Re: [jose] Consensus call on charter for JSON Web Proofs work

[Orie Steele <orie@transmute.industries>]

1. Yes, I support the charter text.
2. Yes, I am willing to participate in the development of the WG drafts.
3. Yes, I am willing to review charter drafts.
4. Yes, I am willing to work on implementations, and have already explored
and prototyped implementations.

Regards,

OS



On Tue, Oct 18, 2022, 1:53 PM Wayne Chang <wayne@spruceid.com> wrote:

> 1. Yes, I support the charter text.
> 2. Yes, I am willing to participate in the development of the WG drafts.
> 3. Yes, I am willing to review charter drafts.
> 4. Yes, I am willing to work on implementations--we have resourcing
> available for this later in the quarter.
>
> On Mon, Oct 17, 2022 at 6:45 PM Karen O'Donoghue <odonoghue=
> 40isoc.org@dmarc.ietf.org> wrote:
>
>> Everyone...
>>
>> On 12 October 2022, we held the second BoF for JSON Web Proofs proposed
>> work [1] as a follow-on to the BoF held at IETF 114 [2].
>>
>> We had a robust discussion on problem to be solved and the proposed scope
>> of work. A draft charter was previously circulated on the mailing list and
>> discussed during the meeting. Polling of the BoF participants showed a
>> strong consensus on understanding of the problem and interest to solve it
>> in the IETF.  There was also critical mass of energy to do this work. There
>> was some feedback on the charter along with consensus to reuse the JOSE
>> mailing list.
>>
>> The charter was updated based on the feedback from the BoF and is
>> available here and included below:
>>
>> https://github.com/json-web-proofs/json-web-proofs/blob/main/charter-ietf-jose-03.md
>>
>> Now with a revised charter available, we'd like to continue this BoF
>> conversion with an email thread to gauge interest to forming a WG to ensure
>> we also capture views from those who were unable to attend the BoF or those
>> who want to reiterate their positions.  Please respond to the list:
>>
>> (1) Do you support the charter text? Or do you have objections or
>> blocking concerns (please describe what they might be)?
>>
>> If you do support the charter text:
>> (2) Are you willing to author or participate in the developed of the WG
>> drafts?
>> (3) Are you willing to review the WG drafts?
>> (4) Are you interested in implementing the WG drafts?
>>
>> If you previously spoke of at the BoF, you are welcome to repeat yourself
>> here.
>>
>> If you have been following along on the mailing list, the charter text
>> below is the one that was being polished in GitHub (
>> https://github.com/json-web-proofs/json-web-proofs/blob/main/charter-ietf-jose-03.md).
>>
>>
>> This call for feedback will end on Monday, 24 October 2022.
>>
>> Thanks,
>> Karen and John
>>
>> [1]
>> https://datatracker.ietf.org/meeting/interim-2022-jwp-01/materials/minutes-interim-2022-jwp-01-202210121300-00
>> [2] https://notes.ietf.org/notes-ietf-114-jwp#
>> [3]
>> https://github.com/json-web-proofs/json-web-proofs/blob/main/charter-ietf-jose-03.md
>>
>> *Draft Charter:*
>>
>> The original JSON Object Signing and Encryption (JOSE) working group
>> <https://datatracker.ietf.org/doc/charter-ietf-jose/02/> standardized
>> JSON-based representations for:
>>
>>    - Integrity-protected objects – JSON Web Signatures (JWS) [RFC 7515
>>    <https://www.rfc-editor.org/rfc/rfc7515.html>]
>>    - Encrypted objects – JSON Web Encryption (JWE) [RFC 7516
>>    <https://www.rfc-editor.org/rfc/rfc7516.html>]
>>    - Key representations – JSON Web Key (JWK) [RFC 7517
>>    <https://www.rfc-editor.org/rfc/rfc7517.html>]
>>    - Algorithm definitions – JSON Web Algorithms (JWA) [RFC 7518
>>    <https://www.rfc-editor.org/rfc/rfc7518.html>]
>>    - Test vectors for the above – Examples of Protecting Content Using
>>    JSON Object Signing and Encryption [RFC 7520
>>    <https://www.rfc-editor.org/rfc/rfc7520.html>]
>>
>> These were used to define the JSON Web Token (JWT) [RFC 7519
>> <https://www.rfc-editor.org/rfc/rfc7519.html>], which in turn, has seen
>> widespread deployment in areas as diverse as digital identity
>> <https://openid.net/connect/> and secure telephony
>> <https://www.ietf.org/blog/stir-action/>.
>>
>> Concurrent to the growth of adoption of these standards to express and
>> communicate sensitive data has been an increasing societal focus on
>> privacy. Common privacy themes in identity solutions are user consent,
>> minimal disclosure, and unlinkability.
>>
>> A multi-decade research activity for a sizeable academic and applied
>> cryptography community, often referred to as anonymous credentials, targets
>> privacy and knowledge protection. Some of the cryptographic techniques
>> developed in this space involve pairing-friendly curves and zero-knowledge
>> proofs (ZKPs) (to name just a few). Some of the benefits of zero-knowledge
>> proof algorithms include unlinkability, selective disclosure, and the
>> ability to use predicate proofs.
>>
>> The current container formats defined by JOSE and JWT are not able to
>> represent data using zero-knowledge proof algorithms. Among the reasons are
>> that most require an additional transform or finalize step, many are
>> designed to operate on sets and not single messages, and the interface to
>> ZKP algorithms has more inputs than conventional signing algorithms. The
>> reconstituted JSON Object Signing and Encryption (JOSE) working group will
>> address these new needs, while reusing aspects of JOSE and JWT, where
>> applicable.
>>
>> This group is chartered to work on the following deliverables:
>>
>>    -
>>
>>    An Informational document detailing Use Cases and Requirements for
>>    new specifications enabling JSON-based selective disclosure and
>>    zero-knowledge proofs.
>>    -
>>
>>    Standards Track document(s) specifying representation(s) of
>>    independently-disclosable integrity-protected sets of data and/or proofs
>>    using JSON-based data structures, which also aims to prevent the ability to
>>    correlate by different verifiers.
>>    -
>>
>>    Standards Track document(s) specifying representation(s) of
>>    JSON-based claims and/or proofs enabling selective disclosure of these
>>    claims and/or proofs, and that also aims to prevent the ability to
>>    correlate by different verifiers.
>>    -
>>
>>    Standards Track document(s) specifying how to use existing
>>    cryptographic algorithms and defining their algorithm identifiers. The
>>    working group will not invent new cryptographic algorithms.
>>    -
>>
>>    Standards Track document(s) specifying how to represent keys for
>>    these new algorithms as JSON Web Keys (JWKs).
>>    -
>>
>>    An Informational document defining test vectors for these new
>>    specifications.
>>    -
>>
>>    Standards Track document(s) defining CBOR-based representations
>>    corresponding to all the above, building upon the COSE and CWT
>>    specifications in the same way that the above build on JOSE and JWT.
>>
>> One or more of these goals may be combined into a single document, in
>> which case the concrete milestones for these goals will be satisfied by the
>> consolidated document(s).
>>
>> An informal goal of the working group is close coordination with the rechartered
>> W3C Verifiable Credentials WG
>> <https://www.w3.org/2022/05/proposed-vc-wg-charter.html>, which has
>> taken a dependency on this work for the second version of its Verifiable
>> Credentials specification. The working group will also coordinate with the Selective
>> Disclosure JWT
>> <https://datatracker.ietf.org/doc/draft-ietf-oauth-selective-disclosure-jwt/>
>> work in the OAuth working group, the Privacy Pass
>> <https://datatracker.ietf.org/doc/charter-ietf-privacypass/> working
>> group, and the CFRG.
>>
>> _______________________________________________
>> jose mailing list
>> jose@ietf.org
>> https://www.ietf.org/mailman/listinfo/jose
>>
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
>