IETF Logo Mail Archive

Re: [jose] Consensus call on charter for JSON Web Proofs work

Wayne Chang <wayne@spruceid.com> Tue, 18 October 2022 18:53 UTC

Return-Path: <wayne@spruceid.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C822CC152569 for <jose@ietfa.amsl.com>; Tue, 18 Oct 2022 11:53:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=spruceid.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nPFUxHthv6Hn for <jose@ietfa.amsl.com>; Tue, 18 Oct 2022 11:53:30 -0700 (PDT)
Received: from mail-oi1-x231.google.com (mail-oi1-x231.google.com [IPv6:2607:f8b0:4864:20::231]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 945B7C152566 for <jose@ietf.org>; Tue, 18 Oct 2022 11:53:30 -0700 (PDT)
Received: by mail-oi1-x231.google.com with SMTP id j188so16619537oih.4 for <jose@ietf.org>; Tue, 18 Oct 2022 11:53:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=spruceid.com; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=yCHVwoOfEd8OegbvILQaO3rlwbE5C2YEuSpZ+lL1Wi0=; b=iq2SdVtPTPvDEAS0ogOXr0a9rBuZ+L/O42LH1rf2kt88K3zHxB4vhh5lxDujlnR7QY pJz0EXmLdAEMOdnBFHVgoUaKkkyUn/vr5T0S6DfbhugCZ+FRbMmqfbX9sI9cAAeniUep OVhD8AhAPPK9NbKC/zupB+ga3d1o4RAEO0n7NsLu+cSqHtC8nw/Ce+tNQg0pmsDhTVVL rueCaZ4bylKHcbtBl6jn+PT0S8xfEEgixzA5prYBQfPQlR6tIZ/3ck0UvOqk4x57yB7v kV/RkdAaV6iIrwe9qQfouDABRqYO1GuXse/wmbKXRRYX8wTBwg0aH3d1v1U5brvqWXfb /lIg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=yCHVwoOfEd8OegbvILQaO3rlwbE5C2YEuSpZ+lL1Wi0=; b=YvnUby8khM3EGEuuj8l/7EmWNL3OG0VfDf3FZLJ3czKzT1Z4KXCgXhyhmOian+FgCA xUDyfzBVK2TBq8Xj+d6nEuS3MpXU0in4XuKeO28IffpPhpt6LbMs2MNF0GOhpdFu0Yia jKb7efr8MQ8D9VALZjLIrJacEWmUI1LlDTZ1dcqk1QQxxQksbBxqZkIhF2u3xLoEtA0o 7gV3RPZIfa4V/21iw1e877WFsRJAnnOfTa4/JeNB0s/tCKMldBxvkZQnm8uCMk8kcD1M CHMs4PMKW8jkpWTB7C4Eh6J1qMV7Rq4I/uy+UB+59Dad69UvgSbjsPI5x40CIRiiWBWR DpJw==
X-Gm-Message-State: ACrzQf2/anDqWPgxNqRQQwdpN+ilY9fhZ+0HrkCVQSKiGxgZMJmjAxUz 6xxZatsBrpO9RTeJRHU8ZyLG/jtfNsPE0y7Kkaq5ai/WVB6eSA==
X-Google-Smtp-Source: AMsMyM54ZjehDRmOc6l1tDakdL7ly9Jq+Jx2ZY+FB16x2wC5Js/iWVgpC4OegwVzjEqaawONeGYRgLc6tda7VNwH2g4=
X-Received: by 2002:aca:3d55:0:b0:355:1ced:909f with SMTP id k82-20020aca3d55000000b003551ced909fmr10052960oia.60.1666119208247; Tue, 18 Oct 2022 11:53:28 -0700 (PDT)
MIME-Version: 1.0
References: <PH0PR06MB7061B875E484777060C5F06EC2289@PH0PR06MB7061.namprd06.prod.outlook.com>
In-Reply-To: <PH0PR06MB7061B875E484777060C5F06EC2289@PH0PR06MB7061.namprd06.prod.outlook.com>
From: Wayne Chang <wayne@spruceid.com>
Date: Tue, 18 Oct 2022 11:53:12 -0700
Message-ID: <CAFTzAXjzrJ7yqfeAkSt0-HrZ6veL_Umn+NSzu8Xxh77q6s85AA@mail.gmail.com>
To: Karen O'Donoghue <odonoghue=40isoc.org@dmarc.ietf.org>
Cc: "jose@ietf.org" <jose@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008fbdb405eb539b9e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/uRewvIWQpRlxIKRvm_WmPKqJeNo>
Subject: Re: [jose] Consensus call on charter for JSON Web Proofs work
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Oct 2022 18:53:34 -0000

1. Yes, I support the charter text.
2. Yes, I am willing to participate in the development of the WG drafts.
3. Yes, I am willing to review charter drafts.
4. Yes, I am willing to work on implementations--we have resourcing
available for this later in the quarter.

On Mon, Oct 17, 2022 at 6:45 PM Karen O'Donoghue <odonoghue=
40isoc.org@dmarc.ietf.org> wrote:

> Everyone...
>
> On 12 October 2022, we held the second BoF for JSON Web Proofs proposed
> work [1] as a follow-on to the BoF held at IETF 114 [2].
>
> We had a robust discussion on problem to be solved and the proposed scope
> of work. A draft charter was previously circulated on the mailing list and
> discussed during the meeting. Polling of the BoF participants showed a
> strong consensus on understanding of the problem and interest to solve it
> in the IETF.  There was also critical mass of energy to do this work. There
> was some feedback on the charter along with consensus to reuse the JOSE
> mailing list.
>
> The charter was updated based on the feedback from the BoF and is
> available here and included below:
>
> https://github.com/json-web-proofs/json-web-proofs/blob/main/charter-ietf-jose-03.md
>
> Now with a revised charter available, we'd like to continue this BoF
> conversion with an email thread to gauge interest to forming a WG to ensure
> we also capture views from those who were unable to attend the BoF or those
> who want to reiterate their positions.  Please respond to the list:
>
> (1) Do you support the charter text? Or do you have objections or blocking
> concerns (please describe what they might be)?
>
> If you do support the charter text:
> (2) Are you willing to author or participate in the developed of the WG
> drafts?
> (3) Are you willing to review the WG drafts?
> (4) Are you interested in implementing the WG drafts?
>
> If you previously spoke of at the BoF, you are welcome to repeat yourself
> here.
>
> If you have been following along on the mailing list, the charter text
> below is the one that was being polished in GitHub (
> https://github.com/json-web-proofs/json-web-proofs/blob/main/charter-ietf-jose-03.md).
>
>
> This call for feedback will end on Monday, 24 October 2022.
>
> Thanks,
> Karen and John
>
> [1]
> https://datatracker.ietf.org/meeting/interim-2022-jwp-01/materials/minutes-interim-2022-jwp-01-202210121300-00
> [2] https://notes.ietf.org/notes-ietf-114-jwp#
> [3]
> https://github.com/json-web-proofs/json-web-proofs/blob/main/charter-ietf-jose-03.md
>
> *Draft Charter:*
>
> The original JSON Object Signing and Encryption (JOSE) working group
> <https://datatracker.ietf.org/doc/charter-ietf-jose/02/> standardized
> JSON-based representations for:
>
>    - Integrity-protected objects – JSON Web Signatures (JWS) [RFC 7515
>    <https://www.rfc-editor.org/rfc/rfc7515.html>]
>    - Encrypted objects – JSON Web Encryption (JWE) [RFC 7516
>    <https://www.rfc-editor.org/rfc/rfc7516.html>]
>    - Key representations – JSON Web Key (JWK) [RFC 7517
>    <https://www.rfc-editor.org/rfc/rfc7517.html>]
>    - Algorithm definitions – JSON Web Algorithms (JWA) [RFC 7518
>    <https://www.rfc-editor.org/rfc/rfc7518.html>]
>    - Test vectors for the above – Examples of Protecting Content Using
>    JSON Object Signing and Encryption [RFC 7520
>    <https://www.rfc-editor.org/rfc/rfc7520.html>]
>
> These were used to define the JSON Web Token (JWT) [RFC 7519
> <https://www.rfc-editor.org/rfc/rfc7519.html>], which in turn, has seen
> widespread deployment in areas as diverse as digital identity
> <https://openid.net/connect/> and secure telephony
> <https://www.ietf.org/blog/stir-action/>.
>
> Concurrent to the growth of adoption of these standards to express and
> communicate sensitive data has been an increasing societal focus on
> privacy. Common privacy themes in identity solutions are user consent,
> minimal disclosure, and unlinkability.
>
> A multi-decade research activity for a sizeable academic and applied
> cryptography community, often referred to as anonymous credentials, targets
> privacy and knowledge protection. Some of the cryptographic techniques
> developed in this space involve pairing-friendly curves and zero-knowledge
> proofs (ZKPs) (to name just a few). Some of the benefits of zero-knowledge
> proof algorithms include unlinkability, selective disclosure, and the
> ability to use predicate proofs.
>
> The current container formats defined by JOSE and JWT are not able to
> represent data using zero-knowledge proof algorithms. Among the reasons are
> that most require an additional transform or finalize step, many are
> designed to operate on sets and not single messages, and the interface to
> ZKP algorithms has more inputs than conventional signing algorithms. The
> reconstituted JSON Object Signing and Encryption (JOSE) working group will
> address these new needs, while reusing aspects of JOSE and JWT, where
> applicable.
>
> This group is chartered to work on the following deliverables:
>
>    -
>
>    An Informational document detailing Use Cases and Requirements for new
>    specifications enabling JSON-based selective disclosure and zero-knowledge
>    proofs.
>    -
>
>    Standards Track document(s) specifying representation(s) of
>    independently-disclosable integrity-protected sets of data and/or proofs
>    using JSON-based data structures, which also aims to prevent the ability to
>    correlate by different verifiers.
>    -
>
>    Standards Track document(s) specifying representation(s) of JSON-based
>    claims and/or proofs enabling selective disclosure of these claims and/or
>    proofs, and that also aims to prevent the ability to correlate by different
>    verifiers.
>    -
>
>    Standards Track document(s) specifying how to use existing
>    cryptographic algorithms and defining their algorithm identifiers. The
>    working group will not invent new cryptographic algorithms.
>    -
>
>    Standards Track document(s) specifying how to represent keys for these
>    new algorithms as JSON Web Keys (JWKs).
>    -
>
>    An Informational document defining test vectors for these new
>    specifications.
>    -
>
>    Standards Track document(s) defining CBOR-based representations
>    corresponding to all the above, building upon the COSE and CWT
>    specifications in the same way that the above build on JOSE and JWT.
>
> One or more of these goals may be combined into a single document, in
> which case the concrete milestones for these goals will be satisfied by the
> consolidated document(s).
>
> An informal goal of the working group is close coordination with the rechartered
> W3C Verifiable Credentials WG
> <https://www.w3.org/2022/05/proposed-vc-wg-charter.html>, which has taken
> a dependency on this work for the second version of its Verifiable
> Credentials specification. The working group will also coordinate with the Selective
> Disclosure JWT
> <https://datatracker.ietf.org/doc/draft-ietf-oauth-selective-disclosure-jwt/>
> work in the OAuth working group, the Privacy Pass
> <https://datatracker.ietf.org/doc/charter-ietf-privacypass/> working
> group, and the CFRG.
>
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
>

v2.23.0 | Report a Bug | By Email