Re: [jose] Consensus call on charter for JSON Web Proofs work
Orie Steele <orie@transmute.industries> Tue, 18 October 2022 20:04 UTC
Return-Path: <orie@transmute.industries>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13D0BC152565 for <jose@ietfa.amsl.com>; Tue, 18 Oct 2022 13:04:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=transmute.industries
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xpSwSkke5he0 for <jose@ietfa.amsl.com>; Tue, 18 Oct 2022 13:04:07 -0700 (PDT)
Received: from mail-ej1-x62d.google.com (mail-ej1-x62d.google.com [IPv6:2a00:1450:4864:20::62d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B900CC152585 for <jose@ietf.org>; Tue, 18 Oct 2022 13:04:07 -0700 (PDT)
Received: by mail-ej1-x62d.google.com with SMTP id bj12so34919126ejb.13 for <jose@ietf.org>; Tue, 18 Oct 2022 13:04:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transmute.industries; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=SLMlPPaQdbklMk6rdYyNCVGvE7V4wRUmSLZwfgNHgAg=; b=Q4Z8ulfcoPXmHwISUcjMM1oJN9t7fa67fHCQOyQvVLYOPPLsyj7pKrK0Y31PS5j+24 pnbrSgmWHcOdghn7eK8bBY1Uy6hN2KMA6tgbyef4sDZRj7YFzi1nDu2QRvBVuT8GEF8A oupcTjoMe/jxGM4pIOcfwY+kUcErF9vGXKGB2caCvGL7FGw5ofU80+XD1pBP7aDiDMvR E3m6UDULJdWutMEL45CyCHsWuIMOG4Ug6jlzDO0yONkU6wY6gR6OG45Ma9Hqx1zihYcT 4uUeRNAG3TS5F8ogOUOfPADw3oKc6sLI1dR+wX8jGH04UYNbBsI84UPSVWdTelBAOeVT XFSg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=SLMlPPaQdbklMk6rdYyNCVGvE7V4wRUmSLZwfgNHgAg=; b=KIaPYuy9uu1qHt49wjlLcT6uscH/ZFfeP7GqFQAGP8FTkcIItoHKoJNwfZNCPiM+22 exruHTJB3FMYrv7d22IlafW6BHS3Nqvs9MuRQLExn0hEWSAdMKY1W6nZW+8/peMbnzKy f40wZ9shRyKuuKDFXMEQxV9yV8npw1xQ37VwdZ3uRbIrnVCzQ6zYPK95nrqmPIN+OLR8 jqjp3yKef+qMIG0jozL41UNH2y4iHmLtzBfVhYr48JSXwHhIf4pNQPzYgbEhrZC3xONA 1gflLPKzMmA1Lmq/ruu07hmHsj79/o0rRCBXy4lR9mwKJ6MtZGZaSo0AODFL3/xcqJDi KNHA==
X-Gm-Message-State: ACrzQf3B6IKu6XI0TiWN6sNURHS0oQbztjkGXjrOKVJ6RIp1PaGvQEc7 zL5tdAfz44VWCFmPrUZSCoz6hDul236ofkofiGb3anXrt+o=
X-Google-Smtp-Source: AMsMyM56UiqiF5yoFxXiNsNC0Z1QYscVmevKpsq/oW8oeFW4eDv81h8IUbU6rYseGyxEsNqAMfaj1JOBnTjR1FKEuIQ=
X-Received: by 2002:a17:907:2c74:b0:78d:845a:1cf9 with SMTP id ib20-20020a1709072c7400b0078d845a1cf9mr3735638ejc.359.1666123445909; Tue, 18 Oct 2022 13:04:05 -0700 (PDT)
MIME-Version: 1.0
References: <PH0PR06MB7061B875E484777060C5F06EC2289@PH0PR06MB7061.namprd06.prod.outlook.com> <CAFTzAXjzrJ7yqfeAkSt0-HrZ6veL_Umn+NSzu8Xxh77q6s85AA@mail.gmail.com>
In-Reply-To: <CAFTzAXjzrJ7yqfeAkSt0-HrZ6veL_Umn+NSzu8Xxh77q6s85AA@mail.gmail.com>
From: Orie Steele <orie@transmute.industries>
Date: Tue, 18 Oct 2022 15:03:53 -0500
Message-ID: <CAN8C-_+bdQqciaJD65d=pU-vXKe1PydduajqgHw_yG=6E7TUTw@mail.gmail.com>
To: Wayne Chang <wayne@spruceid.com>
Cc: Karen O'Donoghue <odonoghue=40isoc.org@dmarc.ietf.org>, jose@ietf.org
Content-Type: multipart/alternative; boundary="000000000000255f4305eb549836"
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/lJXNy7ARLu3I19pPtHA6wWjhaLU>
Subject: Re: [jose] Consensus call on charter for JSON Web Proofs work
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Oct 2022 20:04:12 -0000
1. Yes, I support the charter text. 2. Yes, I am willing to participate in the development of the WG drafts. 3. Yes, I am willing to review charter drafts. 4. Yes, I am willing to work on implementations, and have already explored and prototyped implementations. Regards, OS On Tue, Oct 18, 2022, 1:53 PM Wayne Chang <wayne@spruceid.com> wrote: > 1. Yes, I support the charter text. > 2. Yes, I am willing to participate in the development of the WG drafts. > 3. Yes, I am willing to review charter drafts. > 4. Yes, I am willing to work on implementations--we have resourcing > available for this later in the quarter. > > On Mon, Oct 17, 2022 at 6:45 PM Karen O'Donoghue <odonoghue= > 40isoc.org@dmarc.ietf.org> wrote: > >> Everyone... >> >> On 12 October 2022, we held the second BoF for JSON Web Proofs proposed >> work [1] as a follow-on to the BoF held at IETF 114 [2]. >> >> We had a robust discussion on problem to be solved and the proposed scope >> of work. A draft charter was previously circulated on the mailing list and >> discussed during the meeting. Polling of the BoF participants showed a >> strong consensus on understanding of the problem and interest to solve it >> in the IETF. There was also critical mass of energy to do this work. There >> was some feedback on the charter along with consensus to reuse the JOSE >> mailing list. >> >> The charter was updated based on the feedback from the BoF and is >> available here and included below: >> >> https://github.com/json-web-proofs/json-web-proofs/blob/main/charter-ietf-jose-03.md >> >> Now with a revised charter available, we'd like to continue this BoF >> conversion with an email thread to gauge interest to forming a WG to ensure >> we also capture views from those who were unable to attend the BoF or those >> who want to reiterate their positions. Please respond to the list: >> >> (1) Do you support the charter text? Or do you have objections or >> blocking concerns (please describe what they might be)? >> >> If you do support the charter text: >> (2) Are you willing to author or participate in the developed of the WG >> drafts? >> (3) Are you willing to review the WG drafts? >> (4) Are you interested in implementing the WG drafts? >> >> If you previously spoke of at the BoF, you are welcome to repeat yourself >> here. >> >> If you have been following along on the mailing list, the charter text >> below is the one that was being polished in GitHub ( >> https://github.com/json-web-proofs/json-web-proofs/blob/main/charter-ietf-jose-03.md). >> >> >> This call for feedback will end on Monday, 24 October 2022. >> >> Thanks, >> Karen and John >> >> [1] >> https://datatracker.ietf.org/meeting/interim-2022-jwp-01/materials/minutes-interim-2022-jwp-01-202210121300-00 >> [2] https://notes.ietf.org/notes-ietf-114-jwp# >> [3] >> https://github.com/json-web-proofs/json-web-proofs/blob/main/charter-ietf-jose-03.md >> >> *Draft Charter:* >> >> The original JSON Object Signing and Encryption (JOSE) working group >> <https://datatracker.ietf.org/doc/charter-ietf-jose/02/> standardized >> JSON-based representations for: >> >> - Integrity-protected objects – JSON Web Signatures (JWS) [RFC 7515 >> <https://www.rfc-editor.org/rfc/rfc7515.html>] >> - Encrypted objects – JSON Web Encryption (JWE) [RFC 7516 >> <https://www.rfc-editor.org/rfc/rfc7516.html>] >> - Key representations – JSON Web Key (JWK) [RFC 7517 >> <https://www.rfc-editor.org/rfc/rfc7517.html>] >> - Algorithm definitions – JSON Web Algorithms (JWA) [RFC 7518 >> <https://www.rfc-editor.org/rfc/rfc7518.html>] >> - Test vectors for the above – Examples of Protecting Content Using >> JSON Object Signing and Encryption [RFC 7520 >> <https://www.rfc-editor.org/rfc/rfc7520.html>] >> >> These were used to define the JSON Web Token (JWT) [RFC 7519 >> <https://www.rfc-editor.org/rfc/rfc7519.html>], which in turn, has seen >> widespread deployment in areas as diverse as digital identity >> <https://openid.net/connect/> and secure telephony >> <https://www.ietf.org/blog/stir-action/>. >> >> Concurrent to the growth of adoption of these standards to express and >> communicate sensitive data has been an increasing societal focus on >> privacy. Common privacy themes in identity solutions are user consent, >> minimal disclosure, and unlinkability. >> >> A multi-decade research activity for a sizeable academic and applied >> cryptography community, often referred to as anonymous credentials, targets >> privacy and knowledge protection. Some of the cryptographic techniques >> developed in this space involve pairing-friendly curves and zero-knowledge >> proofs (ZKPs) (to name just a few). Some of the benefits of zero-knowledge >> proof algorithms include unlinkability, selective disclosure, and the >> ability to use predicate proofs. >> >> The current container formats defined by JOSE and JWT are not able to >> represent data using zero-knowledge proof algorithms. Among the reasons are >> that most require an additional transform or finalize step, many are >> designed to operate on sets and not single messages, and the interface to >> ZKP algorithms has more inputs than conventional signing algorithms. The >> reconstituted JSON Object Signing and Encryption (JOSE) working group will >> address these new needs, while reusing aspects of JOSE and JWT, where >> applicable. >> >> This group is chartered to work on the following deliverables: >> >> - >> >> An Informational document detailing Use Cases and Requirements for >> new specifications enabling JSON-based selective disclosure and >> zero-knowledge proofs. >> - >> >> Standards Track document(s) specifying representation(s) of >> independently-disclosable integrity-protected sets of data and/or proofs >> using JSON-based data structures, which also aims to prevent the ability to >> correlate by different verifiers. >> - >> >> Standards Track document(s) specifying representation(s) of >> JSON-based claims and/or proofs enabling selective disclosure of these >> claims and/or proofs, and that also aims to prevent the ability to >> correlate by different verifiers. >> - >> >> Standards Track document(s) specifying how to use existing >> cryptographic algorithms and defining their algorithm identifiers. The >> working group will not invent new cryptographic algorithms. >> - >> >> Standards Track document(s) specifying how to represent keys for >> these new algorithms as JSON Web Keys (JWKs). >> - >> >> An Informational document defining test vectors for these new >> specifications. >> - >> >> Standards Track document(s) defining CBOR-based representations >> corresponding to all the above, building upon the COSE and CWT >> specifications in the same way that the above build on JOSE and JWT. >> >> One or more of these goals may be combined into a single document, in >> which case the concrete milestones for these goals will be satisfied by the >> consolidated document(s). >> >> An informal goal of the working group is close coordination with the rechartered >> W3C Verifiable Credentials WG >> <https://www.w3.org/2022/05/proposed-vc-wg-charter.html>, which has >> taken a dependency on this work for the second version of its Verifiable >> Credentials specification. The working group will also coordinate with the Selective >> Disclosure JWT >> <https://datatracker.ietf.org/doc/draft-ietf-oauth-selective-disclosure-jwt/> >> work in the OAuth working group, the Privacy Pass >> <https://datatracker.ietf.org/doc/charter-ietf-privacypass/> working >> group, and the CFRG. >> >> _______________________________________________ >> jose mailing list >> jose@ietf.org >> https://www.ietf.org/mailman/listinfo/jose >> > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose >
- [jose] Consensus call on charter for JSON Web Pro… Karen O'Donoghue
- Re: [jose] Consensus call on charter for JSON Web… Jeremie Miller
- Re: [jose] Consensus call on charter for JSON Web… Mike Jones
- Re: [jose] Consensus call on charter for JSON Web… Tobias Looker
- Re: [jose] Consensus call on charter for JSON Web… Kushal Das
- Re: [jose] Consensus call on charter for JSON Web… Mike Prorock
- Re: [jose] Consensus call on charter for JSON Web… Giuseppe De Marco
- Re: [jose] Consensus call on charter for JSON Web… Christian Paquin
- Re: [jose] Consensus call on charter for JSON Web… Zundel, Brent
- Re: [jose] Consensus call on charter for JSON Web… Wayne Chang
- Re: [jose] Consensus call on charter for JSON Web… Pieter Kasselman
- Re: [jose] Consensus call on charter for JSON Web… Orie Steele
- Re: [jose] Consensus call on charter for JSON Web… David Waite
- Re: [jose] Consensus call on charter for JSON Web… Nat Sakimura
- Re: [jose] Consensus call on charter for JSON Web… Srinath Setty
- Re: [jose] Consensus call on charter for JSON Web… Roman Danyliw