, that's what v1.1 says -- if you look at implementations, they will have a VC member, VC member, @context is required, that's what v1.1 says..

Michael Jones: Some background, this term claims set is defined by the JWT specification, RFC7519 and it's just a name for the JSON that is the body of a JSON Web Token, it's a JSON object with a bunch of claim names as the field names, so iss, typ, jti, those are the claims set claims..

Kristina Yasuda: JWT Claims Set: A JSON object that contains the claims conveyed by the JWT..

Michael Prorock: There are some benefits for how claims sets are registered in -- JSON tends to get verbose, standardized way to say "these are things we say all the times"....

Orie Steele: Thanks for the point about the shortness, there is text that says "We like short names for payload/header" ... but why, it could be that being more verbose would be more semantically unambigouous..

Michael Jones: The reason why, JWTs can be used in browser query strings, for various reasons, there are still browser URL length restrictions that are small... 2k, 4k, 8k... It was fixed IE at one point, it's bigger than it used to be, you have systems truncating content..

Orie Steele: To make the token format, you can make a string encoding on top of another string encoding.

Michael Jones: By a factor of 33% larger.

Orie Steele: If these names get longer, those other names get longer, that's part of the design here. Part of the content type for the token themselves. After the break, we can see full token, token itself can be response from server, token can be encoded response..

Samuel Smith: For JSON Web Token, this would be the payload, adn then tunnelled within payload could have, content type, vc property could be JSON-LD formatted VC with proof included if proof is part of VC spec..
… What you're proposing is using contnet type to indicate that you're tunnelling something else inside claim set?.

Orie Steele: This particular registration request is also in VC-JWT today, to describe what we did in v1.1. We are working on v2.0, but we want to be able to refer to that object in v1.1 that concretely matches, shorer arguments about what we're doing in the future..
… Make it clear what our intenions are and what they should be in the future... VC format has external proof, you're only looking at payload, but there is a header/signature component..

Samuel Smith: This one is saying proof is externally attached..

Orie Steele: Yes...
… There is something in v1.1 that states presense of proof... it warns that that could be confusing... if proof is embedded inside a member of a thing that has an external proof..

Mahmoud Alkhraishi: https://w3c.github.io/vc-jwt/#jwt-encoding paragraph 2.

Kristina Yasuda: found the statement, if JWS is present, digital signature applies to issuer... or VP ... is a holder..:

If a JWS is present, the digital signature refers either to the issuer of the verifiable credential, or in the case of a verifiable presentation, to the holder of the verifiable credential. The JWS proves that the iss of the JWT signed the contained JWT payload and therefore, the proof property can be omitted.
If no JWS is present, a proof property MUST be provided..

Mahmoud Alkhraishi: https://w3c.github.io/vc-jwt/#jwt-encoding paragraph 3.

Orie Steele: It says "can be omitted", doesn't say "MUST" be omitted. What we would interpret that as is proof is optional..

Michael Prorock: +1 one of the many issues in 1.1.

Kristina Yasuda: This has caused a lot of confusion, to clarify vc claim does not contain entire VC, it only contains properties defined in VC Data Model that didn't have mapping into original JWT claims, but VC only should contain stuff about credential subject..

Orie Steele: At this point, we should read definition of credential and verifiable credential..

Joe Andrieu: I don't know if this is substantive, is type after @context, are they scoped by VC?.

Dave Longley: i wrote some examples of the difference between "instead of/in addition to" that shows the claim set with "vc" here: w3c/vc-jose-cose#42 (comment).

Kristina Yasuda: " a proof not based on digital signatures, such as Proof of Work" wow.

Michael Prorock: yeah. some things that really need professional improvements in 2.0.

Oliver Terbu: More background information, proof, why it can be omitted, to use it to express proofs other than what you can express w/ JWTs... you'd have VC JWT with proof with DI proof... those are things that are not great. Discussion over last few years, JWT claims repeated... instead of vs. in addition to -- intention was to focus on small size footprint ... use JWTs in query strings, that's why we decided to do that stuff..

Kristina Yasuda: > credential A set of one or more claims made by an issuer. A verifiable credential is a tamper-evident credential that has authorship that can be cryptographically verified. Verifiable credentials can be used to build verifiable presentations, which can also be cryptographically verified. The claims in a credential can be about different subjects..

Orie Steele: This is probematic language in v1.1, definition of credential and verifiable credential uncomfortable and confusing to readers..

Brent Zundel: A credential is a set of one or more claims made by an issuer. A verifiable credential is (reads from spec)....

Kristina Yasuda: can we please remove "authorship" from definition? it's weird...

Michael Prorock: i want to find the time to do a verbiage / editorial pass soo soo badly.

Kristina Yasuda: can we not user vc anymore in a vc-jwt....

Kristina Yasuda: in v2 i mean.

Orie Steele: What I heard Kristina to say is: This isn't verifiable, but we use verifiable name for it... there is no cryptographic authorship, this is secured with an external proof, maybe this should be called credential because it has no proof, or call it creential cause it has an external proof, but confusing ....

Oliver Terbu: +1 kristina.

Ted Thibodeau Jr.: Awareness note: VCWG folks may want to pay special attention to recording and/or minutes of today's CCG meeting, Noon-1pm ET, focused on SB786 — CA Vital Records in Verifiable Credentials — https://www.w3.org/events/meetings/80a1023e-569b-4714-8fab-d1b84f2c3478/20230214T120000..

Kristina Yasuda: (continue after break...).

Orie Steele: how many media types do we have defined right now? ... 0 in v1.1, 1 currently in the proposal.
… 1 defined so far. credential+ld+json ... see slide from earlier. if we add new media types to the core data model we want to secure them. we need to describe how we do that..
… have split out the 2 proof formats defined in 1.1. data integrity and vc jwt securing were defined in the same doc. in the current draft they're in separate documents.
… pull request debate in 1014 talking about this. been talking about vc data integrity a lot. thread is about whether "proof" is a legal/allowed/required value for ld+proof+json.
… underway in describing the relationship between the two. vc-jwt has a PR open. data integrity does not have a PR yet..
… secured by data integrity, has the content type 'riding along with it' - different approaches. we are required to describe both cleanly for good impls.

Joe Andrieu: at least a 3rd media type here we should understand as a group. media type we are securing, and two that are the secured version of them. the language here mushes them all together.

Orie Steele: the media type we're securing has the most consensus in the group. vc ld json. pull request 1014 is attempting to describe normative requirements for credential+ld+json. if we can gain consensus we can proceed to securing it. can be easy if the normative requirements are clear on how we do it.

Ted Thibodeau Jr.: #1014.

Orie Steele: new things! talking about v1.1 up until now. and core data model objects (credential). now, switching to talk about other concepts - proposals. pull request recently merged for vc+ld+jwt, but no FPWD for vc-jwt. there is plenty of time to object..
… we talked about cty in the intro to media types. the content type of the payload. there is another - typ - which can be confusing. why do we have two? why cty and typ? typ is about the type of the token (the entire thing) - header, payload, signature.

Michael Jones: typ is what you would put in a browser if you were to transmit.

Orie Steele: cty is about the payload alone, not header or signature.
… if you have typ do you need cty? PR #51 (merged?) is about typ being allowed. the proof property is constrained by the cty. is proof a member of the payload? see PR #1014.

Kristina Yasuda: PR 51 in vc-jwt, not merged yet.

See github pull request vc-jwt#51.

Michael Prorock: a note on cty. referring to payloads is important for business logic processing. seeing this at IETF. #1014 - not whether a proof is allowed in the payload. whether it's allowed with credential+ld+json. or, should we say: if there is a proof embedded in the payload should we use a different cty to describe it, along with a different media type for the browser, etc. not saying whether you can have an embedded proof. just the rules around it..

Orie Steele: that's right. spice from the first slide!.

Ted Thibodeau Jr.: editing others slides. adding the / to the cty, for both cty and typ attrs. these values are shortened because people like to shorten things. specifically to delete "application/" from the beginning. it should be interpreted as if this were present..
… not the standard use of media types. will cause confusion if trying to use them now.

Orie Steele: can someone read the section that describes the removing of the application prefix? TallTed is right..

Kristina Yasuda: See https://www.rfc-editor.org/rfc/rfc7515#section-4.1.9.

David Waite: from RFC 7515 - section 4.1.10. - to keep messages compact, recommend you omit prefix when no other slash appears in the media type value. must treat it as if there application/ were prepended...

Manu Sporny: part that's concerning. can't remember having to think this hard about other media types. general concern: all media types we're considering, how will they work combinatorially? lots to understand and learn. developers will get this wrong..

Ted Thibodeau Jr.: the key question is "what happens if devs get it wrong?".

Manu Sporny: "we will make important decisions around media types" -- slightly misguided. we will do our best for media types. devs will get it wrong, because it's difficult. what do we do then?.
… expecting to get something that's secured. and you don't, or maybe you do -- just checking the media type alone isn't sufficient. need to do other types of testing to see what you got and whether it's what you expect.
… is there a combinatorial matrix? let's figure out a way to make it simple. misguided to say that media types alone will let us know whether something is secured or not.

Orie Steele: the point about "going into the thing to determine whether it's secured or not" is important. one thing dlongley has been saying...can have an intermediary processing a cty that has no ability to verify - just relay. all that it's able to do is to send along a cty. don't make any intermediary responsible for parsing..

Ivan Herman: A warning about the practicalities of media types is in https://mimesniff.spec.whatwg.org/#introduction ....

Orie Steele: what manu_ is saying: be careful writing normative requirements that mandate parsing. envs that cannot dig in won't be able to handle normative requirements. an important part of considering this..

Dave Longley: browser vendors probably won't parse any of these media types in the near future :).

Orie Steele: second part: as a developer. don't like being told I'm going to make mistakes, even if I know that I will make them. here for simplicity as much as we can. remember the warning from browser vendors about handling ctys. browser vendors know that mistakes will be made. they try to warn, we should too.

Dmitri Zagidulin: clarifying question about what mprorock said about #1014: what is the usefulness of embedding an embedded proof json-ld proof in a JWT? what's the benefit of a proofs section inside a jwt.

Dmitri Zagidulin: ok, so that's a great explanation, mprorock. but it does sort of point to the awkwardness of VC-JWT... (that it's a transform).

Michael Prorock: there is a case I can foresee. not advocating for it. with a JWS you are not signing the same thing that you're signing with a data integrity proof. inherently signing two different things. with a JWS what you're signing is what you see (what the system sees at first glance). with a data integrity proof, signing over the semantics of the data in the credential -- signing a transformation, the nquads. different thing.

Ivan Herman: +1 to mprorock.

Dmitri Zagidulin: (n/m, I take back that comment. it's all transforms.).

Michael Prorock: at a top level you can ask "is this data tampered with?" that's the use of JWS - the external signature. what's coming with the proof...let me run URDNA2015 and verify the signature. what that tells you is what is the intention of the semantics tied back to the vocba. was that itself modified? different than just signing the bytes.
… is this possible? is it valuable in certain cases?.

Michael Prorock: +1 kristina.

Kristina Yasuda: 2 things - to manu_: agree we have a job to make it clear to readers which cty to use depending on which direction we want to go. to that extent, the current spec gives us those options already. heard a lot of feedback people want to do different things. codification is useful. maybe could be different than cty and typ..

Dave Longley: +1 to there being value in both signing "the presentation bytes" and in signing "the semantic bytes".

Michael Prorock: 1+ to point out what typ and cty are saying in this example.

Dave Longley: different use cases need one or perhaps even both.

Kristina Yasuda: 2nd point - reacting to mprorock -- made a comment on the PR, explanation makes me thing if we want to sign JWT with an embedded proof it should be a separate media type. could be dangerous security wise.

Samuel Smith: Isn't also a middle ground where the over the wire includes a schema that is additionally validated in addition to the signature. This is a different way o verifying the semantic intent. Not the same and maybe to a different degree but not devoid of samantic verification..

Michael Prorock: yes.

Michael Prorock: +1 selfissued.

Michael Jones: agree with kristina. appreciate what Orie, mprorock and others have advocated. starting to separate and cleanly advocate for things that are separated but distinct. in vc 1.0 spec we had the vcdm representation of content types. now we have a media type for that. also had 1 or more jwt claim sets for vc-jwts. depending on 'in addition to' or 'depends on' option - 2.0 now codifies that. delineation is important. th.

Gabe Cohen: ere will be sets that don't make sense - need to validate one's inputs always, that's always true.

Michael Jones: appreciate how differentiating things that are actually different has enabled us to make progress.

Joe Andrieu: something to be learned/looked at for how gzip is handled on the web. not clean either. media type could be gzip, could be content encoding as gzip. in a future universe would like an integrity type. do not have a way to do that yet. stuck with multiplicity. we also have verifiable presentations. have the same multiplicity there..

Dmitri Zagidulin: (to Joe's point -- I think Orie's earlier point was -- we /could/ specify integrity separately, as a Content Type param).

Joe Andrieu: however things get secured, will need to add it for both VCs and VPs..

Ted Thibodeau Jr.: maybe consider a media type parameter, like Content-Type: application/vc+ld+jwt; integrity="whatever".

Samuel Smith: to Gabe's comment, there can be a way of communicating other steps. not only does the signature need to validate, there needs to be validation against some schema. additional level of validation. can be useful to constrain semantics. need some discussion of how we can convey that.
… can say as a part of normative requirements. need to do validation for semantics/schema.

Ted Thibodeau Jr.: I don't know if multiple parameters are viable....

Dmitri Zagidulin: @SamSmith - we do have that right now, no? with the credentialSchema claim?.

Michael Prorock: I think manu_'s on to something important. here be dragons areas. let's be careful of what we're defining and how. what do we actually mean by typ and cty? what typ is saying -- we are expecting the overall body of the JWT to be a verifiable credential and have LD (as indicated) and expecting a JWT format. what the CTY is saying about the payload -- expecting it to be a credential with LD.

Samuel Smith: @dmitriz But what are the normative rules for applying that credentialSchema claim. And should that be in the header metadata?.

Michael Prorock: this has been of the reasons I've been stubborn about 'when we start adding additional modifiers ...' many CVEs around this. openSSL had a typ confusion thing because x509 has badly handled this stuff. we should learn. even if it prevents us from doing some stuff. let's be explicit when there's a divergence..
… put out a couple of suggestions if this cty has an embedded proof...if we have that, let's indicate the payload has something special about it. it has been extended out and has an additional capability called 'proof' - today URDNA, tomorrow who knows.

Orie Steele: dmitriz asked the use case for proof being in claim set. mprorock answered, but want to repeat processing comment. can think of it as tunneling. I'm tunneling my embedded proof through the cty header..

Dmitri Zagidulin: @SamSmith - re that second question -- I think the content-type/media-type question is at a different layer than the schema. content type is at the browser or routing layer. and once it's correctly routed and parsed, then the schema kicks in.

Orie Steele: e.g. constrained environment. it's a good thing, can forward content with different values for typ and cty. the concept of being allowed to tunnel one security format to another is a thing we see in the wild. should be careful of how that will be interpreted by browsers. allowing for tunneling could be a thing they like or don't - let's make a case for tunneling.

Gabe Cohen: Orie could be relevant to devices that are constrained, don't have libs to process, or just forwarders.

Michael Prorock: +1 orie - valid use case - note that what is indicated if you embed a proof is that there is a higher order of what is signed that the issuer feels is important (in this case signing the semantics).

Orie Steele: can close door to some use cases being affected if we do this.

Dave Longley: tunneling is one of the cases, yes. have left many comments. let's only have as many media types as we need and not any more. always another place to draw a typ boundary. let's make sure the boundaries we draw solve concrete problems. e.g. places that use binary data. does not mean the same concerns will apply to a json format, parsing, or browser parsing.

Ted Thibodeau Jr.: +1 dlongley -- only as many media types as necessary.

Dave Longley: if we have too many media types we can have more problems for ourselves. can lead to vulns. let's have concrete examples of threads/problems we can analyze to see if we can add more media types. then we should add them. let's not jump ahead and add all the types today. can cause problems.

Manu Sporny: +1 to dave. trying to see what type of problems we're solving. yes, specific media types we want in this group. nobody's saying we shouldn't have them if they're paired with a good use case, paired with good security practices. that's good - no objections heard. objection -- let's create media type patterns. we could have 20-30 media types based on these patterns, that's where I get shaky..

Kristina Yasuda: what is "media type pattern"..?.

Manu Sporny: ... typ, yes. cty, yes. let's figure out if we want to add the word 'verifiable' in front of it. what do we want to do with the proof thing? is there anyone objecting to having the typ field (#51)?.

Dave Longley: typ field is recommended best practice these days for JWTs.

Samuel Smith: @dmitriz I agree that schema validation is at a different layer than signature validation (which the content type is conveying) but schema validation is yet at a different layer than claims validation in the sense of semantic inference that URDNA-2015 is validating. that why its a middle ground. We should at least place it precisely in our definitions and not lump schema with somthing that is validating something else..

Manu Sporny: I expect that to happen (typ field). for a content type, that's a separate discussion. is it a subtype of credential? if it isn't there's a can of worms. see PR #1014..
… just about #51 and #1014. let's take other proposals as they come. caveat: let's understand where we're going. let's not end up in a mess with 50+ media types with all sorts of normative language attached. next step: what should we do? make decisions about just 51 and 1014?.

Orie Steele: intention not to make any decisions during the f2f, just to inform.

Brent Zundel: let's make decisions!.

Michael Prorock: awesome question.

Andres Uribe: considerations for using the typ parameter for the media type defined that specifies how the credential is secured? anything that has 'verifiable' should have a typ param that specifies how it's secured. does this avoid the need for cty? as someone who's coming in relatively new. very different when you talk about a verifiable cred vs cred. verifiable = must have a proof whether embedded or external. would clarify a lot for devs.

Orie Steele: parameterization of media types..beginning said 'careful!' yes it's an option, can propose it on any of the open PRs. if we do that we need to describe these parameters in registration requests. less opaque. have to ask questions-is param present? what does it have? think if we can avoid parameterization we should.

Mahmoud Alkhraishi: to understand...the cty saying credential+ld+json indicates to me that the object vc will or will not have a proof (determined on #1014), if not a proof, will know whether the object is signed or not based on the typ?.

Orie Steele: current spec has a section called 'proofs' which says proofs can be embedded or external. one of the most confusing parts - with media types, can have a media type with an external proof. content wouldn't have a proof..

Michael Prorock: all of this discussion is only really in the context of JWTs.

Orie Steele: jwt uses external proofs. the type vc+ld+jwt indicates the presence of an external proof. the cty param credential+ld+json (let's pretend it's verifiable+credential+ld+json), proof would be in the payload. we won't know until we constrain the payload.

Michael Prorock: typ isn't really a thing you can assume exist in other presentation or exchange methods.

Mahmoud Alkhraishi: when I'm processing vc+ld+jwt am I expected to process two signatures?.

Orie Steele: that's the warning!.

Joe Andrieu: advocate for parameter use. have an underlying data model which is being delivered. if we had an integrity type in the header I'd be arguing for using that. the integrity mechanism feels like a parameter to me. if we have two media types they don't have to be related at all. part of the confusion is about tunneling. the idea that you can tunnel is something we should not encourage - have to check different proofs.
… checking multiple = creating problems.

Brent Zundel: what decisions do we want to make here? PR #1014 proposes to say proof is not included, right?.

Orie Steele: yes, dlongley and I had a discussion. he suggested proof is allowed in credential+ld+json. my original intention was to forbid that from being possible..

Dave Longley: that's correct, a verifiable credential is also a credential, it is a subclass of it..

Dave Longley: not to mention that proof may have many different kinds of proofs in it and so on..

Orie Steele: merged that since it was within my original intention. merging intentions into PR does not mean consensus! there is currently no consensus on #1014. most accurately captured by whether the cty can have a proof in it. can make that decision today.

Brent Zundel: also a decision to be made for #51?.

Orie Steele: yes, for #51 we are requesting the registration for typ parameter in vc-jwt. it is JWT specific. #1014 is core data model specific.

Dave Longley: for everyone here: is a square a rectangle? if you have a square, should you be able to say it's also a rectangle so you can give it to a rectangle processor or not?.

Brent Zundel: in addition to those two decisions, what other proposals could/should be on the table for the group for the next 30m?.

Ivan Herman: +1 to dlongley.

Orie Steele: other proposal: application/vc+ld+cwt..

Dave Longley: we get to decide if it makes sense if squares are rectangles in this case :).

Andres Uribe: I would propose adding a media type: application/vc+ld+json;proof={embedded,jwt,cwt}.

Dave Longley: decentralgabe: they already are :) ... we'd have to change the VCDM. ... and it would be very confusing to decide the opposite..

Dmitri Zagidulin: @andres - nice, +1.

Ted Thibodeau Jr.: dlongley -- Squares are a subclass/subtype of rectangles. All squares are rectangles. Many rectangles are not squares. We should be able to declare and/or infer multiple types..

Dave Longley: +1 to TallTed.

Michael Prorock: assumption from devs coming in that you're just living in a JOSE/COSE world. but have two different ways of exchanging info beyond that. if I as an issuer send this, if I believe there's a high degree of value in the embedded proof then I should signal it..
… when we say that cty (payload) and just see credential-json, assumption is not that I need to do additional verification steps. don't want to put us in a position where a developer encounters this and has to do multiple verifications (semantics and bytes modifications).
… want to be very clear about the intentions here. if I see another proof inside it's another bit of bytes that I'm ignoring. the problem is that we've created a situation where that proof means something to someone and something else to someone else -- now we've created confusion.
… this kind of confusion is what we'll get into. get into weird stuff.

Manu Sporny: the other thing at play -- we have two different philosophies. the JWT philosophy, and embedded proof, and they don't make the same decisions. for media types let me propose we only have two media types forever: credential+ld+ and verifiable+credential+ld+.

Kristina Yasuda: i think this is the current situation: https://hackmd.io/Q8EOfbzYTZK_jHH-BJcfKA?view.

Kristina Yasuda: wrt all of the media types proposed.

Manu Sporny: specifically not saying it has "proof" because that's just how we do it today. I'm concerned about us fixating on whether proof is there or not, we should focus on whether there's an embedded proof or not. from the DI side there will not be a +di for a while. we won't make that decision any time soon. will wait for impl feedback..
… from the LD side, just need those two media types: credential+ld+ and verifiable+credential+ld+ -- think dlongley disagrees with me on this and thinks we just need 1. everything else is JWT stuff.
… the two coming in contact is causing confusion.

David Waite: it is a little bit weird. the way things are structured at the JSON level are not how they're processed at the LD level, since being an RDF graph. a lot closer than you think. in my opinion, we've defined multiple proofs only in the context of the proof parameter can we have multiple values.

Dmitri Zagidulin: @SamSmith` - so if I'm understanding correctly what you're saying earlier, you're saying 1) specs should have normative language about the credentialSchema property. (and I think they do, at least for json schema. and if it's not clear, we should fix it). and 2) you'd like to see schema treated at basically the same layer as the Media Type? (to help routing/parsing?) - which I can sort of see the argument for. But then it introduces yet a third.

Dmitri Zagidulin: type-related property, and we already have 2, which is too many :).

David Waite: the semantics of a data integrity proof and a proof inside a JWT are quite different. e.g. protecting someone else's proof with my own (today it is chains). the only interpretation I can think of is that the proofs are independent. if there are multiple, choose between them. any intermediary could remove proofs, and have no way to know that happened.
… if someone gave me the inside of the message w/o the wrapping JWT, what's the interpretation? people may go with the alternative and that's not right. if they are proof chaining, I could trick people to accept a smaller part of the chain. semantics of multiple proofs that haven't been defined.

Joe Andrieu: the parameter still resonates with me. not talking yet about the API used to send a proto-vc (unsigned) to be signed by another component. to me that is credential+ld+json, parameters used to specify the type of proof embedded in the VC, instead of the VC embedded in the proof.

Gabe Cohen: +1 JoeAndrieu.

Kristina Yasuda: reviewing document posted above (https://hackmd.io/Q8EOfbzYTZK_jHH-BJcfKA?view).

Orie Steele: do not have any merges for typ in the core data model just yet.

Kristina Yasuda: Manu's proposal in typ not cty.

Samuel Smith: q.

Michael Jones: we can also provide guidance in the spec on the use of credential+ld data type if used with an external proof--must not also contain an internal proof. whereas; if used within a context with internal proofs it may contain one. that would be OK with me..
… coming at this from how you normally process json. can add a new member and processing won't break. it's fine to write down intended usage. will add this to #1014.

Samuel Smith: q.

Orie Steele: [new slide - 25] Pull #51 in vc-jwt has both vc+ld+cwt and vc+ld+jwt.
… interesting part.. cwt varies on the suffix, the typ does no. the core data model could say that cty has a proof, but securing could say they can't - they can content. we don't want that. noting that typ registration is in vc-jwt, cty usage is defined in vc-jwt, but in the core data model.

Andres Uribe: concrete proposal to make sure there are parameters. not just add credential+ld+json but specify how it is proved, e.g. ?proof=[jwt, cwt, etc.]. similar to what Joe was saying / and adding to Manu was saying.

Joe Andrieu: FWIW, I added a concrete parameter suggestion in the PR #1014 (comment).

Dave Longley: every VC is a C. every square is a rectangle. already have a model where you look at JSON properties - you look at the ones you understand, ignore the ones you don't. also understand whether they care about these proofs/properties. if you don't care - fine - does not mean a sender should explicitly remove it, should not need to explicitly remove it because it's there. providing guidance around processing is fine. sh.

Gabe Cohen: ould not be too prescriptive. can harm legitimate use cases and violate expectations around subclasses.

Ted Thibodeau Jr.: +1 Use Cases -> Requirements -> satisfy those requirements.

Dave Longley: -1 the openssl and x.509 CVEs are not a concrete use case, it does not apply, this is not binary data.

Orie Steele: responding to dlongley. let's surface legitimate use cases. let's make sure use cases are driving our spec development. without these normative statements, we have trouble satisfying. tunneling is a real use case. "type confusion attack" mprorock mentioned. is that a concrete use case for forbidding proof being in the payload?.

Michael Prorock: want to call out. parameterization - have experience around media stream handling. there is a parameterization to be had, maybe not in 2.0 but in future versions of LD. how do we indicate at the header layer what signature am I expecting? same notion of parameterization in cryptography..
… credential+ld+json = what goes in to get signed. verifiable is what comes out. <-- that notion is important to me. rolls back into type inheritance question.
… have a dog and have a tiger. fine to put a leash on a dog, but put a leash on a tiger and you get bit. if we don't have good guidance on things like embedded proofs, how do we know what takes precedence? someone will think they have a whole, but just have a part. need to avoid this..

Samuel Smith: one use case not seen discussed - prevalent in business/legal world: endorsements. have a party create something. other parties lend credibility via endorsements. can have threshold structures for issuance. can also have threshold structures for receiving. should support things that are really prevalent in the business world.
… receipting is a type of stacked proof. missing an important use case by not explicitly dealing with receipts/endorsements as a proof mechanism. have most of the elements needed with what we're talking about.

Manu Sporny: clarification there is no +ld media type. does not exist. it is only ld+json. would need to figure out something....
… there is a media type suffixes discussion. how do you unwrap all that stuff. there is a spec that exists to unwrap it all. can be complex to go that way. if we have crazy permutations and need to read normative statements, we may want to go look at suffixes. we fail if we hit that level of complexity. need to figure out what +ld turns into. maybe just vc+jwt.

Brent Zundel: Dave mentioned squares and rectangles. Let's talk about the accurate labeling of squares and rectangles..
… how bad would it be if credential+ld+json remained how it is (could have a proof, or not). but the typ field one could add specificity. e.g. say you're not allowed to secure the typ with a proof section.

Mahmoud Alkhraishi: had a similar question. if we separate credential+ld+json to state there will be no proof and have vc+ld+json and say there will be a proof, will allow us, when we use the cty field, if the typ field says ld+jwt, can say process the internal signature as well or do not.

Dave Longley: +1 that the processing rules for vc+ld+jwt could say you may not have the proof is fine / or define whatever.

Mahmoud Alkhraishi: can make it very clear when I receive a vc+ld+json I should process a proof. normative requirement would be straightforward. allows us on the JWT side to say I care or don't..
… what are the downsides to this approach?.

Dave Longley: if we're deciding to add a prohibitive statement let's be clear about what problem it's solving with a concrete use case..
… what brent suggested would be a good approach. if proofs are not allowed in this case, throw an err. may not be the best idea, but do not encroach on the media type and do not violate the shape problem.

Dmitri Zagidulin: so did somebody propose media type param approach, for proofs?.

Orie Steele: unbounded number of content types that are relevant to software development. that's why cty is liked. can treat as opaque bytes with a cty that informs the strucutre.
… in scitt if you're talking about a claim (which we call a VC) there would be a helm chart JSON in both places, but without a typ parameter.
… this structure isn't out of nowhere. others are talking about doing this.

Mahmoud Alkhraishi: first here means ctyp second here means right side of the screen.

Orie Steele: dlongley asking for concrete use cases. proof being present in a credential. mprorock has said openSSL type confusion as an example. another place it could be a problem: if the @context returns different content than what it was when the canonicalized proof was created, the outer external proof will verify, the inner won't until the URL in the context change(s/d).
… having both present leads to a behavior with mixed verifiability.

Michael Prorock: two concrete problems: one - what Orie mentioned. second -- crawling and parsing massive amounts of data...what went into models...could be cases where I want to embed different types of proofs. don't want that knowledge to be confused for any of my users. e.g. for web archive, need to maintain the state of the internet at different times. how we begin to do this?.
… work here and at scitt will inform how we do this stuff. only adding when 'absolutely necessary' - what manu_ is getting at. let's not end up with 50+. would be simpler if everything had typ, doesn't though. that's why for scitt switching over cty is important, especially if it contains sec parameters..

Joe Andrieu: there is an unstated presumption that's conflating the signature on a JWT with a signature on a proof. no reason it needs to be on the same issuer..

Manu Sporny: going back to what selfissued said. maybe we can add language to not outright forbid in the base class. start out with softer language in the beginning - not outright "don't do x" - then we can either go to "now it's forbidden" or we realize the guidance goes against real use cases..

Kristina Yasuda: why can't we prohibit, and wait until people tell us they need it?.

Manu Sporny: where the JWT stuff can be very explicit: do not do it. the base spec can say "this is what people are expecting" . see VC-JWT for more information on this.

Dave Longley: +1 to manu's approach.

Samuel Smith: echo Orie's statement. if I sign a receipt. if someone purchases from me, it's signed, it has a proof. I give a receipt on the proof that I sign, referencing what they sign. liability on issuing receipt is on me..
… don't have to impose on receipter any requirements - already have the liability. different from assumptions in other parts of the web. receipting is a powerful use case. what does it mean to sign something as a proof? legal construct not just cryptographic..

Ivan Herman: is it verifiable+credentials+ld+json or verifiable-credentials+ld+json ? These are very different.

Michael Prorock: +1 ivan very different.

Gabe Cohen: The use case for tunnelling, at TBD, transport credentials over DWNs. Use cases on status list, different signature methods, blob might be signed as a VC itself, might have many different types -- tunnelling is real..

Kristina Yasuda: why would you send those statusList VCs in a VC(?) tho.

Brent Zundel: it is vc+ld+son.

Kristina Yasuda: in the spec rn - verifiable-credentials+ld+json.

Brent Zundel: +1 kristina.

Kristina Yasuda: i mean verifiable-credential+jwt.

Michael Prorock: different between verifiable+credential and verifiable/credential.
… should get agreement.

Ivan Herman: I am talking about jwt, but about, say, cty.

Michael Prorock: sure on jwt space - but then what about things like vc-api and "what am i asking to sign and what am i returning".

Dave Longley: need to know what you care about a priori. need to decide what you're verifying and make decisions there. let's make sure we know where the knowledge is coming from. verifier should know ahead of time what it's looking for and willing to verify.

Michael Prorock: that also implies that we may not want this stuff in the browser.

Michael Prorock: i certainly do.

Orie Steele: queued to comment on verifiable+credential or verifiable-credential - have been comments on #1014. if the dash were changed to a plus it would say there's a direct relation to credential...only a content type when ld+json, different than verifiable-credential+otherstuff. what Ted said: verifiable-credential and credential are at the same level.
… don't have to be related at all. they have a repeated word, but it is misleading. application/foo and application/baz, normative constraints on both. see and think they're the same structure, but they don't have to be at all.
… verifiable-credential and credential can be wildly different in ways that are horrendously confusing.
… they can be related...or we can explicitly not register verifiable-credential because it's confusing. review comments on #1014!.

Michael Prorock: just do this in 'vc-jwts': if this is a W3C....we eat this up in the browser. we need to think about what I, as a browser, see application/??? - do I know how to verify it?.
… especially re: eu product passes. coming up more and more. must be very well defined at the core data model. say one is the input (goes and gets signed) the other is the output (signed thing). if we are not careful we will end up with problems down the line. Mozilla, Google, Apple, etc will object if we do not give them clear direction of what to do with this data when they get it.

Kristina Yasuda: @decentralgabe are you sending those in a VP or a VC?.

Dave Longley: -1 to everything is Mike saying :) ... credential+ld+json will just not have any proofs processed by default by browsers, the end :).

Kristina Yasuda: if in a VP, no need for tunneling, no?.

Kristina Yasuda: each VC is signed using its own way, and VP is signed using one way.

Dmitri Zagidulin: @manu - do you think Google et al will support using media type parameters, for proof types?.

Manu Sporny: all vendors support application/ld+json. tell vendors do things as you've always been doing..

Dmitri Zagidulin: don't VPs need their own media types?.

Manu Sporny: yes, probably :).

Ivan Herman: (lunch break.

[mprorock]

Suggested change

	<p>
	This media type MUST NOT be used to describe a verifiable credential with an <dfn>embedded proof</dfn>.
	</p>
	<p>
	If this media type is used any <dfn>embedded proof</dfn> MUST be ignored for the purposes of verification.
	</p>

[dlongley]

-1 to this. VCs and the three party model generally do not create a "control structure". Neither the issuer (nor this WG) get to tell a verifier what they can or cannot accept. I think media types are not the right way to accomplish the goals here.

If an API does not want to accept a particular field, it should say so / have a schema that rejects it, etc. Those are the right tools for that job.

[mprorock]

@dlongley are you ok with "should not" language for inclusion of an embedded proof?

[msporny]

I'm wondering if we can flip the language around and say something like this:

If application/credential+ld+json is specified, verifiers MAY ignore top-level embedded proofs. Implementers are strongly urged to use a more specific media type, such as application/verifiable-credential+ld+json if the credential is secured using an embedded proof.

I'm offering the text above not because I think it should be in the spec, but to do a temperature check on compromise language that might work.

IOW, the statement above says: "Use this 'unsecured' media type and embedded proofs together at your peril... DO use a more specific media type for expressing that the content is secured."

That said, we will probably also need language that effectively states: "DO NOT just trust media types... that's an easily exploitable attack vector". If it says the media type is secured, you MUST run algorithm XYZ to ensure that it is.

Another way to look at this is when MUST an implementation throw an error. I can think of two instances where it definitely MUST throw an error:

• application/verifiable-credential+ld+json is specified, but the VC contains no embedded proofs.
• application/verifiable-credential+ld+json is specified, and it contains embedded chained proofs, where one of the proofs in the chain is missing/invalid.

... I'm sure there are other cases where we can all agree that an error MUST be thrown (at some layer).

To see if other media type registrations contained language like this, I started with application/jwt -- https://www.rfc-editor.org/rfc/rfc7519#section-10.3.1

It does not contain any language about what properties MUST/SHOULD or MUST NOT/SHOULD NOT be included in the media type registration... so, that got me wondering... are there other media types that have this sort of language?

Update: I just looked through the entire structured syntax suffix registry and found no language in each IANA registration section that prohibited certain content based on media type.

What inspired the language in this PR? Was it from another media type registration? If so, which one?

[dlongley]

@mprorock,

are you ok with "should not" language for inclusion of an embedded proof?

No, I'm afraid not. I don't think it's the right use of media types. IMO, the language is unnecessarily restrictive, ineffectual, and likely to create more confusion and unnecessary complexity as a result.

However, I am not against more specific media types (other than that I think we should have a strong reason for every new media type we create). Nor am I against recommending that more specific media types be used if there's a desire to communicate that some data meets some subclass constraints. But that just seems to be general media type advice that shouldn't need to be said in a particular media type registration.

@msporny,

IOW, the statement above says: "Use this 'unsecured' media type and embedded proofs together at your peril... DO use a more specific media type for expressing that the content is secured."

I think language like that is unnecessarily fearful. There's no reason to bring concepts like "use this as your own peril" into this. We don't need to create situations where people are afraid to consume certain data because of the media type that accompanies it. That further proliferates the wrong idea about media types, how to decide whether data is authentic (and what to do / not do about it), and how to work with data in the ecosystem generally, IMO.

In the three party model, there is no single party that tells other parties what to accept and then they just ... accept it. That's a core difference to some common two party models. There is no "Authorization Server" here. Instead, there is self-describing data that conforms to certain specs. Independent parties implement to those specs and when they see data that they understand -- they know how to consume it and what it means. If they don't understand it, they ignore it or reject it -- their choice. What they understand and are willing to accept is up to their business rules. They don't need to get together with other parties or have some special, elevated authorization party tell them what to do; that's just not how this technology works at all.

[mprorock]

@msporny This seems closer...

If application/credential+ld+json is specified, verifiers MAY ignore top-level embedded proofs. Implementers are strongly urged to use a more specific media type, such as application/verifiable-credential+ld+json if the credential is secured using an embedded proof.

How about this variation:

If application/credential+ld+json is specified, verifiers MAY ignore top-level embedded proofs. Implementers SHOULD use a more specific media type, such as application/verifiable-credential+ld+json if the credential is secured using an embedded proof.

To your point re the registration side - I think you are correct there, in that I don't think the registration block is the right place for this. I would like clear normative guidance about how to use the media types, and believe that the correct location for language to this effect does not need to be noted right inline below the table as it is done here, and probably could be located elsewhere in the spec.

edit: to add a notes on few things that get into multiple representations that then point out to external specs for normative and interop purposes such as csvm+json

If we are going to have any guidance in this section it should likely be in one (or aspects of the guidance in both of ) the Additional information and Interoperability considerations - there is some normative 'like' language in many docs, usually in the interop section, e.g. in H224, but normative language as to usage in this case is probably better located in a section detailing use of media types with VCs - this then could provide guidance for WG and other specs that utilize media types with VCs (like 'don't register everything, only what is required')

[OR13]

If an API does not want to accept a particular field, it should say so / have a schema that rejects it, etc. Those are the right tools for that job.

@dlongley

The v1 context says proof can be a member of the RDF type VerifiableCredential

• https://github.com/w3c/vc-data-model/blob/main/contexts/credentials/v1#L45

Perhaps the mistake we have made was to define credential+ld+json instead of vc+ld+json... since the concept of what a "credential" is seems to not have strong agreement, I thought it was obvious that a credential is not a verifiable credential and would not have an embedded or external proof, after reading the v1 spec... but it seems that there is no agreement on the interpretation of the v1 spec text:

https://w3c.github.io/vc-data-model/#proofs-signatures

What inspired the language in this PR? Was it from another media type registration? If so, which one?

@msporny confusion over what a "credential" is... and wanting to define a media type so that the bytes for a representation of a "credential" can be secured and referred to consistently... As I noted above, perhaps there is no concept of credential, there is only VerifiableCredential... Certainly this is the case regarding the RDF interpretation of the core data model.

In either case, this dialog is emphasizing a critical flaw in the spec... it is clear the current language is being interpreted in drastically different ways by readers.

A few paths forward.

1. Remove proof from the core spec (rely on other specs, like data integrity to define it's presence in VCs, Capabilities, or other LD Objects)
2. Register vc+ld+json instead of credential+ld+json, since proof can be present in vc+ld+json
3. Remove the language from core spec about credential and just define verifiable credential

[andresuribe87]

Perhaps the mistake we have made was to define credential+ld+json instead of vc+ld+json

Strong +1 to this. It's the point I was trying to convey in #1044 (comment)

AFAIK there is no normative definition of what a Credential is. We only have a normative definition for a VerifiableCredential.

I am against 1, and in favor of doing 2 and 3.

[dlongley]

I'm not necessarily against what @andresuribe87 proposes (and the spirit of his comment) ... provided that we can make everything hang together.

[dlongley]

I should also note that @andresuribe87's comment I think somewhat captures what we tried do to simplify things in the 1.1 work.

[iherman]

The issue was discussed in a meeting on 2023-02-28

• no resolutions were taken

View the transcript

1. Add normative requirements regarding media type and proof (pr vc-data-model#1014)

See github pull request vc-data-model#1014.

See github pull request vc-data-model#1034.

See github issue vc-data-model#1044.

Brent Zundel: There is a long conversation in the PR, goal of this meeting is to hash out what different sides of debate are, and can then try to come to proposals, recommendations on how to move forward..

Manu Sporny: There are a couple of threads for this discussion. One of the threads is "hey, we should have a media type for unsecured credentials and we should have one for secured ones. Those are the two classes we should have.".
… "If we are going to do that then the unsecured credentials should have no securing mechanism in them." That's the argument for application/credential+ld+json MUST NOT or SHOULD NOT have a proof property in it..
… The other argument is application/credential+ld+json has an extension mechanism and one of those might add a securing mechanism in it and we can't predict what mechanisms other people do, there might be new ones people define in the future and the language can't stop that from happening even if we put text in the spec..
… Even if we say you can't put proof in there, we can't know all the different mechanisms that might happen in the future. The other part of that argument is, "well, you can have very deeply nested and structured VCs and we already have examples of things that learner records and transcripts that might have badges, workforce skills credentials, things that have embedded proofs in them and that's a valid use case.".
… Potentially the outer envelope is not secured but the inner ones are..
… So that's kind of the argument for "they may contain proofs"..
… So we're looking at application/credential+ld+json either: "MUST NOT/SHOULD NOT have proof" or "MAY HAVE proof"..

Michael Prorock: I think that's a reasonably good summary, in my mind, it's a more fundamental question. What is a credential? What makes it a verifiable credential?.
… The way I think of it, once you add a signature, it goes from credential to verifiable credential. Once I see application/credential+ld+json, that's a credential, is an input type..
… once you sign it... it becomes a verifiable credential. We can define what goes into the process, what makes something a VC, and if we can drive that line, we should do that. We can't cover non-compliant stuff w/ the spec, but we should cover cases that we know of..

Dave Longley: I think it's good to avoid confusion where we can, we have to be careful about avoiding confusion when we're talking about secured vs. unsecured or trusted vs. untrusted data... the recipient of the data needs to have an expectation about what they're receiving. They can't just accept whatever the sender sends, that opens the door to potential vulnerabilities..
… Another thing to consider around type is that a VC can be seen as a subtype of credentials, that concept allows for different use cases. Different parties might care about different types of credentials or not. If you have a VC or a credential, a digital wallet can display both..
… People might want to accept things that accept VCs or credentials and add proofs -- so proof chaining, timestamp proofs, and we should be careful to not close the door to innovation, but we should be careful to think that we /can/ close that door. If we put in prohibitive statements, someone will figure out a way to get around it if it gets in the way. For example, someone could do a proof2 field to get around something that says that proof isn't allowed..

David Waite: Some of this may be defining the behaviour when you have multiple proofs by default, I can remove one of the proofs and it's still verifiable, just with less mechanisms..
… The guidance on what to do when there are multiple proofs -- pick your favorite one, do them all for higher assurance, that would be helpful for this discussion, proofs can be dependent on other proofs as well. I have a proof that is protecting other existing proofs, those can't be removed. So some of the assumptions about difference between VC and credential and having proofs, really are in the eye of the verifier..
… Some of the idea here is "if I have something like a JWS wrapping an external proof, and the proofs inside, what are the semantics that people should assume?" If we can't provide semantics that have value, maybe it's not legal in that case..

Michael Prorock: The PR here is explicit around one line related to application/credential+ld+json media type. Those of us that are planning on using that tend to feel strongly, either this is input into something that gets linked data signature, or have external signature... not sure why we would application/verifiable-credential* or some structure that signifies that you have proof there, additional semantics, etc. Avoiding the fact that we can be clear here bothers me, frustrating to me that we can't be explicitly clear about desire to just have credential format w/o proof in it. There are representations that have proof block in there, media type used in cty/typ or other use cases..

Manu Sporny: So I want to agree with what David Waite was saying..
… That the difference between a VC and a credential is in the eye of the verifier. I think that's interesting there, I don't know how I feel with that as an absolute statement, but that resonates with me. There could be a VC with multiple proofs on it, but the verifier only wants to check 2 of them..
… Maybe one is BBS, one is post quantum, one is ECDSA..
… The verifier in that case may only case about ECDSA. They may choose to ignore the other proofs ... or they may choose to look at a proof further down the tree..
… Mike, to look at the use case that you highlighted. ... Here's a concrete use case. If I have a learner record in the education space. The outer thing has no proof, but the inner one has all the classes I took this year and there are class descriptions and skillsets all with proofs..
… Is that thing with 50 proofs at the second level ... is that top level thing a credential or a verifiable credential?.
… You could argue this. I think it's problematic ... I think the PR language doesn't seem to give us an answer for that use case..
… I think it doesn't give us an answer for that use case or use cases where there are other securing mechanisms used. And ultimately, it's up to the verifier to figure out which proofs it cares about..
… It might be then that sometimes different mechanisms determine whether it's viewed as verifiable or not. It's the compound / complex objects that have signatures at the leaves that could be impacted negatively by this language. If we can be more specific we should be..
… Mike's argument for having two different media types for verifiable vs. credentials resonates with me to communicate more specific media types for what I mean..
… Remember, we have application/credential+ld+json which means you can process as JSON, JSON-LD, or as a credential in the VCDM..
… We have that concept..

Dave Longley: media types are not necessarily the right tool to make sure that something is an input to an API. The media type is a way to identify the type of content and how it would be parsed and used, regardless of what API you're using it in. It's a more encompassing thing, not for just one particular use case, one particular API, it's not the right tool for accomplishing that..

Michael Prorock: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept etc. of course multiple use cases.

Dave Longley: That said, APIs have their own shape, can provide their own restrictions, you can do that, that's not a problem and that might be the right way to define that, you can do that via API schemas to accomplish that goal..

Kristina Yasuda: Manu's comment confused me. I do not understand the concept of top level, secondary level proofs, one of the things we did in data model v2 is we separated data model in how we sign/secure it. The notion that something that conceptually is not supposed to be signed can have this proof is very confusing to me..
… That's a use case we need to pay attention to -- is that a valid use case? We have proof in data model, we should move it down to proof formats. I don't think anything related to signatures belongs there..

Michael Prorock: Big +1 to what Kristina said, building on that, we have a good model if we accept this PR, core data model defines what a credential is, and how different specifications might process that... what's expected, in VC-JWT there is a clean way of specifying media types, what to expect when, JWS, or something COSE related, since we have a nice data integrity spec, perhaps we should put media types w/ proofs in a credential, people know how to deal with that information..

Manu Sporny: To address Kristina's concern. We have a concept here -- and JWTs deal with it differently. With Data Integrity proofs, you can have documents that nest other documents and each can nest proofs at every layer..
… We have examples like learner records where that's a reality. Talking about it like "are we going to allow it or not" isn't the right framing because it's already a reality today. It doesn't matter if this group says that structure is illegal, people already find it useful and do it..
… They don't have to base64 at each level and things of that nature..
… We do need to get to the bottom of that and making stuff like that illegal would be a much bigger issue than just this PR..
… The other thing we should consider is that people might use a VP proof and then put a JWT on top of that. I know some people don't want to see that happen, but others might. Given the way things are going in the ecosystem it's probably inevitable that we'll see things like that..

Kerri Lemoie: Learner record spec from 1EdTech doing the embedded VCs that Manu described: http://www.imsglobal.org/spec/clr/v2p0/.

Manu Sporny: Saying proof doesn't belong in the core data model and we should put it in Data Integrity, etc. then we shouldn't be making it illegal to include a proof either. That would be a weird layering violation..
… I think this is us thinking that we have the ability to use a media type to enforce something that people will probably ignore if we write the wrong thing here. I think if we say that the application/credential+ld+json must not have any securing mechanism in it, people will ignore that, the use cases are valid..

Dave Longley: big +1 to what manu said... if we moved proof into data integrity, it would further undercut case for restricting credential+ld+json in this PR, you wouldn't have anything to point to to do it. We should embrace the subclass concept. I'm tagging media type that's specific... another thing to have a less restrictive media type. To provide an analogy -- you can have applications that have rectangles, application accepts it... squares are a more specific type of rectangles... you should be able to use your rectangle library on a square. That's ok, that's what subclass mechanism gives us..
… We have an extensible data model, people will want to know why we added prohibitive statements about use cases they want to do in the future..

Kristina Yasuda: To clarify -- not questioning legitimacy of use case where there are nested data integrity proofs -- what I'm not understanding is credential that is conceptually not supposed to be signed, including a proof property? That's what clearly separates credential from verifiable credential. Let's not completely remove proof from data model, remove it from section 4 to section 6..

Michael Prorock: +1 Kristina.

Kristina Yasuda: Imagine a JSON structure that includes proof property... and that is signed by JWS... if that enters JWS processor, that doesn't understand proof claim, it'll ignore it. In which case, signature is entirely being ignored, which I'm concerned about. Is there a way to resolve that? Happy to hear solutions..

Michael Prorock: No one is saying these are not valid use cases, we want a clear and valid media type.
… Wanting a media type that doesn't have an embedded proof in it, that's a valid use case as well..

David Waite: In the spec we talk about embedded proofs and external proofs, way to state the same thing... embedded proof is a way to extract proof and recanonicalize to create an external proof over the document. It comes down to giving recommendations --- if one proof is chaining, pointing into another, you cannot express outer proof w/o inner one, but you can strip off outer proof, so when people embed a data integrity protected VC inside a JWT, they need to understand that they're requiring twice as much security processing logic... that may affect full stack decisions, or they could just discard the JWT and send credential and data integrity around and they need to decide if it's appropriate or not. If we do have it, we should have a SHOULD NOT with guidance..

Dave Longley: There are going to be many applications that can accept a credential whether or not it has a proof attached to it, important that base media type supports that... if there are other applications that want to have a media type that specifically says "this property is not allowed in this media type" - I think we can do that, but I recommend against it, I don't think it's a good idea. I don't think we should call that out on the base media type. Maybe have base media type to be superclass of other things, someone could create a media type for their other applications, can't have specific property..
… I don't think anyone would want to create 10 different media types for data they don't want their applications to accept, media type isn't the right tool for that..

Paul Dietrich: +1 dlongley.

Dave Longley: "What if this verifier receives something where a signature has been stripped?" -- verifiers need to know what to expect from a holder. They will know what proofs they need to look for, they need to know which issuers to trust, how many signatures to expect, etc... we should remember that we're defining a base data model here, there are things that people don't necessarily process in a credential... base media type that's a super class allows that to happen, I don't think there's a problem there..

Kristina Yasuda: interesting - i though in the open world model, any proof type can enter verifier's system.

Kristina Yasuda: yes, but what they accept is up to them.

Manu Sporny: I think we need to look at the PR. The PR is specifically talking about the application/credential+ld+json and saying that it can't have proof in it..
… Mike, I think you're talking about something else, a media type for a verifiable credential and at this moment in time I agree with you. I definitely agree with JWTs there because it's a base64-encoded dotted string, not JSON..
… That's not true of the Data Integrity secured VCs though..

Kristina Yasuda: @dlongley if verifier only supports JWS it will not know it accepted DI proof signed as JWS, so they can't even make a decision whether to accept or not.

Manu Sporny: So I think the thing you mentioned is a different conversation and that I agree with you more over there, than on this PR. This PR says, we're going to single out this one property and makes it illegal..
… David Waite's SHOULD NOT makes it a little closer, maybe we can do that, but lots people in the ecosystem might just ignore it. I think a lot of people will want to back into what Dave Longley is talking about and that the verifier is going to know what it's expecting..
… Otherwise you're allowing the attacker to choose the attack on your system. You can't trust the media type that the attacker is sending to you. You can't trust that the attack is peeling off a proof, etc. You have to know what you accept..
… You can't trust the incoming media type, the attacker gets to choose it, you can't trust that the thing has the right number of signatures on it, because you can't trust that as well. This goes back to David Waite's comment that the verifier gets to decide what the valid thing is..

Ted Thibodeau Jr.: +1 manu.

Manu Sporny: I think we're trying to use media types to signal things that we shouldn't rely on, it gives power to the attacker..

Dave Longley: +1 manu.

Michael Prorock: I don't think anyone is disagreeing on the multiple layers on security checks, not trusting inputs, I would hope all of us in this group are familiar with those concepts..

Dave Longley: kristina: if the verifier supports JWS then if the JWS proof verifies, they are happy, they don't have to care about the DI proof..

Kristina Yasuda: dlongley: i don't agree.. not validating proof/signature is one of the biggest attack vectors (ignoring == not validating here). security analysis needed to say "they don't need to care". Proof by the issuer has a very important meaning in VC ecosystem - verifier ignoring it undermines trust model of three party model.

Dave Longley: kristina: that's the two-party model :) ... verifier needs to know what they accept and what they don't.

Kristina Yasuda: dlongley: nope, not two party model :).

Michael Prorock: What I'm concerned about is saying that something should not have a proof in any way shape or form, perhaps from a consensus standpoint we end up in SHOULD NOT. If we want to think about a variety of things, no one here wants a proliferation of media types for every options, No one is asking for a proliferation of business rules defined in the spec. If it is implicitly confusing that receives a proof in it, or embedded in a VC-JWT, what proof type comes first. If we don't have a clear way of saying: "Don't do this, you're going to confuse the user"... it's highly concerning to me. If we leave it up to verifier, certain issuers are going to assume one type of security model might be required w/o clean mechanism to know that they're doing that. Let's try to get explicitly clear about what a credential is before it becomes a VC and then be very clear about that as well..

Tobias Looker: I'm still catching up on this issue, so might have perspective that's invalid -- my interpretation of text in PR doesn't insinuate that it makes embedded proofs illegal, media type doesn't establish any semantics around inclusion of property of what it means. If I sent application/json, and data is customer record, that is at a different layer semantically. Embedded proof might have something secured, media type isn't going to communicate presence or processing logic to do anything w/ that..

Michael Prorock: +1 tplooker.

Dave Longley: +1 i think i agree with tplooker too, but also that it doesn't support the prohibition statement.

Ted Thibodeau Jr.: Media types don't do these things... media types don't say "in this structure of file you can only have X field name". Media types give you the structure of the file so you can deal w/ it's contents. If you feed a .zip archive to Excel, it's going to choke because it doesn't know how to deal w/ that content..

Dave Longley: +1 to TallTed.

Ted Thibodeau Jr.: Vice versa, unzip cannot do anything for you with the contents of an excel file... it's not the structure of the document it works on, the structure is the thing that matters here. Subtypes in the mediatype universe are limited not in what fields they can have and the contents of what they could be... bigger type might allow larger number of rearrangements, smaller more focused might allow less..

Dave Longley: +1 to TallTed.

Ted Thibodeau Jr.: Media types don't care about proofs, or business logic, or anything like that. Trying to make them do that job, we're going to break all sorts of security models. It don't work that way..

Dave Longley: +1 to TallTed.

Ted Thibodeau Jr.: I've said in a number of times, a number of places, people don't seem to understand how media types work, if you don't understand how this stuff works, and we try to spec with it, we're going to break something..

Tobias Looker: Further the point that I'm making, don't think media type should rule out in an extensible data model technology whether or not the member of an element should /shouldn't make something illegal. I don't think media type should reach into the data representation technology and says "this should never exist". I think that messes w/ data extensibility model in JSON..

Dave Longley: +1 to tplooker and TallTed, media type is the wrong tool for this.

Tobias Looker: The media type doesn't convey that, media type doesn't tell you anything about what the media type tells you that... it could just be a string w/ some other meaning attached to it. That's all I take the language to mean in this PR. It doesn't communicate anything about the presence of an embedded proof or not..

Manu Sporny: +1 to tplooker, Tallted..

David Waite: One of the ongoing concerns, we're trying to define an extensible data model to use it in ways that we haven't imagined... even extension points we have, like termsOfUse, if there are extensions that you don't understand, what are you supposed to do as a holder or verifier when you see those?.
… In Holder Binding, one of the big concerns is if I have an outer proof of VC-JWT, and I have an inner data integrity proof of the same object/document, what does that mean, what does it imply in terms of issuer instructions of understanding that?.
… To manu's point, you have to define what sort of verification is expected that issuer expects you to do for verifier to trust that information hasn't been modified. So chained proofs, if that's there, with external proofs and chained proofs, we really need to define behaviour of all of those extension points so people know how to act even if they don't understand what that extension is..

Ted Thibodeau Jr.: can't force that business rule on the verifier.

Michael Prorock: Is there an approach that might work? If media type is used, embedded proof must be ignored by processor by verifier? This is a reasonably complex thing we're trying to say..

Kristina Yasuda: I think we double clicked on statements meant by tobias and tallted -- JWT registered application/jwt -- in header, but you can also use application/jwt in HTTP response to indicate that's the thing being returned... I thought we dug into that at F2F? That seems to be misaligned as well..
… maybe we can discuss thing from Mike Prorock.

Dave Longley: -1 to telling verifiers that the have to ignore a proof.

Brent Zundel: Jump on PR and try to refine some language..

Dave Longley: dlongley: that's more violation of the three party model, IMO.

Brent Zundel: See everyone on the call tomorrow..

---

[andres]

Hi guys, I am getting notifications about your project, and it's better if I don't, I might have been added by mistake. I am "andres" at github best regards,

…

On 3/1/23 11:54, Andres Uribe wrote: ***@***.**** commented on this pull request. ------------------------------------------------------------------------ In index.html <#1014 (comment)>: > + <p> + This media type MUST NOT be used to describe a verifiable credential with an <dfn>embedded proof</dfn>. + </p> Perhaps the mistake we have made was to define credential+ld+json instead of vc+ld+json Strong +1 to this. It's the point I was trying to convey in #1044 (comment) <#1044 (comment)> AFAIK there is not normative definition of what a |Credential| is. We only have a normative definition for a |VerifiableCredential|. I am against 1, and in favor of doing 2 and 3. — Reply to this email directly, view it on GitHub <#1014 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAABBSCTIRDBSQKHPWFEL43WZ6LOPANCNFSM6AAAAAAUB5MRAQ>. You are receiving this because you were mentioned.Message ID: ***@***.***>

[TallTed]

@iherman -- #1014 (comment) needs a quick edit, to change @andres - nice, +1. to @andresuribe87 - nice, +1. This should resolve #1014 (comment).

[iherman]

The issue was discussed in a meeting on 2023-03-14

List of resolutions:

• Resolution No. 1: We will change application/credential+ld+json to application/vc+ld+json to use as the media type for verifiable credentials and add language to the spec that indicates the media type does not signal how the VC has been signed.

View the transcript

1. Media types vc+json+ld vs. credential+json+ld.

Manu Sporny: Could we tackle the PRs about media type first? And I ask because there are about five PRs we could potentially resolve if we get to a conclusion there and we are maybe close.

Ted Thibodeau Jr.: I'm hesitant to go along with changing special topic on the special topic call — might have shown up if another topic is discussed.

Brent Zundel: With those comments, let's stick w/ PRs.

Manu Sporny: I'm wondering — So I've got a proposal for the group and wanting to see if we can get to consensus... seeking feedback on it.
… We have been talking about ... we have decided that there will be one base media type for the VC data model. That's super good and useful.
… Then, we started talking about ... that was application/credential+ld+json as the base media type, unsecured, our base media type. Then we have a number of media types around application/vc+something for secured things but there has been disagreement around the requirement of proof and we were trying to figure out how to do that through media types. We now have a section in the spec for the media types.
… Then Orie raised a really good question — about how these two media types application/credential+ld+json and application/vc+ld+json ... people are arguing that proof is optional in both and we have two media types that describe the same thing. Skipping past a lot of the back and forth.
… I wonder if we can make the base media type application/vc+ld+json and proof is optional in that. Then in the media types section we make internal/external proofs clear and so on.
… The proposal would be for the base media type to be application/vc+ld+json, proof is optional, but we don't say that in the media type registration but in the spec. What do people think?

Ted Thibodeau Jr.: Yes, in general theory, I'm with you.
… The media type for a zip archive doesn't change whether it's password protected, or one or a hundred files, or anything, really. You deal with it as a zip archive.

Dave Longley: +1 to TallTed.

Ted Thibodeau Jr.: In our case, we are dealing with credentials which are verifiable, and the failure could be that proof is missing, or proof fails (you messed up the crypto), or something along those lines.
… It's taken a while to reach that point as a group, we might be a step away where we out to be. That might just be ld+json. I want there to be an explicit difference between vc+ld+json and ld+json.
… There has to be something that a ld+json loses when it doesn't process as vc+ld+json.

Kristina Yasuda: I'm not with you yet, Manu. The proposal I think I made in previous call was well received — can we completely remove proof property from VC Data Model so only media type in main becomes credential+ld+json, so we don't talk about proof property. Then vc+jwt and data integrity can define their own media types vc+??? if needed, is that an option, is that on the table still?

Michael Jones: I'm going to try to react to all three comments.
… I agree with Manu that de-facto, the WG hasn't been able to, for JSON-LD data model, been able to make any distinctions between credential and verifiable credential in the media type.
… The attempts to say that proof must not be present for credential+ld+json have not succeeded, and in order to make progress, I'm willing to see single VC data model be application/vc+ld+json.
… To Ted's comment, I agree that there is and should be a meaningful distinction between ld+json and vc+ld+json, the difference is the required members of VC data model are present and are used in ways specified.

Manu Sporny: Yes, MikeJ, exactly!.

Michael Jones: I think we can agree to that.
… I agree with you that proof property should be moved into securing spec, that's what defines its properties, I don't think that Kristina's comment blocks us from registering the media type, and from brent's earlier comments, if we can unblock the media type registrations, we'll be a good bit further forward today.

Orie Steele: +1 to compact form being a constraint.

Dave Longley: I got on queue to agree with MikeJ — the constraints are the data model — and compact form must be used. any one of those things establishes a specific new constraint, that's the difference.
… with respect to Kristina's comment — if we move proof back into another spec, doesn't resolve particular matter at hand, proof being optional, we'd end up in that situation, those issues are orthogonal. That's a different question from what we're trying to resolve here. We want the base media type to be application/vc+ld+json as everyone else has spoken to.

Phillip Long: +1 that moving the proof to data integrity is a different question and not the one that we're talking about here.

Orie Steele: I agree with the comments from Manu and Mike Jones about application/vc+ld+json media type. I also am not sure that proof predicate should be removed from core data model context. I want to talk about what's in v1.1 spec, if we can't achieve consensus to change it, it's goin gto stay the same.
… In v1.1, proof is a predicate that exists. There is no definition of Credential (in RDF sense), only Verifiable Credential. The proof types are the RDF classes that the securing formats tended to define. A proof type example would be Ed25519Signature2018. In v1.1 we shipped proof property in core context. In v2.0, we cleaned some stuff up and avoided having to talk about types. If we say base media type is application/vc+ld+json, we commit ourselves to have conversations about proof being in media type.
… It would be good to get agreement on the base media type on what we see in v1.1, there is a higher chance of doing that with application/vc+ld+json, vs coming to consensus on what application/credential+ld+json.

Kristina Yasuda: If you are talking about media type for v1.1, vc+ld+json might be ok, but to use that for v2.0, I'd be against that. To v2.0 is to separate payload from how it's being secured. Saying the base media type is "vc+" — what is the verifiable part of that payload if that's the base media type?
… Does that mean now we'd only have one media type per signed credential that has to express both what is a payload and what is signed? To be more specific, one example I can think of, in SD-JWT, with current separation of application/credential+ld+json — use that as a payload, use SD-JWT to secure it.
… when you're signing, apply digest as defined in SD-JWT and you're good to go. I don't know what that means when we say application/vc+ld+json.

Ted Thibodeau Jr.: First, assuming we continue down this road, how are we going to convince IANA that there will not be a cascade of special definitions of ABC/xyz+ld+json each with their own set of members and usages? I don't have a concrete differentiator, we could say "you have to have these members in order to be a VC".

Orie Steele: partial answer to Ted's question, IANA expects registration for types that use registered suffixes. That is why we define structured suffixes.

Ted Thibodeau Jr.: Consider RFC822 messages and attachments, where media types came from, there is an envelope and a payload and metadata, these things are separate, signature on signed mail, on unsigned main no signature, not mentioned. these are things that didn't require new media types, media types for those things existed in other usages, those media types are applied in enclosures. we're using media types in a way that's not intended to be used, it'll bite us if it's not already doing so.

Michael Jones: My response to Ted will reference https://www.rfc-editor.org/rfc/rfc8725.html#use-typ.

Dave Longley: I wanted to respond to Kristina, differentiating between credentials and verifiable crednetials — to a certain extend, we've made a number of things more complicated than before in ways we didn't get more value out of that complication. The difference might not come through an incompatible syntax. data integrity adds proof, which adds types to a proof property. that fits in w/ existing data model. That other syntaxes might have incompatible syntax, but when that happens, you need a new media type. I think all that's ok.
… I think Mike's on the queue to respond to what Ted said, I'll end my comments there.

Dave Longley: i was also going to say . i don't think SD-JWT will have to change.

Michael Jones: I did want to respond to TallTed's comment... how are we going to convince IANA to say there's not going to be a multiplication of mediatypes *+ld+json, by analogy, there was an RFC written 8725 — JWT best practices, and one of the best practices listed was "Use an explicit media type for every type of JWT object" — explicit typing and that can prevent a confusion for one type of JWT for another. That's part of a more general move in security community.

Orie Steele: +1 selfissued.

Michael Jones: "Use explicit typing" to prevent confusion, not a bug that there might be a multiplication of JSON-LD subtypes, it's a feature, because it enables explicit typing. Using vc+ld+json is an example for explicit typing, that's a good thing.

Brent Zundel: Initial round was prompted by a proposal, folks spoke up for certain aspects, resolve the media type aspects first then continue conversation where it needs to go.
… How would we need to change that proposal to move forward?

Dave Longley: This might be a slight tweak, keep proof where it is right now and figure out if we move it later.

Orie Steele: +1 dlongley.

Kristina Yasuda: I still haven't heard an answer.
… How do we know if it's signed or not?

Orie Steele: In case signing is used — proof is used, RDF says the type... if external is used, then proof isn't there or is ignored and external signing mechanism applies information necessary for signature. So, for JWT, alg secures content type for application/vc+ld+json — and if you look at that content type, youg et back JSON, verify signature in external proof case. If you see proof in data model, and you don't understand it, you ignore it.

Dave Longley: +1 to Orie.

Orie Steele: People might profile away proof property, but there are scenarios where they want it to be present and might want to tunnel secured data in proof. And add external proof format. Short answer is in case of external proof, you're going to verify the external proof and then you get payload... if payload contains internal proof, you might ignore it, or if you do understand it, you verify according to proof type.

Dave Longley: +1 to Orie.

Phillip Long: =1.

Orie Steele: For the record, I don't really care to "block" the "credential tunneling" feature.

Phillip Long: +1.

Kristina Yasuda: Thanks Orie, that makes sense, I think. I'll be ok given that is clearly stated in VCDM. I don't know what concrete proposal language should be, someone could point me to that? I think what I heard was base media type says this is a signed credential using JSON-LD and how to determine how it's signed is specific to signing mechanism, which is fine.
… Make sure that's loud and clear, you have to depend on checking mechanism.

Orie Steele: And the current "proof" section essentially says this already... it says "at least one, proof format"... https://w3c.github.io/vc-data-model/#proofs-signatures.

Dave Longley: +1 to kristina to provide clear guidance.

Kristina Yasuda: For VC-JWT, for example, other specifications can define their content type, credential is signed ... if my understanding is correct, I'm ok w/ direction.

Manu Sporny: (Brent deftly composes a proposal, much like Beethoven writes a symphony.).

Orie Steele: media type vc+ld+json might have external proof, you won't see evidence in internal content type, because external proof is external.
… You could have internal proof, and that would say you have an internal proof. I would avoid trying to smith proof related changes into resolution. We will have to address proof related issues as a group, don't see need to add more language to this particular proposal.

Brent Zundel: Kristina, are you ok w/ moving forward noting that we need to have proof conversation separately?

Manu Sporny: Kristina makes noises of disapproval.

Brent Zundel: Or we could add...

Kristina Yasuda: The media type does not dictate how credential is signed?

Dave Longley: +1 to Kristina.

Orie Steele: +1 to the "media type does not dictate how the credential is signed".

Kerri Lemoie: +1 Kristina.

Phillip Long: +1.

Orie Steele: that is what I was trying to say regarding the current proof section of the spec.

Dave Longley: we should say "to use as the base media type".

Phillip Long: +1 to Dave's suggestion.

Proposed resolution: We will change credential+ld+json to vc+ld+json to use as the media type for verifiable credentials and add language to the spec that indicates the media type does not signal how the VC has been signed. (Brent Zundel)

Brent Zundel: +1.

Michael Jones: +1.

SongPu Ai: +1.

Joe Andrieu: +1.

Gabe Cohen: +1.

Phillip Long: +1.

Shigeya Suzuki: +1.

Orie Steele: +1.

Kerri Lemoie: +1.

Dave Longley: +1 application/ prefix is presumed :).

Manu Sporny: +1.

Kristina Yasuda: 0.

Dave Longley: +1.

Ted Thibodeau Jr.: +1 with application/ :-).

Brent Zundel: This will go out for review before it's officially resolved.
… I'm going to add application/ to be clear that that's what we resolved.

Resolution #1: We will change application/credential+ld+json to application/vc+ld+json to use as the media type for verifiable credentials and add language to the spec that indicates the media type does not signal how the VC has been signed.

See github pull request vc-data-model#1034.

Manu Sporny: With that, I think we can merge Orie's 1034 PR.
… We may / want to modify that PR to just remove the application/credential+ld+json to make it clear there's just one base media type.
… We should do that and that will be 1034. Then 1050 can refer to application/vc+ld+json and we can pull in 1050.
… 1014 I believe gets addressed by this.

See github pull request vc-data-model#1014.

See github pull request vc-data-model#1050.

Manu Sporny: We're going very far towards resolving it at least.

[OR13]

Closing this PR, we will attempt to define a media type for vc+ld+json in a new PR, after the editorial fixes for the section settle.

I will wait to open the new PR until #1062 is merged.

[msporny]

@OR13 wrote:

I will wait to open the new PR until #1062 is merged.

#1062 has been merged, please proceed.