Re: [OAUTH-WG] Request to add a profile parameter to +jwt and +sd-jwt
Orie Steele <orie@transmute.industries> Mon, 27 November 2023 15:00 UTC
Return-Path: <orie@transmute.industries>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18439C151092 for <oauth@ietfa.amsl.com>; Mon, 27 Nov 2023 07:00:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=transmute.industries
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LvckagjjRKcT for <oauth@ietfa.amsl.com>; Mon, 27 Nov 2023 07:00:28 -0800 (PST)
Received: from mail-pl1-x62a.google.com (mail-pl1-x62a.google.com [IPv6:2607:f8b0:4864:20::62a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 79C02C15108F for <oauth@ietf.org>; Mon, 27 Nov 2023 07:00:28 -0800 (PST)
Received: by mail-pl1-x62a.google.com with SMTP id d9443c01a7336-1ce28faa92dso31705785ad.2 for <oauth@ietf.org>; Mon, 27 Nov 2023 07:00:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transmute.industries; s=google; t=1701097227; x=1701702027; darn=ietf.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=OApB7e1oeG9u+4As5KMxrB1gsU/uIq9sr3YPZVdMtwE=; b=jBNCsqMMq/ZyknJRX852Bm0XkvNWdboZd1ukcfaE8KssskQ6aPTZRrKfNQrRkVU3iS K9i0hLRVwp3agERYL8vTPfrBb1/3HCx3509Bb1PZiitnukuz+KErzo4fx4GdBRdVJvlr 5dNowp+pvkAyKt4Exb4afGe2b5p4CnPJoMDWtZ62cCibp+Y5N/tc/5sILexHWV2yPXh7 3l+Hh+ZJ1ladVqNPF6DRLODDZbIQ4jF/nA0jpmFQjhEF4O0UvZYTxzC61+LQawIn8Ydg lUdX17Tt5f9UP5GpqUQMrVH110+ltZSdF/RMJIZGeOoStrfHnZLiqk4mHO83DqhCEYlO U/IA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701097227; x=1701702027; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=OApB7e1oeG9u+4As5KMxrB1gsU/uIq9sr3YPZVdMtwE=; b=kiaXvvgxN3omnt7R2FTTE1XfArM1okBaVS+0ntckBAN4h2OzypxkW6l0D0GZ45Pz6D y/tVplwFxj/8G35CqXb0PdUOeBfjJafuEwfcpWhL+CKPLiLjkqTK0LFd7Th3b5Q1oLBl q918mYRRDjjMMa81O4CbkUPYBcQpwKr7XfQAq7KSE28Rus1BjD24RnhM95+Vz9M4isIV 7hrDg+Yt1icatuwpeL3+UDko8GH8DlQUI5N8PZ9Dk3Sk60yj90qrhKHlzAC/FLymU6bZ yrgVOr8SUioz0FvHscNoqX7KIPl2sBmcLFjuirBW/IXTdk/mY6eKCfFcJNHSHLpknsjd J/fQ==
X-Gm-Message-State: AOJu0YxZYAgQXSowTqx/lo5j1VkkTtotygkbdqYPTySw0X5qqrcjDRN/ IiaEjD+N4a4lbcCSlEuoY+76sur9rTFeDsXbeftfLb0gzBFZ4mrXgS8=
X-Google-Smtp-Source: AGHT+IGsc/mLVxztL5A7IPQFNtsMhlaWWbkzaRzIQ36EwqrHXADmLFpHwjNv910UnBH/nZknpMKKU/R9KwcUQJIpq+o=
X-Received: by 2002:a17:90a:1dd:b0:285:9940:1bac with SMTP id 29-20020a17090a01dd00b0028599401bacmr9627423pjd.2.1701097227030; Mon, 27 Nov 2023 07:00:27 -0800 (PST)
MIME-Version: 1.0
References: <CAN8C-_JCOnf4ifGMxOaLugEoXMdphb0fcTRTa2YmSqwo5DjVhA@mail.gmail.com>
In-Reply-To: <CAN8C-_JCOnf4ifGMxOaLugEoXMdphb0fcTRTa2YmSqwo5DjVhA@mail.gmail.com>
From: Orie Steele <orie@transmute.industries>
Date: Mon, 27 Nov 2023 09:00:16 -0600
Message-ID: <CAN8C-_JHf_os0qfgV+ZKo7pOwY4hWcCzNCtaTnFCddD0o2PMRw@mail.gmail.com>
To: oauth <oauth@ietf.org>, IETF Media Types <media-types@ietf.org>, W3C VC Working Group <public-vc-wg@w3.org>
Content-Type: multipart/alternative; boundary="000000000000f22db0060b238f2c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/BkMuRmt6zExtr1TdsxX37pZtyfY>
Subject: Re: [OAUTH-WG] Request to add a profile parameter to +jwt and +sd-jwt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Nov 2023 15:00:32 -0000
An afterthought... we could also punt on the impact of multiple suffixes by following the convention activity pub used: https://www.w3.org/TR/activitystreams-core/#media-type application/ld+json; profile="https://www.w3.org/ns/activitystreams" For W3C Verifiable Credentials that could be: application/ld+json; profile="https://www.w3.org/ns/credentials" Noting that W3C already supports https://www.w3.org/ns/credentials/v2 Regards, OS On Mon, Nov 27, 2023 at 8:55 AM Orie Steele <orie@transmute.industries> wrote: > Hello, > > There was a request to add media type parameters to application/sd-jwt > and +sd-jwt made here: > > https://github.com/w3c/vc-jose-cose/issues/184#issuecomment-1827973403 > > TLDR; TallTed believes that the convention in the JWT BCP is not correct: > > https://datatracker.ietf.org/doc/html/rfc8725#name-use-explicit-typing > > So instead of seeing: > > application/secevent+jwt > > We should be seeing: > > application/jwt; profile=secevent > > This is a general form of the challenges associated with using multiple > structured suffixes with JWTs. > > See these related drafts: > > - > https://datatracker.ietf.org/doc/html/draft-ietf-oauth-selective-disclosure-jwt-06#name-structured-syntax-suffix-re > - > https://datatracker.ietf.org/doc/html/draft-ietf-mediaman-suffixes-06#section-2.3 > > Note that the change controller for `application/vc+...` would be the W3C > per the latest draft language in draft-ietf-mediaman-suffixes-06. > > The W3C could then reject any attempts to register > `application/vc+ld+json+sd-jwt` or `application/vc+sd-jwt` or > `application/vc+jwp` in the future. > > If instead we used a meda type parameter to signal profiles... instead of > suffixes, the change controller rules from multiple suffixes would not > apply. > > Regards, > > OS > > > -- > > > ORIE STEELE > Chief Technology Officer > www.transmute.industries > > <https://transmute.industries> > -- ORIE STEELE Chief Technology Officer www.transmute.industries <https://transmute.industries>
- [OAUTH-WG] Request to add a profile parameter to … Orie Steele
- Re: [OAUTH-WG] Request to add a profile parameter… Orie Steele
- Re: [OAUTH-WG] Request to add a profile parameter… Orie Steele
- Re: [OAUTH-WG] Request to add a profile parameter… Carsten Bormann
- Re: [OAUTH-WG] Request to add a profile parameter… Michael Jones
- Re: [OAUTH-WG] Request to add a profile parameter… Tom Jones
- Re: [OAUTH-WG] Request to add a profile parameter… David Waite
- Re: [OAUTH-WG] Request to add a profile parameter… Tom Jones
- Re: [OAUTH-WG] Request to add a profile parameter… Denis
- [OAUTH-WG] About interoperability between indepen… Denis