From dcfe55993ade74facbd7d39d755e3a89dacefd66 Mon Sep 17 00:00:00 2001 From: gabe Date: Tue, 17 Sep 2024 20:24:26 -0700 Subject: [PATCH 1/7] mark sections normative; move algorithsm --- index.html | 544 ++++++++++++++++++++++++++--------------------------- 1 file changed, 272 insertions(+), 272 deletions(-) diff --git a/index.html b/index.html index e28d983..21859a9 100644 --- a/index.html +++ b/index.html @@ -152,7 +152,7 @@

-
+

Introduction

This specification defines how to secure media types @@ -205,7 +205,7 @@

Terminology

-
+

Securing the VC Data Model

This section outlines how to secure documents conforming @@ -240,9 +240,9 @@

Securing the VC Data Model

If implementations do not know which media type to use, media types defined in this specification MUST be used.

-
+

With JOSE

-
+

Securing JSON-LD Verifiable Credentials with JOSE

This section details how to use JOSE to secure verifiable credentials conforming @@ -304,7 +304,7 @@

Securing JSON-LD Verifiable Credentials with JOSE

-
+

Securing JSON-LD Verifiable Presentations with JOSE

This section details how to use JOSE to secure verifiable presentations conforming @@ -391,7 +391,7 @@

Securing JSON-LD Verifiable Presentations with J Use of the JWS JSON serialization is NOT RECOMMENDED.

-
+

JOSE Header Parameters and JWT Claims

@@ -463,9 +463,9 @@

JOSE Header Parameters and JWT Claims

-
+

With SD-JWT

-
+

Securing JSON-LD Verifiable Credentials with SD-JWT

This section details how to use JOSE to secure verifiable credentials conforming @@ -539,7 +539,7 @@

Securing JSON-LD Verifiable Credentials with SD-JW

-
+

Securing JSON-LD Verifiable Presentations with SD-JWT

This section details how to use SD-JWT to secure verifiable presentations conforming @@ -637,7 +637,7 @@

Securing JSON-LD Verifiable Presentations with SD-J

-
+

With COSE

COSE [[RFC9052]] is a common approach to encoding and securing @@ -646,7 +646,7 @@

With COSE

use of content types as outlined in this section.

-
+

Securing JSON-LD Verifiable Credentials with COSE

This section details how to use COSE to secure verifiable credentials conforming @@ -709,7 +709,7 @@

Securing JSON-LD Verifiable Credentials with COS for more details regarding this example.

-
+

Securing JSON-LD Verifiable Presentations with COSE

This section details how to use COSE to secure verifiable presentations conforming @@ -951,13 +951,13 @@

Key Discovery

-
+

Using Header Parameters and Claims for Key Discovery

These JOSE header parameters and JWT claims can be used by verifiers to discover verification keys.

-
+

kid

If kid is present in the JOSE Header @@ -973,7 +973,7 @@

kid

or subject is expressed as a DID URL.

-
+

iss

If iss is present in the JOSE Header, @@ -998,7 +998,7 @@

iss

-
+

cnf

If cnf is present in the JOSE Header, @@ -1017,10 +1017,10 @@

cnf

-
+

Well-Known URIs

-
+

JWT Issuer

When the issuer value is a URL using the HTTPS scheme, @@ -1036,7 +1036,7 @@

JWT Issuer

-
+

Using Controller Documents

When using [=controller documents=] with this specification, @@ -1055,7 +1055,7 @@

Using Controller Documents

-
+

Conformance Classes

@@ -1153,6 +1153,254 @@

Securing Verifiable Credentials

+

Algorithms

+

+ This specification might be used with many different key discovery protocols. + Therefore, discovery of verification keys is described in , + and is assumed to have succeeded prior to beginning the verification process. +

+

+ As a general rule, verifiers SHOULD strive to minimize the processing of + untrusted data. This includes minimizing any processing of the protected header, + unprotected header, or payload as part of the key discovery procedures. +

+

+ After verification has succeeded, additional validation checks SHOULD be + performed as described in Section +

+

+ The outputs for the following algorithms are: +

+
    +
  • + status: a boolean indicating the result of verification, + true for success and false for failure. +
    • +
  • + document: a document conforming to the [[[VC-DATA-MODEL-2.0]]] [[VC-DATA-MODEL-2.0]] +
    • +
  • + mediaType: vc or vp +
    • +
+
+

Verifying a Credential or Presentation Secured with JOSE

+

+ The inputs for this algorithm are: +

+
    +
  • + inputMediaType: vc-ld+jwt or + vp-ld+jwt +
    • +
  • + inputDocument: the verifiable credential secured as a JWT [[RFC7519]] +
    • +
+

+ Upon receipt of the verifiable credential or presentation secured as a JWT + [[RFC7519]], the holder or verifier follows this algorithm: +

+
    +
  1. + Follow the algorithm defined in Validating a JWT [[RFC7519]]. +
    2. +
  2. + If processing completes successfully: +
      +
    1. + Set status to true +
      2. +
    2. + Set mediaType to vc or vp +
      3. +
    3. + Set document to the decoded JWS payload. +
      4. +
    4. + Return +
      5. +
    +
    3. +
  3. + If processing aborts for any reason or the JWT is rejected: +
      +
    1. + Set status to false +
      2. +
    2. + Set document to null +
      3. +
    3. + Set mediaType to null +
      4. +
    4. + Return +
      5. +
    +
    4. +
+
+
+

Verifying a Credential or Presentation Secured with SD-JWT

+

+ The inputs for this algorithm are: +

+
    +
  • + inputMediaType: vc-ld+sd-jwt +
    • +
  • + inputDocument: the verifiable credential secured with [[SD-JWT]] +
    • +
+

+ Upon receipt of the verifiable credential or presentation secured with + [[SD-JWT]], the holder or verifier follows this algorithm: +

+
    +
  1. + Follow the algorithms defined in SD-JWT for + verification of the SD-JWT. +
    2. +
  2. + If processing completes successfully: +
      +
    1. + Set status to true +
      2. +
    2. + Set mediaType to vc +
      3. +
    3. + Convert the SD-JWT payload back into the JSON claim set by reversing the process + in [[[SD-JWT]]] [[SD-JWT]]. Set document to the JSON claim set. + (For examples of the transition from JSON claim set to SD-JWT payload, please + see SD-JWT examples). +
      4. +
    4. + Return +
      5. +
    +
    3. +
  3. + If processing aborts for any reason or the SD-JWT is rejected: +
      +
    1. + Set status to false +
      2. +
    2. + Set document to null +
      3. +
    3. + Set mediaType to null +
      4. +
    4. + Return +
      5. +
    +
    4. +
+
+
+

Verifying a Credential or Presentation Secured with COSE

+

+ The inputs for this algorithm are: +

+
    +
  • + inputMediaType: vc-ld+cose or + vp-ld+cose +
    • +
  • + inputDocument: the verifiable credential or verifiable presentation + secured with [[[RFC9052]]] +
    • +
+

+ Upon receipt of the verifiable credential or presentation secured with + [[RFC9052]], the holder or verifier follows this algorithm: +

+
    +
  1. + Follow the algorithm defined in [[[RFC9052]]] [[RFC9052]] under the Signing and + Verification Process for COSE_Sign1. +
    2. +
  2. + If processing completes successfully: +
      +
    1. + Set status to true +
      2. +
    2. + Set mediaType to vc or vp +
      3. +
    3. + Set document to the decoded COSE_Sign1 payload. +
      4. +
    4. + Return +
      5. +
    +
    3. +
  3. + If processing aborts for any reason: +
      +
    1. + Set status to false +
      2. +
    2. + Set document to null +
      3. +
    3. + Set mediaType to null +
      4. +
    4. + Return +
      5. +
    +
    4. +
+
+ +

Validation

+ +

+ All claims expected for the typ MUST be present. + All claims that are understood MUST be evaluated according the verifier's validation policies. + All claims that are not understood MUST be ignored. +

+ +

+ The verified document returned from verification MUST be a + well-formed compact JSON-LD document, as described in + Verifiable Credentials Data Model v2.0. +

+ +

+ Schema extension mechanisms such as credentialSchema SHOULD be checked. + If the extension mechanism type is not understood, this property + MUST be ignored. +

+ +

+ Status extension mechanisms such as credentialStatus SHOULD be checked. + If the extension mechanism type is not understood, this property + MUST be ignored. +

+ +

+ Based on the validation policy of the verifier, the type of credentials, and + the type of securing mechanism, additional validation checks MAY be applied. + For example, dependencies between multiple credentials, ordering or timing + information associated with multiple credentials, and/or multiple presentations + could cause an otherwise valid credential or presentation to be considered + invalid. +

+ +
+ +

IANA Considerations

@@ -1440,7 +1688,7 @@

application/vp-ld+cose

-
+

Other Considerations

@@ -1502,6 +1750,7 @@

Privacy Considerations

Credentials implemented using this specification.

+

Security Considerations

@@ -1550,7 +1799,8 @@

Security Considerations

Verifiable Credentials.

-
+ +

Accessibility

When implementing this specification, it is crucial for @@ -1838,256 +2088,6 @@

COSE Examples

-
-

Verification Algorithms

-

- This specification might be used with many different key discovery protocols. - Therefore, discovery of verification keys is described in , - and is assumed to have succeeded prior to beginning the verification process. -

-

- As a general rule, verifiers SHOULD strive to minimize the processing of - untrusted data. This includes minimizing any processing of the protected header, - unprotected header, or payload as part of the key discovery procedures. -

-

- After verification has succeeded, additional validation checks SHOULD be - performed as described in Section -

-

- The outputs for the following algorithms are: -

-
    -
  • - status: a boolean indicating the result of verification, - true for success and false for failure. -
    • -
  • - document: a document conforming to the [[[VC-DATA-MODEL-2.0]]] [[VC-DATA-MODEL-2.0]] -
    • -
  • - mediaType: vc or vp -
    • -
-
-

Algorithm for Verifying a Credential or Presentation Secured with JOSE

-

- The inputs for this algorithm are: -

-
    -
  • - inputMediaType: vc-ld+jwt or - vp-ld+jwt -
    • -
  • - inputDocument: the verifiable credential secured as a JWT [[RFC7519]] -
    • -
-

- Upon receipt of the verifiable credential or presentation secured as a JWT - [[RFC7519]], the holder or verifier follows this algorithm: -

-
    -
  1. - Follow the algorithm defined in Validating a JWT [[RFC7519]]. -
    2. -
  2. - If processing completes successfully: -
      -
    1. - Set status to true -
      2. -
    2. - Set mediaType to vc or vp -
      3. -
    3. - Set document to the decoded JWS payload. -
      4. -
    4. - Return -
      5. -
    -
    3. -
  3. - If processing aborts for any reason or the JWT is rejected: -
      -
    1. - Set status to false -
      2. -
    2. - Set document to null -
      3. -
    3. - Set mediaType to null -
      4. -
    4. - Return -
      5. -
    -
    4. -
-
-
-

Algorithm for Verifying a Credential or Presentation Secured with SD-JWT

-

- The inputs for this algorithm are: -

-
    -
  • - inputMediaType: vc-ld+sd-jwt -
    • -
  • - inputDocument: the verifiable credential secured with [[SD-JWT]] -
    • -
-

- Upon receipt of the verifiable credential or presentation secured with - [[SD-JWT]], the holder or verifier follows this algorithm: -

-
    -
  1. - Follow the algorithms defined in SD-JWT for - verification of the SD-JWT. -
    2. -
  2. - If processing completes successfully: -
      -
    1. - Set status to true -
      2. -
    2. - Set mediaType to vc -
      3. -
    3. - Convert the SD-JWT payload back into the JSON claim set by reversing the process - in [[[SD-JWT]]] [[SD-JWT]]. Set document to the JSON claim set. - (For examples of the transition from JSON claim set to SD-JWT payload, please - see SD-JWT examples). -
      4. -
    4. - Return -
      5. -
    -
    3. -
  3. - If processing aborts for any reason or the SD-JWT is rejected: -
      -
    1. - Set status to false -
      2. -
    2. - Set document to null -
      3. -
    3. - Set mediaType to null -
      4. -
    4. - Return -
      5. -
    -
    4. -
-
-
-

Algorithm for Verifying a Credential or Presentation Secured with COSE

-

- The inputs for this algorithm are: -

-
    -
  • - inputMediaType: vc-ld+cose or - vp-ld+cose -
    • -
  • - inputDocument: the verifiable credential or verifiable presentation - secured with [[[RFC9052]]] -
    • -
-

- Upon receipt of the verifiable credential or presentation secured with - [[RFC9052]], the holder or verifier follows this algorithm: -

-
    -
  1. - Follow the algorithm defined in [[[RFC9052]]] [[RFC9052]] under the Signing and - Verification Process for COSE_Sign1. -
    2. -
  2. - If processing completes successfully: -
      -
    1. - Set status to true -
      2. -
    2. - Set mediaType to vc or vp -
      3. -
    3. - Set document to the decoded COSE_Sign1 payload. -
      4. -
    4. - Return -
      5. -
    -
    3. -
  3. - If processing aborts for any reason: -
      -
    1. - Set status to false -
      2. -
    2. - Set document to null -
      3. -
    3. - Set mediaType to null -
      4. -
    4. - Return -
      5. -
    -
    4. -
-
- - -
- -
-

Validation Algorithm

- -

- All claims expected for the typ MUST be present. - All claims that are understood MUST be evaluated according the verifier's validation policies. - All claims that are not understood MUST be ignored. -

- -

- The verified document returned from verification MUST be a - well-formed compact JSON-LD document, as described in - Verifiable Credentials Data Model v2.0. -

- -

- Schema extension mechanisms such as credentialSchema SHOULD be checked. - If the extension mechanism type is not understood, this property - MUST be ignored. -

- -

- Status extension mechanisms such as credentialStatus SHOULD be checked. - If the extension mechanism type is not understood, this property - MUST be ignored. -

- -

- Based on the validation policy of the verifier, the type of credentials, and - the type of securing mechanism, additional validation checks MAY be applied. - For example, dependencies between multiple credentials, ordering or timing - information associated with multiple credentials, and/or multiple presentations - could cause an otherwise valid credential or presentation to be considered - invalid. -

-
From b1a9a8d8e3b61efacbd54400f42b16da9f35c561 Mon Sep 17 00:00:00 2001 From: gabe Date: Wed, 18 Sep 2024 08:25:18 -0700 Subject: [PATCH 2/7] fix lint --- index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.html b/index.html index 21859a9..cbfa926 100644 --- a/index.html +++ b/index.html @@ -1024,7 +1024,7 @@

Well-Known URIs

JWT Issuer

When the issuer value is a URL using the HTTPS scheme, - issuer metadata including the issuer's public keys can be retrieved using the mechanism + issuer metadata including the issuer's [=public keys=] can be retrieved using the mechanism defined in [[SD-JWT-VC]].

From a1a93a10eeccf892e95165c054b7e66e159d359c Mon Sep 17 00:00:00 2001 From: Gabe <7622243+decentralgabe@users.noreply.github.com> Date: Wed, 18 Sep 2024 12:57:51 -0700 Subject: [PATCH 3/7] Update index.html Co-authored-by: Ted Thibodeau Jr --- index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.html b/index.html index cbfa926..cdbebd4 100644 --- a/index.html +++ b/index.html @@ -152,7 +152,7 @@

-
+

Introduction

This specification defines how to secure media types From 78897fdea73410be1a549515a70b75b6fd4e7ab7 Mon Sep 17 00:00:00 2001 From: gabe Date: Fri, 20 Sep 2024 14:05:30 -0700 Subject: [PATCH 4/7] merge --- index.html | 253 +---------------------------------------------------- 1 file changed, 1 insertion(+), 252 deletions(-) diff --git a/index.html b/index.html index 46b2b08..ead9449 100644 --- a/index.html +++ b/index.html @@ -1366,7 +1366,7 @@

Verifying a Credential or Presentation Secured with COSE

-

Validation

+

Validation

All claims expected for the typ MUST be present. @@ -2091,257 +2091,6 @@

COSE Examples

-
-

Verification Algorithms

-

- This specification might be used with many different key discovery protocols. - Therefore, discovery of verification keys is described in , - and is assumed to have succeeded prior to beginning the verification process. -

-

- As a general rule, verifiers SHOULD strive to minimize the processing of - untrusted data. This includes minimizing any processing of the protected header, - unprotected header, or payload as part of the key discovery procedures. -

-

- After verification has succeeded, additional validation checks SHOULD be - performed as described in Section -

-

- The outputs for the following algorithms are: -

-
    -
  • - status: a boolean indicating the result of verification, - true for success and false for failure. -
    • -
  • - document: a document conforming to the [[[VC-DATA-MODEL-2.0]]] [[VC-DATA-MODEL-2.0]] -
    • -
  • - mediaType: vc or vp -
    • -
-
-

Algorithm for Verifying a Credential or Presentation Secured with JOSE

-

- The inputs for this algorithm are: -

-
    -
  • - inputMediaType: vc-ld+jwt or - vp-ld+jwt -
    • -
  • - inputDocument: the [=verifiable credential=] secured as a JWT [[RFC7519]] -
    • -
-

- Upon receipt of the [=verifiable credential=] or [=verifiable presentation=] secured as a JWT - [[RFC7519]], the [=holder=] or [=verifier=] follows this algorithm: -

-
    -
  1. - Follow the algorithm defined in Validating a JWT [[RFC7519]]. -
    2. -
  2. - If processing completes successfully: -
      -
    1. - Set status to true -
      2. -
    2. - Set mediaType to vc or vp -
      3. -
    3. - Set document to the decoded JWS payload. -
      4. -
    4. - Return -
      5. -
    -
    3. -
  3. - If processing aborts for any reason or the JWT is rejected: -
      -
    1. - Set status to false -
      2. -
    2. - Set document to null -
      3. -
    3. - Set mediaType to null -
      4. -
    4. - Return -
      5. -
    -
    4. -
-
-
-

Algorithm for Verifying a Credential or Presentation Secured with SD-JWT

-

- The inputs for this algorithm are: -

-
    -
  • - inputMediaType: vc-ld+sd-jwt -
    • -
  • - inputDocument: the verifiable credential secured with [[SD-JWT]] -
    • -
-

- Upon receipt of the [=verifiable credential=] or [=verifiable presentation=] secured with - [[SD-JWT]], the holder or verifier follows this algorithm: -

-
    -
  1. - Follow the algorithms defined in SD-JWT for - verification of the SD-JWT. -
    2. -
  2. - If processing completes successfully: -
      -
    1. - Set status to true -
      2. -
    2. - Set mediaType to vc -
      3. -
    3. - Convert the SD-JWT payload back into the JSON claim set by reversing the process - in [[[SD-JWT]]] [[SD-JWT]]. Set document to the JSON claim set. - (For examples of the transition from JSON claim set to SD-JWT payload, please - see SD-JWT examples). -
      4. -
    4. - Return -
      5. -
    -
    3. -
  3. - If processing aborts for any reason or the SD-JWT is rejected: -
      -
    1. - Set status to false -
      2. -
    2. - Set document to null -
      3. -
    3. - Set mediaType to null -
      4. -
    4. - Return -
      5. -
    -
    4. -
-
-
-

Algorithm for Verifying a Credential or Presentation Secured with COSE

-

- The inputs for this algorithm are: -

-
    -
  • - inputMediaType: vc-ld+cose or - vp-ld+cose -
    • -
  • - inputDocument: the [=verifiable credential=] or [=verifiable presentation=] - secured with [[[RFC9052]]] -
    • -
-

- Upon receipt of the [=verifiable credential=] or [=verifiable presentation=] secured with - [[RFC9052]], the [=holder=] or [=verifier=] follows this algorithm: -

-
    -
  1. - Follow the algorithm defined in [[[RFC9052]]] [[RFC9052]] under the Signing and - Verification Process for COSE_Sign1. -
    2. -
  2. - If processing completes successfully: -
      -
    1. - Set status to true -
      2. -
    2. - Set mediaType to vc or vp -
      3. -
    3. - Set document to the decoded COSE_Sign1 payload. -
      4. -
    4. - Return -
      5. -
    -
    3. -
  3. - If processing aborts for any reason: -
      -
    1. - Set status to false -
      2. -
    2. - Set document to null -
      3. -
    3. - Set mediaType to null -
      4. -
    4. - Return -
      5. -
    -
    4. -
-
- - -
- -
-

Validation Algorithm

- -

- All claims expected for the typ MUST be present. - All claims that are understood MUST be evaluated according the [=verifier=]'s validation policies. - All claims that are not understood MUST be ignored. -

- -

- The verified document returned from verification MUST be a - well-formed compact JSON-LD document, as described in - Verifiable Credentials Data Model v2.0. -

- -

- Schema extension mechanisms such as credentialSchema SHOULD be checked. - If the extension mechanism type is not understood, this property - MUST be ignored. -

- -

- Status extension mechanisms such as credentialStatus SHOULD be checked. - If the extension mechanism type is not understood, this property - MUST be ignored. -

- -

- Based on the validation policy of the verifier, the type of [=credentials=], and - the type of securing mechanism, additional validation checks MAY be applied. - For example, dependencies between multiple [=credentials=], ordering or timing - information associated with multiple credentials, and/or multiple [=presentations=] - could cause an otherwise valid [=credential=] or [=presentation=] to be considered - invalid. -

-
-

Acknowledgements

From ce48ec8e944f496414dbfeab25f49cf318c47ca4 Mon Sep 17 00:00:00 2001 From: Gabe <7622243+decentralgabe@users.noreply.github.com> Date: Thu, 26 Sep 2024 09:25:27 -0700 Subject: [PATCH 5/7] Apply suggestions from code review --- index.html | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/index.html b/index.html index ead9449..6aa18c3 100644 --- a/index.html +++ b/index.html @@ -147,7 +147,7 @@

-
+

Introduction

This specification defines how to secure media types @@ -299,7 +299,7 @@

Terminology

-
+

Securing the VC Data Model

This section outlines how to secure documents conforming @@ -334,9 +334,9 @@

Securing the VC Data Model

If implementations do not know which media type to use, media types defined in this specification MUST be used.

-
+

With JOSE

-
+

Securing JSON-LD Verifiable Credentials with JOSE

This section details how to use JOSE to secure verifiable credentials conforming @@ -398,7 +398,7 @@

Securing JSON-LD Verifiable Credentials with JOSE

-
+

Securing JSON-LD Verifiable Presentations with JOSE

This section details how to use JOSE to secure verifiable presentations conforming @@ -557,9 +557,9 @@

JOSE Header Parameters and JWT Claims

-
+

With SD-JWT

-
+

Securing JSON-LD Verifiable Credentials with SD-JWT

This section details how to use JOSE to secure verifiable credentials conforming @@ -633,7 +633,7 @@

Securing JSON-LD Verifiable Credentials with SD-JW

-
+

Securing JSON-LD Verifiable Presentations with SD-JWT

This section details how to use SD-JWT to secure verifiable presentations conforming @@ -731,7 +731,7 @@

Securing JSON-LD Verifiable Presentations with SD-J

-
+

With COSE

COSE [[RFC9052]] is a common approach to encoding and securing @@ -740,7 +740,7 @@

With COSE

use of content types as outlined in this section.

-
+

Securing JSON-LD Verifiable Credentials with COSE

This section details how to use COSE to secure verifiable credentials conforming @@ -803,7 +803,7 @@

Securing JSON-LD Verifiable Credentials with COS for more details regarding this example.

-
+

Securing JSON-LD Verifiable Presentations with COSE

This section details how to use COSE to secure verifiable presentations conforming @@ -953,13 +953,13 @@

Key Discovery

-
+

Using Header Parameters and Claims for Key Discovery

These JOSE header parameters and JWT claims can be used by verifiers to discover verification keys.

-
+

kid

If kid is present in the JOSE Header @@ -975,7 +975,7 @@

kid

or subject is expressed as a DID URL.

-
+

iss

If iss is present in the JOSE Header, @@ -1000,7 +1000,7 @@

iss

-
+

cnf

If cnf is present in the JOSE Header, @@ -1019,10 +1019,10 @@

cnf

-
+

Well-Known URIs

-
+

JWT Issuer

When the [=issuer=] value is a URL using the HTTPS scheme, @@ -1155,7 +1155,7 @@

Using DID Documents

-
+

Algorithms

This specification might be used with many different key discovery protocols. @@ -1186,7 +1186,7 @@

Algorithms

mediaType: vc or vp -
+

Verifying a Credential or Presentation Secured with JOSE

The inputs for this algorithm are: @@ -1244,7 +1244,7 @@

Verifying a Credential or Presentation Secured with JOSE

-
+

Verifying a Credential or Presentation Secured with SD-JWT

The inputs for this algorithm are: @@ -1305,7 +1305,7 @@

Verifying a Credential or Presentation Secured with SD-JWT

-
+

Verifying a Credential or Presentation Secured with COSE

The inputs for this algorithm are: From 8df523ee7c858ecf8cc1ef88a16fd3828a108edf Mon Sep 17 00:00:00 2001 From: Gabe <7622243+decentralgabe@users.noreply.github.com> Date: Thu, 26 Sep 2024 09:26:10 -0700 Subject: [PATCH 6/7] Update index.html --- index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.html b/index.html index 6aa18c3..fd571a1 100644 --- a/index.html +++ b/index.html @@ -1045,7 +1045,7 @@

JWT Issuer

-
+

Using Controller Documents

When using [=controller documents=] with this specification, From c530a98b2a94fd873c953be29ff737fccae8e20f Mon Sep 17 00:00:00 2001 From: gabe Date: Thu, 26 Sep 2024 09:43:53 -0700 Subject: [PATCH 7/7] remove all normative --- index.html | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/index.html b/index.html index fd571a1..c9fef00 100644 --- a/index.html +++ b/index.html @@ -193,8 +193,8 @@

Introduction

asymmetric encryption algorithms.

-
-
+
+

Conformance Classes

A conforming JWS document is one that conforms to all of the @@ -237,7 +237,7 @@

Conformance Classes

.

-
+

Securing Verifiable Credentials

The describes the approach taken by JSON Web Tokens to secure JWT Claims Sets as applying an @@ -884,7 +884,7 @@

Securing JSON-LD Verifiable Presentations with C details regarding this example.

-
+

COSE Header Parameters and CWT Claims

@@ -937,7 +937,7 @@

COSE Header Parameters and CWT Claims

-
+

Key Discovery