Re: [jose] Consensus call on charter for JSON Web Proofs work
Wayne Chang <wayne@spruceid.com> Tue, 18 October 2022 18:53 UTC
Return-Path: <wayne@spruceid.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C822CC152569 for <jose@ietfa.amsl.com>; Tue, 18 Oct 2022 11:53:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=spruceid.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nPFUxHthv6Hn for <jose@ietfa.amsl.com>; Tue, 18 Oct 2022 11:53:30 -0700 (PDT)
Received: from mail-oi1-x231.google.com (mail-oi1-x231.google.com [IPv6:2607:f8b0:4864:20::231]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 945B7C152566 for <jose@ietf.org>; Tue, 18 Oct 2022 11:53:30 -0700 (PDT)
Received: by mail-oi1-x231.google.com with SMTP id j188so16619537oih.4 for <jose@ietf.org>; Tue, 18 Oct 2022 11:53:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=spruceid.com; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=yCHVwoOfEd8OegbvILQaO3rlwbE5C2YEuSpZ+lL1Wi0=; b=iq2SdVtPTPvDEAS0ogOXr0a9rBuZ+L/O42LH1rf2kt88K3zHxB4vhh5lxDujlnR7QY pJz0EXmLdAEMOdnBFHVgoUaKkkyUn/vr5T0S6DfbhugCZ+FRbMmqfbX9sI9cAAeniUep OVhD8AhAPPK9NbKC/zupB+ga3d1o4RAEO0n7NsLu+cSqHtC8nw/Ce+tNQg0pmsDhTVVL rueCaZ4bylKHcbtBl6jn+PT0S8xfEEgixzA5prYBQfPQlR6tIZ/3ck0UvOqk4x57yB7v kV/RkdAaV6iIrwe9qQfouDABRqYO1GuXse/wmbKXRRYX8wTBwg0aH3d1v1U5brvqWXfb /lIg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=yCHVwoOfEd8OegbvILQaO3rlwbE5C2YEuSpZ+lL1Wi0=; b=YvnUby8khM3EGEuuj8l/7EmWNL3OG0VfDf3FZLJ3czKzT1Z4KXCgXhyhmOian+FgCA xUDyfzBVK2TBq8Xj+d6nEuS3MpXU0in4XuKeO28IffpPhpt6LbMs2MNF0GOhpdFu0Yia jKb7efr8MQ8D9VALZjLIrJacEWmUI1LlDTZ1dcqk1QQxxQksbBxqZkIhF2u3xLoEtA0o 7gV3RPZIfa4V/21iw1e877WFsRJAnnOfTa4/JeNB0s/tCKMldBxvkZQnm8uCMk8kcD1M CHMs4PMKW8jkpWTB7C4Eh6J1qMV7Rq4I/uy+UB+59Dad69UvgSbjsPI5x40CIRiiWBWR DpJw==
X-Gm-Message-State: ACrzQf2/anDqWPgxNqRQQwdpN+ilY9fhZ+0HrkCVQSKiGxgZMJmjAxUz 6xxZatsBrpO9RTeJRHU8ZyLG/jtfNsPE0y7Kkaq5ai/WVB6eSA==
X-Google-Smtp-Source: AMsMyM54ZjehDRmOc6l1tDakdL7ly9Jq+Jx2ZY+FB16x2wC5Js/iWVgpC4OegwVzjEqaawONeGYRgLc6tda7VNwH2g4=
X-Received: by 2002:aca:3d55:0:b0:355:1ced:909f with SMTP id k82-20020aca3d55000000b003551ced909fmr10052960oia.60.1666119208247; Tue, 18 Oct 2022 11:53:28 -0700 (PDT)
MIME-Version: 1.0
References: <PH0PR06MB7061B875E484777060C5F06EC2289@PH0PR06MB7061.namprd06.prod.outlook.com>
In-Reply-To: <PH0PR06MB7061B875E484777060C5F06EC2289@PH0PR06MB7061.namprd06.prod.outlook.com>
From: Wayne Chang <wayne@spruceid.com>
Date: Tue, 18 Oct 2022 11:53:12 -0700
Message-ID: <CAFTzAXjzrJ7yqfeAkSt0-HrZ6veL_Umn+NSzu8Xxh77q6s85AA@mail.gmail.com>
To: Karen O'Donoghue <odonoghue=40isoc.org@dmarc.ietf.org>
Cc: "jose@ietf.org" <jose@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008fbdb405eb539b9e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/uRewvIWQpRlxIKRvm_WmPKqJeNo>
Subject: Re: [jose] Consensus call on charter for JSON Web Proofs work
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Oct 2022 18:53:34 -0000
1. Yes, I support the charter text. 2. Yes, I am willing to participate in the development of the WG drafts. 3. Yes, I am willing to review charter drafts. 4. Yes, I am willing to work on implementations--we have resourcing available for this later in the quarter. On Mon, Oct 17, 2022 at 6:45 PM Karen O'Donoghue <odonoghue= 40isoc.org@dmarc.ietf.org> wrote: > Everyone... > > On 12 October 2022, we held the second BoF for JSON Web Proofs proposed > work [1] as a follow-on to the BoF held at IETF 114 [2]. > > We had a robust discussion on problem to be solved and the proposed scope > of work. A draft charter was previously circulated on the mailing list and > discussed during the meeting. Polling of the BoF participants showed a > strong consensus on understanding of the problem and interest to solve it > in the IETF. There was also critical mass of energy to do this work. There > was some feedback on the charter along with consensus to reuse the JOSE > mailing list. > > The charter was updated based on the feedback from the BoF and is > available here and included below: > > https://github.com/json-web-proofs/json-web-proofs/blob/main/charter-ietf-jose-03.md > > Now with a revised charter available, we'd like to continue this BoF > conversion with an email thread to gauge interest to forming a WG to ensure > we also capture views from those who were unable to attend the BoF or those > who want to reiterate their positions. Please respond to the list: > > (1) Do you support the charter text? Or do you have objections or blocking > concerns (please describe what they might be)? > > If you do support the charter text: > (2) Are you willing to author or participate in the developed of the WG > drafts? > (3) Are you willing to review the WG drafts? > (4) Are you interested in implementing the WG drafts? > > If you previously spoke of at the BoF, you are welcome to repeat yourself > here. > > If you have been following along on the mailing list, the charter text > below is the one that was being polished in GitHub ( > https://github.com/json-web-proofs/json-web-proofs/blob/main/charter-ietf-jose-03.md). > > > This call for feedback will end on Monday, 24 October 2022. > > Thanks, > Karen and John > > [1] > https://datatracker.ietf.org/meeting/interim-2022-jwp-01/materials/minutes-interim-2022-jwp-01-202210121300-00 > [2] https://notes.ietf.org/notes-ietf-114-jwp# > [3] > https://github.com/json-web-proofs/json-web-proofs/blob/main/charter-ietf-jose-03.md > > *Draft Charter:* > > The original JSON Object Signing and Encryption (JOSE) working group > <https://datatracker.ietf.org/doc/charter-ietf-jose/02/> standardized > JSON-based representations for: > > - Integrity-protected objects – JSON Web Signatures (JWS) [RFC 7515 > <https://www.rfc-editor.org/rfc/rfc7515.html>] > - Encrypted objects – JSON Web Encryption (JWE) [RFC 7516 > <https://www.rfc-editor.org/rfc/rfc7516.html>] > - Key representations – JSON Web Key (JWK) [RFC 7517 > <https://www.rfc-editor.org/rfc/rfc7517.html>] > - Algorithm definitions – JSON Web Algorithms (JWA) [RFC 7518 > <https://www.rfc-editor.org/rfc/rfc7518.html>] > - Test vectors for the above – Examples of Protecting Content Using > JSON Object Signing and Encryption [RFC 7520 > <https://www.rfc-editor.org/rfc/rfc7520.html>] > > These were used to define the JSON Web Token (JWT) [RFC 7519 > <https://www.rfc-editor.org/rfc/rfc7519.html>], which in turn, has seen > widespread deployment in areas as diverse as digital identity > <https://openid.net/connect/> and secure telephony > <https://www.ietf.org/blog/stir-action/>. > > Concurrent to the growth of adoption of these standards to express and > communicate sensitive data has been an increasing societal focus on > privacy. Common privacy themes in identity solutions are user consent, > minimal disclosure, and unlinkability. > > A multi-decade research activity for a sizeable academic and applied > cryptography community, often referred to as anonymous credentials, targets > privacy and knowledge protection. Some of the cryptographic techniques > developed in this space involve pairing-friendly curves and zero-knowledge > proofs (ZKPs) (to name just a few). Some of the benefits of zero-knowledge > proof algorithms include unlinkability, selective disclosure, and the > ability to use predicate proofs. > > The current container formats defined by JOSE and JWT are not able to > represent data using zero-knowledge proof algorithms. Among the reasons are > that most require an additional transform or finalize step, many are > designed to operate on sets and not single messages, and the interface to > ZKP algorithms has more inputs than conventional signing algorithms. The > reconstituted JSON Object Signing and Encryption (JOSE) working group will > address these new needs, while reusing aspects of JOSE and JWT, where > applicable. > > This group is chartered to work on the following deliverables: > > - > > An Informational document detailing Use Cases and Requirements for new > specifications enabling JSON-based selective disclosure and zero-knowledge > proofs. > - > > Standards Track document(s) specifying representation(s) of > independently-disclosable integrity-protected sets of data and/or proofs > using JSON-based data structures, which also aims to prevent the ability to > correlate by different verifiers. > - > > Standards Track document(s) specifying representation(s) of JSON-based > claims and/or proofs enabling selective disclosure of these claims and/or > proofs, and that also aims to prevent the ability to correlate by different > verifiers. > - > > Standards Track document(s) specifying how to use existing > cryptographic algorithms and defining their algorithm identifiers. The > working group will not invent new cryptographic algorithms. > - > > Standards Track document(s) specifying how to represent keys for these > new algorithms as JSON Web Keys (JWKs). > - > > An Informational document defining test vectors for these new > specifications. > - > > Standards Track document(s) defining CBOR-based representations > corresponding to all the above, building upon the COSE and CWT > specifications in the same way that the above build on JOSE and JWT. > > One or more of these goals may be combined into a single document, in > which case the concrete milestones for these goals will be satisfied by the > consolidated document(s). > > An informal goal of the working group is close coordination with the rechartered > W3C Verifiable Credentials WG > <https://www.w3.org/2022/05/proposed-vc-wg-charter.html>, which has taken > a dependency on this work for the second version of its Verifiable > Credentials specification. The working group will also coordinate with the Selective > Disclosure JWT > <https://datatracker.ietf.org/doc/draft-ietf-oauth-selective-disclosure-jwt/> > work in the OAuth working group, the Privacy Pass > <https://datatracker.ietf.org/doc/charter-ietf-privacypass/> working > group, and the CFRG. > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose >
- [jose] Consensus call on charter for JSON Web Pro… Karen O'Donoghue
- Re: [jose] Consensus call on charter for JSON Web… Jeremie Miller
- Re: [jose] Consensus call on charter for JSON Web… Mike Jones
- Re: [jose] Consensus call on charter for JSON Web… Tobias Looker
- Re: [jose] Consensus call on charter for JSON Web… Kushal Das
- Re: [jose] Consensus call on charter for JSON Web… Mike Prorock
- Re: [jose] Consensus call on charter for JSON Web… Giuseppe De Marco
- Re: [jose] Consensus call on charter for JSON Web… Christian Paquin
- Re: [jose] Consensus call on charter for JSON Web… Zundel, Brent
- Re: [jose] Consensus call on charter for JSON Web… Wayne Chang
- Re: [jose] Consensus call on charter for JSON Web… Pieter Kasselman
- Re: [jose] Consensus call on charter for JSON Web… Orie Steele
- Re: [jose] Consensus call on charter for JSON Web… David Waite
- Re: [jose] Consensus call on charter for JSON Web… Nat Sakimura
- Re: [jose] Consensus call on charter for JSON Web… Srinath Setty
- Re: [jose] Consensus call on charter for JSON Web… Roman Danyliw