5B/ JSON Eb Proofs (JWP’s) What, Why and How
Session Topic/Title: JSON Web Proofs (JWP)
Session Convener: David Waite (DW), Michael B. Jones
Notes-taker(s): Michael B. Jones
Tags / links to resources / technology discussed, related to this session:
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
DW explained the representation format
- Payloads separated by ~ characters
- Claims ordered based on issuer metadata
Two kinds of use cases
- Ongoing relationship with issuer
- No ongoing relationship with issuer
There are two kinds of JWPs
- Single use JWPs, which enable correlation if used multiple times
- Can use standard cryptography, such as ECDSA signatures with P-256
- Multiple use JWPs
- Use pairing-friendly curves to prevent correlation with multipe uses
Question about differences between "proofs" and "signatures"
Brent Zundel said that a signature is a kind of proof but some proofs are not signatures
- You can prove knowledge of the signature itself
- For instance CL proofs
Tobias Looker described receiving something in an issued form and adding a presentation header
- JWPs issued to the holder are augmented with a presentation header for presentation to a verifier
The same issuer and signature algorithm are used for all payloads
- Attendees said that anoncreds can be used to combine multiple tokens from different issuers
Examples in the spec
- Single-use JWT using ECDSA with P-256
- BBS signatures
GitHub Shortcut
https://jwp.tools
Three specifications
- JSON Web Proof: https://json-web-proofs.github.io/json-web-proofs/examples_tooling/draft-jmiller-json-web-proof.html
- JSON Proof Token: https://json-web-proofs.github.io/json-web-proofs/examples_tooling/draft-jmiller-json-proof-token.html
- JSON Proof Algorithms: https://json-web-proofs.github.io/json-web-proofs/draft-jmiller-json-proof-algorithms.html
Tobias discussed link secrets
- He said their usefulness depends upon what you're trying to solve
Standards Status
- Currently in DIF Crypto WG
- Plan to take it to the IETF this year
- Will probably need a new working group
A goal is clear separation of the security and application layers