From b6c8bb08033fb7a6b516fc7e1f1b52fff284cc1f Mon Sep 17 00:00:00 2001 From: David Chadwick Date: Wed, 6 Oct 2021 21:49:18 +0100 Subject: [PATCH 1/7] Update index.html --- index.html | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/index.html b/index.html index 77377a0fc..e70514587 100644 --- a/index.html +++ b/index.html @@ -3452,7 +3452,7 @@

Relation to the Verifiable Credentials Data Model

header parameter names to allow systems based on JWT to comply with this specification. If these specific claim names and header parameters are present, their respective counterpart in the standard -verifiable credential and verifiable presentation MAY be omitted +verifiable credential and verifiable presentation SHOULD be omitted to avoid duplication.

@@ -3471,12 +3471,12 @@

JSON Web Token Extensions

  • vc: JSON object, which MUST be present in a JWT verifiable credential. The object contains the -verifiable credential according to this specification. +credential according to this specification.
  • vp: JSON object, which MUST be present in a JWT verifiable presentation. The object contains the -verifiable presentation according to this specification. +presentation according to this specification.
    • @@ -3506,7 +3506,7 @@
    JWT Encoding

    If no explicit rule is specified, properties are encoded in the same way -as with a standard verifiable credential, and are added to the +as with a standard credential, and are added to the vc claim of the JWT. As with all JWTs, the JWS-based signature of a verifiable credential represented in the JWT syntax is calculated against the literal JWT string value as presented across the wire, @@ -3515,10 +3515,10 @@

    JWT Encoding

    -If a JWS is present, the digital signature either refers to the issuer +If a JWS is present, the digital signature refers to either the issuer of the verifiable credential, or in the case of a -verifiable presentation, the holder of the -verifiable credential. The JWS proves that the issuer of the JWT +verifiable presentation, to the holder of the +verifiable credential. The JWS proves that the iss of the JWT signed the contained JWT payload and therefore, the proof property can be omitted.

    @@ -3557,7 +3557,7 @@
    JWT Encoding

    For backward compatibility with JWT processors, the following JWT-registered -claim names MUST be used instead of, or in addition to, their respective +claim names MUST be used instead of their respective standard verifiable credential counterparts:

    @@ -3581,7 +3581,8 @@
    JWT Encoding
  • sub MUST represent the id property contained -in the verifiable credential subject. +in the credentialSubject. +Note. In the case of bearer credentials and presentations, sub will be absent.
  • aud MUST represent (i.e., identify) the intended audience @@ -3631,7 +3632,7 @@
    JWT Encoding
    JWT Decoding

    -To decode a JWT to a standard verifiable credential, the following +To decode a JWT to a standard credential or presentation, the following transformation MUST be performed:

    @@ -3640,11 +3641,11 @@
    JWT Decoding
    Create a JSON object.
  • -Add the content from the vc claim to the new JSON object. +Add the content from the vc or vp claim to the new JSON object.
  • Transform the remaining JWT specific headers and claims, and add the -results to the new JSON object. +results to the new credential or presentation JSON object.
    • @@ -3657,13 +3658,12 @@
    JWT Decoding
  • If exp is present, the UNIX timestamp MUST be converted to an [[!RFC3339]] date-time, and MUST be used to set the value -of the expirationDate property of -credentialSubject of the new JSON object. +of the expirationDate property of the new JSON object.
  • If iss is present, the value MUST be used to set the -issuer property of the new verifiable credential JSON object - or the holder property of the new verifiable presentation JSON object. +issuer property of the new credential JSON object + or the holder property of the new presentation JSON object.
  • If nbf is present, the UNIX timestamp MUST be converted to an @@ -3672,7 +3672,7 @@
    JWT Decoding
  • If sub is present, the value MUST be used to set the value of the -id property of credentialSubject of the new +id property of credentialSubject of the new credential JSON object.
  • From 1e877b71adf67792b2c9adc4dc860d3adbcef5f0 Mon Sep 17 00:00:00 2001 From: Ted Thibodeau Jr Date: Thu, 7 Oct 2021 10:48:58 -0400 Subject: [PATCH 2/7] Update index.html - improved wording --- index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.html b/index.html index e70514587..e7481cd16 100644 --- a/index.html +++ b/index.html @@ -3515,7 +3515,7 @@
    JWT Encoding

    -If a JWS is present, the digital signature refers to either the issuer +If a JWS is present, the digital signature refers either to the issuer of the verifiable credential, or in the case of a verifiable presentation, to the holder of the verifiable credential. The JWS proves that the iss of the JWT From 9b74b453d265cedd926812212444b2be67d11041 Mon Sep 17 00:00:00 2001 From: David Chadwick Date: Wed, 27 Oct 2021 21:40:54 +0100 Subject: [PATCH 3/7] Update index.html --- index.html | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/index.html b/index.html index e7481cd16..6a8e16575 100644 --- a/index.html +++ b/index.html @@ -3518,7 +3518,7 @@

    JWT Encoding
    If a JWS is present, the digital signature refers either to the issuer of the verifiable credential, or in the case of a verifiable presentation, to the holder of the -verifiable credential. The JWS proves that the iss of the JWT +verifiable credential. The JWS proves that the iss of the JWT signed the contained JWT payload and therefore, the proof property can be omitted.

    @@ -3704,7 +3704,6 @@
    JWT Decoding
    "nbf": 1541493724, "iat": 1541493724, "exp": 1573029723, - "nonce": "660!6345FSer", "vc": { "@context": [ "https://www.w3.org/2018/credentials/v1", @@ -3770,7 +3769,6 @@
    JWT Decoding
    "nbf": 1541493724, "iat": 1541493724, "exp": 1573029723, - "nonce": "343s$FSFDa-", "vp": { "@context": [ "https://www.w3.org/2018/credentials/v1", From 4474a31efe290a9b4f5e14da33310d3add34774e Mon Sep 17 00:00:00 2001 From: David Chadwick Date: Mon, 15 Nov 2021 16:21:58 +0000 Subject: [PATCH 4/7] Updated Nonces Changed SHOULD back to MAY and added a note to describe the nonces that have been added --- index.html | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/index.html b/index.html index 6a8e16575..94d2161c4 100644 --- a/index.html +++ b/index.html @@ -3452,7 +3452,7 @@

    Relation to the Verifiable Credentials Data Model

    header parameter names to allow systems based on JWT to comply with this specification. If these specific claim names and header parameters are present, their respective counterpart in the standard -verifiable credential and verifiable presentation SHOULD be omitted +verifiable credential and verifiable presentation MAY be omitted to avoid duplication.

    @@ -3704,6 +3704,7 @@
    JWT Decoding
    "nbf": 1541493724, "iat": 1541493724, "exp": 1573029723, + "nonce": "660!6345FSer", "vc": { "@context": [ "https://www.w3.org/2018/credentials/v1", @@ -3725,7 +3726,7 @@
    JWT Decoding
    property because the JWT encoding uses the jti attribute to represent a unique identifier. The sub attribute encodes the information represented by the id property of -credentialSubject. +credentialSubject. The nonce has been added to stop a replay attack. 

    @@ -3769,6 +3770,7 @@ 
    JWT Decoding
    
   "nbf": 1541493724,
   "iat": 1541493724,
   "exp": 1573029723,
+  "nonce": "343s$FSFDa-",
   "vp": {
     "@context": [
       "https://www.w3.org/2018/credentials/v1",
@@ -3786,7 +3788,7 @@ 
    JWT Decoding
    
 property because the JWT encoding uses the jti
 attribute to represent a unique identifier. verifiableCredential
 contains a string array of verifiable credentials using
-JWT compact serialization.
+JWT compact serialization. The nonce has been added to stop a replay attack.
             
    
 
             
    
From 0b066bb523c47bf53308a97f3abd199afc3a0410 Mon Sep 17 00:00:00 2001
From: David Chadwick 
Date: Mon, 15 Nov 2021 17:06:18 +0000
Subject: [PATCH 5/7] fixing merge conflicts

Fixing merge conflicts
---
 index.html | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/index.html b/index.html
index 94d2161c4..65fdac5a5 100644
--- a/index.html
+++ b/index.html
@@ -3556,7 +3556,7 @@ 
    JWT Encoding
    
             
 
             
    
-For backward compatibility with JWT processors, the following JWT-registered
+For backward compatibility with JWT processors, the following registered JWT
 claim names MUST be used instead of their respective
 standard verifiable credential counterparts:
             
    
@@ -3656,8 +3656,9 @@ 
    JWT Decoding
    
 
             
      
               
    • 
-If exp is present, the UNIX timestamp MUST be converted to an
-[[!RFC3339]] date-time, and MUST be used to set the value
+If exp is present, the UNIX timestamp MUST be converted to an [XMLSCHEMA11-2] date-time, 
+and MUST be used to set the value
 of the expirationDate property of the new JSON object.
               
      • 
               
    • 

From 6bc9b2e95c76700853a6fa5c32edf33a34ea77e3 Mon Sep 17 00:00:00 2001
From: David Chadwick 
Date: Wed, 17 Nov 2021 21:10:05 +0000
Subject: [PATCH 6/7] Adding back "in addition to"

---
 index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.html b/index.html
index 0259257ec..a5e0b7937 100644
--- a/index.html
+++ b/index.html
@@ -3576,7 +3576,7 @@ 
      JWT Encoding
      
 
             
      
 For backward compatibility with JWT processors, the following registered JWT
-claim names MUST be used instead of their respective standard 
+claim names MUST be used instead of, or in addition to, their respective standard 
 verifiable credential counterparts:
             
      
 

From 1669a1422456b7fd3ba2151b8596e95e395398ff Mon Sep 17 00:00:00 2001
From: Manu Sporny 
Date: Sat, 20 Nov 2021 15:54:04 -0500
Subject: [PATCH 7/7] Use Note format for notes.

Co-authored-by: Ted Thibodeau Jr 
---
 index.html | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/index.html b/index.html
index a5e0b7937..e86197c47 100644
--- a/index.html
+++ b/index.html
@@ -3601,7 +3601,8 @@ 
      JWT Encoding
      
               
    • 
 sub MUST represent the id property contained
 in the credentialSubject.
-Note. In the case of bearer credentials and presentations, sub will be absent.
+
      In bearer credentials and presentations,
+sub will not be present.
      
               
      • 
               
    • 
 aud MUST represent (i.e., identify) the intended audience