[Openid-specs-ab] Issue #1237: vp vs. jwt_vp or vp_jwt? (openid/connect)
issues-reply at bitbucket.org
Tue May 18 17:11:00 UTC 2021
New issue 1237: vp vs. jwt_vp or vp_jwt?
There is some confusion and inconsistency between the use of the similar claims types vp and jwt\_vp \(or is it vp\_jwt as both are used\) in the current document. On the one hand the text says “Note that OP would first encode VPs using the rules defined in the Verifiable Credential specification either in JWT format or JSON-LD format, before encoded VPs as container objects.” and then “Note that above claim has to be distinguished from `vp` or `vc` claims as defined in [JWT proof format](https://www.w3.org/TR/vc-data-model/#json-web-token). `vp` or `vc` claims contain those parts of the standard verifiable credentials and verifiable presentations where no explicit encoding rules for JWT exist…They are not meant to include complete verifiable credentials or verifiable presentations objects which is the purpose of the claims defined in this specification.”
The W3C definition of vp \(and vc\) was intended to remove duplicate encodings for the same semantic properties \(claims\) e.g. iss and issuer, as two different encodings of the same property could lead to problems if the two values were not the same. Which one is to be believed? The text in the current document would appear to be bringing back this duplication and hence potential problems.
Whilst it is appreciated that the W3C text could be improved to remove some ambiguities, it is not a good idea to have two almost identical encodings specified in two different standards and then referring to both in this document in an equally confusing way.
It is suggested that the W3C vp and vc claims are used and that this document contains text to clarify any ambiguities in the W3C standard. This clarifying text can then be inserted into the next revision of the W3C standard. In this way we will only have one agreed specification for vc and vp claims in JWT format.
There is an added complication in that the W3C spec allows a JWT encoding \(of vc and vp\) to not contain a JWS and instead to contain a proof property, or for it to contain a JWS and to also contain a proof property. It is not clear how the vp\_jwt or vp\_ldp encodings deal with this issue.
More information about the Openid-specs-ab