[Openid-specs-digital-credentials-protocols] Minutes from 16th May 2024 DCP WG call
Brian Campbell
bcampbell at pingidentity.com
Sat May 18 20:33:19 UTC 2024
On Sat, May 18, 2024 at 9:56 AM Orie Steele <orie at transmute.industries>
wrote:
> <snip>
>
<snip>
> If the VCWG sees value in securing holder supplied claims with JWT, I
> don't see why it would not make sense to secure them with SD-JWT,
>
>> Mostly because it doesn't make sense and there's a real cost to having
>> yet another option in an arena where there are arguably way too many
>> options already.
>>
>
> If you are processing an application/vp+ld+json+jwt (sigh)... of an
> application/vc+ld+json (data integrity) and an
> application/vc+ld+json+sd-jwt (sd-jwt+kb) and an
> application/vc+ld+json+cose....
> Yes, you're paying (in CPU cycles and CVE attack surface) for the
> indecision of the W3C VCWG... but I don't think limiting the securing
> formats of a VP saves you much... That's like $5 off a $10k purchase.
>
Just to be clear, the cost I was referring to was about the costs incurred
by the larger community of people trying to work in and understand this
space - developers, deployers, etc., and even folks involved in the
standards development.
<snip>
--
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged
material for the sole use of the intended recipient(s). Any review, use,
distribution or disclosure by others is strictly prohibited. If you have
received this communication in error, please notify the sender immediately
by e-mail and delete the message and any file attachments from your
computer. Thank you._
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20240518/4fdf6164/attachment.html>
More information about the Openid-specs-digital-credentials-protocols
mailing list