[Openid-specs-ab] Defining JWT Claims to represent W3C Verifiable Credentials objects

Tom Jones thomasclinganjones at gmail.com
Thu Apr 8 01:00:29 UTC 2021


I have an alternate proposal. In my system the claim should have a name
that represents what it is. For example the existing claims acr and amr
should be enabled to carry a vc or vp as its value. In this system the
encoding of the value would carry the syntax of the claim, beit vc-sjon,
vc-ld or whatever. The one proposal I did make was to use jose encoding. If
we wanted to use this the jose header could contain the syntax of the
contained element as Mike has indicated in his proposal.

I think it is not helpful for the name of the claim to be just the syntax
of the element.

Be the change you want to see in the world ..tom


On Wed, Apr 7, 2021 at 5:25 PM Mike Jones via Openid-specs-ab <
openid-specs-ab at lists.openid.net> wrote:

> In our discussions over the past few months, it’s become clear that there
> are multiple use cases where different forms of W3C Verifiable Credential
> objects will be communicated as JWT claims (or as UserInfo Endpoint
> claims).  I had a useful conversation with Oliver Terbu and Kristina Yasuda
> this week during which we agreed that it would be useful to write a short,
> focused specification defining and registering JWT claims enabling standard
> representations for this purpose.  These claims could be used both by SIOP
> use cases and other use cases.
>
>
>
> Bear in mind that the W3C Verifiable Credentials specification defines two
> representations of the objects that it defines – JWT and JSON-LD and it
> also orthogonally defines two kinds of objects – Verifiable Credentials and
> Verifiable Presentations.  Thus, there are actually four different data
> types that these use cases might want to utilize.
>
>
>
> I would therefore propose the following four claim definitions for these
> purposes:
>
>
>
>    - *vc_jwt*:  A claim whose value is a W3C Verifiable Credential object
>    using the JWT representation, which is a JSON string.  The claim’s value
>    may also be an array of W3C Verifiable Credential objects using the JWT
>    representation if the use case calls for multiple JWT VCs.
>    - *vp_jwt*:  A claim whose value is a W3C Verifiable Presentation
>    object using the JWT representation, which is a JSON string.  The claim’s
>    value may also be an array of W3C Verifiable Presentation objects using the
>    JWT representation if the use case calls for multiple JWT VPs.
>    - *vc_ld*:  A claim whose value is a W3C Verifiable Credential object
>    using the JSON-LD representation, which is a JSON object.  The claim’s
>    value may also be an array of W3C Verifiable Credential objects using the
>    JSON-LD representation if the use case calls for multiple JSON-LD VCs.
>    - *vp_ld*:  A claim whose value is a W3C Verifiable Presentation
>    object using the JSON-LD representation, which is a JSON object.  The
>    claim’s value may also be an array of W3C Verifiable Presentation objects
>    using the JSON-LD representation if the use case calls for multiple JSON-LD
>    VPs.
>
>
>
> Let’s discuss this proposal during the European-friendly Connect call
> ~13.5 hours from now.
>
>
>
>                                                        -- Mike
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20210407/b7cafc57/attachment.html>


More information about the Openid-specs-ab mailing list