index.html

<!DOCTYPE html>
<html lang="en">

<head>
  <meta charset="utf-8" />
  <title>Securing Verifiable Credentials using JOSE and COSE</title>
  <script src="https://www.w3.org/Tools/respec/respec-w3c" class="remove"></script>
  <script class="remove"
    src="https://cdn.jsdelivr.net/gh/transmute-industries/respec-vc-jwt@0.0.12/dist/main.js"></script>
  <script class="remove">
    // See https://github.com/w3c/respec/wiki/ for how to configure
    // ReSpec
    var respecConfig = {
      group: "vc",

      // specification status (e.g., WD, NOTE, etc.). If in doubt use
      // ED.
      specStatus: "WD",
      
      // the specification's short name, as in
      // http://www.w3.org/TR/short-name/
      shortName: "vc-jose-cose",

      // if you wish the publication date to be other than today, set
      // this 
      publishDate: "2023-07-20",

      // implementationReportURI:
      // "https://w3c.github.io/vc-test-suite/implementations/", errata:
      // "https://w3c.github.io/vc-data-model/errata.html",
      // previousMaturity: "REC", previousPublishDate: "2019-11-19",

      // if there is a previously published draft, uncomment this and
      // set its YYYY-MM-DD date and its maturity status
      previousPublishDate:  "2023-07-10", 
      previousMaturity:  "WD",

      // extend the bibliography entries localBiblio: vcwg.localBiblio,
      doJsonLd: true,

      // Uncomment these to use the respec extension that generates a
      //   list of normative statements: preProcess: [], postProcess:
      //   [],

      github: "https://github.com/w3c/vc-jose-cose/",
      includePermalinks: false,

      // if there a publicly available Editor's Draft, this is the link
      edDraftURI: "https://w3c.github.io/vc-jose-cose/",

      // editors, add as many as you like only "name" is required
      editors: [
        {
          name: "Orie Steele",
          company: "Transmute",
          companyURL: "https://transmute.industries",
          w3cid: 109171,
        },
        {
          name: "Michael Jones",
          url: "https://self-issued.info/",
          company: "independent",
          w3cid: 38745,
        },
        {
          name: "Michael Prorock",
          company: "Mesur.io", companyURL: "https://mesur.io/",
          w3cid: 130636
        }
      ],
      // authors, add as many as you like. This is optional, uncomment
      // if you have authors as well as editors. only "name" is
      // required. Same format as editors.
      authors: [],

      maxTocLevel: 2,
      inlineCSS: true,
      postProcess: [window.respecVc.createVcExamples],
      license: "w3c-software-doc",
      xref: true,
      otherLinks: [{
        key: "Related Documents",
        data: [{
          value: "VC Data Model",
          href: "https://www.w3.org/TR/vc-data-model-2.0/"
        }, {
          value: "DID Core",
          href: "https://www.w3.org/TR/did-core/"
        }]
      }],
      localBiblio:  {
        "SD-JWT": {
          title:    "Selective Disclosure for JWTs (SD-JWT)",
          href:     "https://datatracker.ietf.org/doc/html/draft-ietf-oauth-selective-disclosure-jwt-05",
          authors:  [ "Daniel Fett" , "Kristina Yasuda" , "Brian Campbell"],
          status:   "Internet-Draft",
          publisher:  "IETF"
        },
        "SD-JWT-VC": {
          title:    "SD-JWT-based Verifiable Credentials (SD-JWT VC)",
          href:     "https://datatracker.ietf.org/doc/html/draft-ietf-oauth-sd-jwt-vc-00",
          authors:  [ "Oliver Terbu", "Daniel Fett" ],
          status:   "Internet-Draft",
          publisher:  "IETF"
        },
        "MULTIPLE-SUFFIXES": {
          title:    "Media Types with Multiple Suffixes",
          href:     "https://datatracker.ietf.org/doc/draft-ietf-mediaman-suffixes/",
          authors:  [ 	"Manu Sporny" , "Amy Guy" ],
          status:   "Internet-Draft",
          publisher:  "IETF"
        },
        "JOSE-REGISTRIES": {
          title:    "The JSON Object Signing and Encryption (JOSE) Registries",
          href:     "https://www.iana.org/assignments/jose",
          authors:  ["The Internet Assigned Numbers Authority"],
          status:   "REC",
          publisher:  "The Internet Assigned Numbers Authority"
        },
      }
    };
  </script>
</head>

<body>
  <section id="abstract">
    <p>
      This specification defines how to secure credentials and presentations
      conforming to the [[VC-DATA-MODEL]],
      with JSON Object Signing and Encryption (<a href="https://datatracker.ietf.org/wg/jose/about/">JOSE</a>),
      and CBOR Object Signing and Encryption (COSE) [[RFC9052]].

      This enables the Verifiable Credential data model
      [[VC-DATA-MODEL]]to be implemented with standards
      for signing and encryption that are widely adopted.
    </p>
  </section>
  <section id="sotd"></section>

  <section id="introduction">
    <h2>Introduction</h2>
    <p>
      This specification describes how to secure media types
      expressing Verifiable Credentials and Verifiable Presentations
      as described in the [[VC-DATA-MODEL]], using approaches
      described by the OAuth, JOSE, and COSE working groups at IETF. 
      This includes SD-JWT [[SD-JWT]] and COSE [[RFC9052]],
      and provides an approach using well-defined content types
      [[RFC6838]] and structured suffixes [[MULTIPLE-SUFFIXES]] 
      to distinguish the data types of unsecured documents conforming to [[VC-DATA-MODEL]]
      from the data types of secured documents conforming to [[VC-DATA-MODEL]],
      defined in this specification.
    </p>
    <p>
      Selective Disclosure for JWTs (SD-JWT) [[SD-JWT]] provides a standardized
      mechanism for digitally signing JSON documents. It provides a means
      to ensure the integrity, authenticity, selective disclosure and non-repudiation of
      the information contained in a JSON document. These
      properties make SD-JWT especially well suited to securing documents
      conforming to the JSON-LD [[VC-DATA-MODEL]].
    </p>
    <p class="issue">
      The working group is discussing how we might comment on recent work, that does make
      use of encryption in <a
        href="https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#section-3.2">OpenID for Verifiable
        Presentations</a>.
    </p>
    <p>
      CBOR Object Signing and Encryption (COSE) [[RFC9052]] is a
      specification that defines a framework for representing signed and
      encrypted data using (Concise Binary Object Representation) [RFC8949]
      data structures. COSE provides a standardized way to secure the
      integrity, authenticity, and confidentiality of CBOR-encoded
      information. It offers a flexible and extensible set of
      cryptographic options, allowing for a wide range of algorithms
      to be used for signing and encryption.

      COSE supports two main operations: signing and encryption. For
      signing, COSE allows the creation of digital signatures over
      CBOR data using various algorithms such as HMAC, RSA, ECDSA, or
      EdDSA. These signatures provide assurance of data integrity and
      authenticity. COSE also supports encryption, enabling the
      confidentiality of CBOR data by encrypting it with symmetric or
      asymmetric encryption algorithms.
    </p>
  </section>

  <section class="informative">
    <h3>Terminology</h3>
    <div data-include="./terms.html"></div>
  </section>

  <section>
    <h2>Securing the VC Data Model</h2>
    <p>
      This section outlines how to secure documents conforming
      to the [[VC-DATA-MODEL]] using JOSE and COSE.
    </p>
    <p>
      Documents conforming to the [[VC-DATA-MODEL]], 
      and their associated media types, rely on
      JSON-LD, which is a flexible and extensible format for describing
      linked data, see <a href="https://www.w3.org/TR/json-ld11/#relationship-to-rdf">JSON-LD Relationship to RDF</a>.
    </p>
    <p>
      A benefit to this approach is that payloads can be made to conform
      directly to the [[VC-DATA-MODEL]] without any mappings or
      transformation, while at the same time supporting registered 
      claims that are understood in the context of JOSE and COSE.
    </p>
    <p>
      It is RECOMMENDED that media types be used to distinguish <a data-cite="VC-DATA-MODEL#credentials">verifiable credentials</a>
      and <a data-cite="VC-DATA-MODEL#presentations">verifiable presentations</a> from other kinds of secured JSON or CBOR.
    </p>
    <p>
      The most specific media type (or subtype) available SHOULD be used, instead of
      more generic media types (or supertypes). For example, rather than the general
      <code>application/sd-jwt</code>, <code>application/vc+ld+json+sd-jwt</code>
      ought to be used, unless there is a more specific media type that would even
      better identify the secured envelope format.
    </p>
    <p>
    If implementations do not know which media type to use, media types defined in this specification MUST be used.
    </p>
    <section>
      <h2>With JOSE</h2>
      <section>
        <h2>Securing JSON-LD Verifiable Credentials with JOSE</h2>
        <p>
          This section details how to use JOSE to secure verifiable credentials conforming
          to the [[VC-DATA-MODEL]].
        </p>
        <p>[[rfc7515]] MAY be used to secure this media type.</p>
        <p>
          The <code>typ</code> parameter SHOULD be <code>vc+ld+json+sd-jwt</code>
        </p>
        <p>
          When present, the <code>cty</code> SHOULD be
          <code>vc+ld+json</code>
        </p>
        <p>
          See <a data-cite="rfc7515#section-4.1.10">Common JOSE Header
            Parameters</a>
          for additional details regarding usage of <code>typ</code> and
          <code>cty</code>.
        </p>
        <pre class="example vc-jose-cose-vc-example" data-alg="ES384" title="Example Credential">
{
  "@context": ["https://www.w3.org/ns/credentials/v2",
    "https://www.w3.org/ns/credentials/examples/v2"
  ],
  "id": "http://example.edu/credentials/3732",
  "type": ["VerifiableCredential",
    "UniversityDegreeCredential"
  ],
  "issuer": "https://example.edu/issuers/14",
  "issuanceDate": "2010-01-01T19:23:24Z",
  "credentialSubject": {
    "id": "did:example:123",
    "degree": {
      "type": "BachelorDegree",
      "name": "Bachelor of Science and Arts"
    }
  }
}
        </pre>
      </section>
      <section>
        <h2>Securing JSON-LD Verifiable Presentations with JOSE</h2>
        <p>
          This section details how to use JOSE to secure verifiable presentations conforming
          to the [[VC-DATA-MODEL]].
        </p>
        <p>[[rfc7515]] MAY be used to secure this media type.</p>
        <p>The <code>typ</code> parameter SHOULD be
          <code>vp+ld+json+sd-jwt</code>
        </p>
        <p>When present, the <code>cty</code> parameter SHOULD be
          <code>vp+ld+json</code>
        </p>
        <p>
          See <a data-cite="rfc7515#section-4.1.10">Common JOSE Header
            Parameters</a>
          for additional details regarding usage of <code>typ</code> and
          <code>cty</code>.
        </p>
        <pre class="example vc-jose-cose-vp-example" data-alg="none" title="The minimal unsecured verifiable presentation">
{
  "@context": ["https://www.w3.org/ns/credentials/v2"],
  "type": ["VerifiablePresentation"]
}
        </pre>
        <pre class="example vc-jose-cose-vp-example" title="The minimal secured verifiable presentation">
{
  "@context": ["https://www.w3.org/ns/credentials/v2"],
  "type": ["VerifiablePresentation"]
}
        </pre>

        <pre class="example vc-jose-cose-vp-example" title="A secured verifiable presentation with a holder identifier">
{
  "@context": ["https://www.w3.org/ns/credentials/v2",
    "https://www.w3.org/ns/credentials/examples/v2"
  ],
  "type": ["VerifiablePresentation"],
  "holder": "urn:ietf:params:oauth:jwk-thumbprint:sha-256:NzbLsXh8uDCcd-6MNwXF4W_7noWXFZAfHkxZsRGC9Xs"
}
        </pre>
        <pre class="example vc-jose-cose-vp-example" title="A secured verifiable presentation with a holder graph node">
{
  "@context": ["https://www.w3.org/ns/credentials/v2"],
  "type": ["VerifiablePresentation"],
  "holder": {
    "id": "urn:ietf:params:oauth:jwk-thumbprint:sha-256:NzbLsXh8uDCcd-6MNwXF4W_7noWXFZAfHkxZsRGC9Xs",
    "type": "Organization",
    "name": "Contoso"
  }
}
        </pre>
      </section>
    </section>
    <section>
      <h2>With COSE</h2>
      <p>
        COSE [[rfc9052]] is a common approach to encoding and securing
        information using CBOR [[rfc8949]]. Verifiable credentials MAY
        be secured using COSE [[rfc9052]] and SHOULD be identified through
        use of content types as outlined in this section.
      </p>
      <section>
        <h2>Securing JSON-LD VCs with COSE</h2>
        <p>
          This section details how to secure data with the type
          <code>application/vc+ld+json</code>
          with COSE.
        </p>
        <p>[[rfc9052]] MAY be used to secure this media type.</p>
        <p>When using this approach, the <code>typ</code> SHOULD be
          <code>vc+ld+json+cose</code>.
          See <a href="https://www.ietf.org/archive/id/draft-ietf-cose-typ-header-parameter-00.html/">I-D.ietf-cose-typ-header-parameter</a>
          for the COSE "<code>typ</code>" (type) header parameter.
        </p>
        <p>When using this approach, the <code>content type (3)</code>
          SHOULD be <code>application/vc+ld+json</code>.</p>
        <p>
          See <a data-cite="rfc9052#section-3.1">Common COSE Header
            Parameters</a> for additional details.
        </p>
        <p>See the IANA <a href="https://www.iana.org/assignments/cbor-tags/cbor-tags.xhtml">Concise Binary Object Representation (CBOR) Tags</a> registry
	  for additional details.</p>
      </section>
    </section>
  </section>
  <section class="informative">
    <h2>Wallets</h2>
    <p>
    <a data-cite="VC-DATA-MODEL#dfn-issuers">Issuers</a>,
    <a data-cite="VC-DATA-MODEL#dfn-holders">holders</a> and 
    <a data-cite="VC-DATA-MODEL#dfn-verifier">verifiers</a> might rely on clients, 
    as defined in <a href="https://datatracker.ietf.org/doc/html/rfc4949">RFC4949</a>.
    Such clients are often referred to as <i>wallets</i> or <i>digital credential wallets</i>,
    when they support storing and presenting digital credentials.
    </p>
    <p>
    In order to meet <a data-cite="VC-DATA-MODEL#dfn-verifier">verifier</a> requirements, some
    <a data-cite="VC-DATA-MODEL#dfn-issuers">issuers</a> might need to assess the quality of a wallet used by a 
    <a data-cite="VC-DATA-MODEL#dfn-holders">holder</a>, prior to issuing and
    delivering credentials to a <a data-cite="VC-DATA-MODEL#dfn-holders">holder</a>.
    </p>
    <p>
    For example, some <a data-cite="VC-DATA-MODEL#dfn-verifier">verifiers</a> might require that cryptographic material 
    associated with a <a data-cite="VC-DATA-MODEL#dfn-holders">holder</a>, be protected at specific 
    assurance levels.
    (See <a href="https://pages.nist.gov/800-63-3-Implementation-Resources/63B/AAL/">NIST 800-63-3: Authenticator Assurance Levels</a>.)
    </p>
    <p class="note">
      Also see <a href="https://datatracker.ietf.org/doc/draft-looker-oauth-attestation-based-client-auth/">
        OAuth 2.0 Attestation-Based Client Authentication
      </a>.
    </p>
  </section> 
  <section class="normative">
    <h2>Key Discovery</h2>
      <p class="issue">
        The working group is still discussing how to close many related issues.
      </p>
      <p class="issue" data-number="117"></p>
      <p class="issue" data-number="106"></p>
      <p class="issue" data-number="31"></p>
      <p class="issue" data-number="30"></p>
      <p class="issue" data-number="15"></p>
      <p>
    In order to complete the <a data-cite="VC-DATA-MODEL#dfn-verify">verification</a> process, 
    a <a data-cite="VC-DATA-MODEL#dfn-verifier">verifier</a> needs to obtain the cryptographic keys used to secure the 
    <a data-cite="VC-DATA-MODEL#dfn-credential">credential</a>.
      </p>
      <p>
    There are several different ways to discover the verification keys of
    the <a data-cite="VC-DATA-MODEL#dfn-issuers">issuers</a>
    and <a data-cite="VC-DATA-MODEL#dfn-holders">holders</a>.
      </p>


    <section>
      <h2>Registered Header Parameter and Claim Names</h2>
      <p>
      When present in
      the <a data-cite="RFC7515#section-4">JOSE Header</a> or
      the <a data-cite="RFC7519#section-4">JWT Claims Set</a>
      members registered in
      the IANA <a href="https://www.iana.org/assignments/jwt/jwt.xhtml">JSON Web Token Claims</a> registry or
      the IANA <a href="https://www.iana.org/assignments/jose/jose.xhtml">JSON Web Signature and Encryption Header Parameters</a> registry
      are to be interpreted as defined by the specifications referenced in the registries.
      </p>
      <p>
      These parameters and claims can be used to help
      <a data-cite="VC-DATA-MODEL#dfn-verifier">verifiers</a> discover verification keys.
      </p>
      <section>
        <h2>kid</h2>
        <p>
      If <code>kid</code> is present in the <a data-cite="RFC7515#section-4.1">JOSE Header</a>,
      a <a data-cite="VC-DATA-MODEL#dfn-verifier">verifier</a> can use this parameter
      as a hint indicating which key was used to secure the verifiable credential, when performing a
      <a data-cite="VC-DATA-MODEL#dfn-verify">verification</a> process as defined in <a data-cite="RFC7515#section-4.1.4">RFC7515</a>.
        </p>
        <p>
          <code>kid</code> MUST be present when the key of the <a data-cite="VC-DATA-MODEL#dfn-issuers">issuer</a>
          or <a data-cite="VC-DATA-MODEL#dfn-subjects">subject</a> is expressed as a DID URL.
        </p>
      </section>
      <section>
        <h2>iss</h2>
        <p>
      If <code>iss</code> is present in the <a data-cite="RFC7515#section-4.1">JOSE Header</a>
      or the <a data-cite="RFC7519#section-4.1.1">JWT Claims </a>,
      a <a data-cite="VC-DATA-MODEL#dfn-verifier">verifier</a> can use this parameter
      to obtain a <a data-cite="RFC7517#section-4">JSON Web Key</a> to use in the 
      <a data-cite="VC-DATA-MODEL#dfn-verify">verification</a> process.
        </p>
        <p>
      The value of the <a data-cite="VC-DATA-MODEL#issuer">issuer</a> property can be either a string or an object.
      When <code>issuer</code> value is a string, <code>iss</code> value, if present, MUST match <code>issuer</code> value.
      When <code>issuer</code> value is an object with an <code>id</code> value,
      <code>iss</code> value, if present, MUST match <code>issuer.id</code> value.
        </p>
        <p>
      If <code>kid</code> is also present in the
      <a data-cite="RFC7515#section-4.1">JOSE Header</a>, it is expected to be useful to
      distinguish the specific key used.
        </p>
      <p class="issue"  data-number="31">
        There are a few issues related to clarification of optionality and behavior of 
        registered claims.  
      </p>
      </section>
      
      <section>
        <h2>cnf</h2>
        <p>
      If <code>cnf</code> is present in the <a data-cite="RFC7515#section-4.1">JOSE Header</a>
      or the <a data-cite="RFC7519#section-4.1.1">JWT Claims </a>,
      a <a data-cite="VC-DATA-MODEL#dfn-verifier">verifier</a> MAY use this parameter
      to identify a proof-of-possesion key in the manner described in [[rfc7800]] for use in the
      <a data-cite="VC-DATA-MODEL#dfn-verify">verification</a> process.
        </p>
      </section>
      </section>
      
      <section>
      <h2>Well Known URIs</h2>
      <p class="issue">
      The working group is currently exploring how 
      <a data-cite="RFC5785#section-3">Defining Well-Known Uniform Resource Identifiers (URIs)</a>
      could be leveraged to assist a <a data-cite="VC-DATA-MODEL#dfn-verifier">verifier</a> in discovering verification keys for 
      <a data-cite="VC-DATA-MODEL#dfn-issuers">issuers</a> 
      and <a data-cite="VC-DATA-MODEL#dfn-holders">holders</a>.
      </p>
      
      <section>
        <h2>JWT Issuer</h2>
            <p>
              When the issuer value is a URL using the HTTPS scheme,
              issuer metadata including the issuer's public keys can be retrieved using the mechanism
              defined in <a data-cite="SD-JWT-VC"></a>.
            </p>
          </section>
        </section>
        <section class="informative">
        <h3>Controller Documents</h3>
    
        <p class="issue" data-number="160"></p>

        <p>
A <a>controller document</a> is a set of data that specifies one or more
relationships between a <a>controller</a> and a set of data, such as a set of
public cryptographic keys. The <a>controller document</a> SHOULD
contain <a>verification relationships</a> that explicitly permit the use of
certain <a>verification methods</a> for specific purposes.
        </p>


        <section>
          <h2>Verification Methods</h2>
          <p>
A <a>controller document</a> can express <a>verification methods</a>, such as
cryptographic <a>public keys</a>, which can be used to <a>authenticate</a> or
authorize interactions with the <a>controller</a> or associated parties. For
example, a cryptographic <a>public key</a> can be used as a <a>verification
method</a> with respect to a digital signature; in such usage, it verifies that
the signer could use the associated cryptographic private key. <a>Verification
methods</a> might take many parameters. An example of this is a set of five
cryptographic keys from which any three are required to contribute to a
cryptographic threshold signature.
          </p>

          <dl>
            <dt><dfn class="lint-ignore">verificationMethod</dfn></dt>
            <dd>
              <p>
The `verificationMethod` property is OPTIONAL. If present, its value
MUST be a <a data-cite="INFRA#ordered-set">set</a> of <a>verification
methods</a>, where each <a>verification method</a> is expressed using a <a
data-cite="INFRA#ordered-map">map</a>. The <a>verification method</a> <a
data-cite="INFRA#ordered-map">map</a> MUST include the `id`,
`type`, `controller`, and specific verification material
properties that are determined by the value of `type` and are defined
in <a href="#verification-material"></a>. A <a>verification method</a> MAY
include additional properties.
              </p>

              <dl>
                <dt>id</dt>
                <dd>
                  <p>
The value of the `id` property for a <a>verification
method</a> MUST be a <a data-cite="INFRA#string">string</a> that
conforms to the [[URL]] syntax.
                  </p>
                </dd>
                <dt>type</dt>
                <dd>
The value of the `type` property MUST be a <a
data-cite="INFRA#string">string</a> that references exactly one <a>verification
method</a> type. To maximize interoperability, the
<a>verification method</a> type SHOULD be `JsonWebKey`.
                </dd>
                <dt><span id="defn-controller">controller</span></dt>
                <dd>
The value of the `controller` property MUST be a <a
data-cite="INFRA#string">string</a> that conforms to the [[URL]] syntax.
                </dd>
                <dt><dfn class="lint-ignore">revoked</dfn></dt>
                <dd>
The `revoked` property is OPTIONAL. If present, its value MUST be an [[XMLSCHEMA11-2]]
combined date and time string specifying when the <a>verification method</a>
SHOULD cease to be used. Once the value is set, it is not expected to be updated, and
systems depending on the value are expected to not verify any proofs associated
with the <a>verification method</a> at or after the time of revocation.
                </dd>
              </dl>
            </dd>
          </dl>

          <pre class="example nohighlight"
            title="Example verification method structure">
    {
      "@context": [
        "https://www.w3.org/ns/did/v1",
        "https://www.w3.org/ns/credentials/v2"
      ]
      "id": "did:example:123456789abcdefghi",
      <span class="comment">...</span>
      "verificationMethod": [{
        "id": <span class="comment">...</span>,
        "type": <span class="comment">...</span>,
        "controller": <span class="comment">...</span>,
        "publicKeyJwk": <span class="comment">...</span>
      }]
    }
          </pre>

          <p class="note"
            title="Verification method controller(s) and controller(s)">
The semantics of the `controller` property are the same when the
subject of the relationship is the <a>controller document</a> as when the subject of
the relationship is a <a>verification method</a>, such as a cryptographic public
key. Since a key can't control itself, and the key controller cannot be inferred
from the <a>controller document</a>, it is necessary to explicitly express the identity
of the controller of the key. The difference is that the value of
`controller` for a <a>verification method</a> is <em>not</em>
necessarily a <a>controller</a>. <a>Controllers</a> are expressed
using the `<a>controller</a>` property at the highest level of the
<a>controller document</a>.
          </p>

          <section>
            <h3>Verification Material</h3>

            <p>
Verification material SHOULD be expressed in the <code>publicKeyJwk</code> property
of a <code>JsonWebKey</code>. This key material is retrieved based on hints in the
JOSE or COSE message envelopes, such as <code>kid</code> or <code>iss</code>. At
the time of writing, there is no standard way to retrieve a public key in JWK or
COSE key from a DID URL or controller document.
            </p>


            <p>
A <a>verification method</a> MUST NOT contain multiple verification material
properties for the same material. For example, expressing key material in a
<a>verification method</a> using both `publicKeyJwk` and
`publicKeyMultibase` at the same time is prohibited.
            </p>

            <p>
An example of a <a>controller document</a> containing <a>verification
methods</a> using both properties above is shown below.
            </p>

            <pre id="example-various-verification-method-types"
              class="example nohighlight"
              title="Verification methods using publicKeyJwk">
    {
      "@context": [
        "https://www.w3.org/ns/did/v1",
        "https://www.w3.org/ns/credentials/v2"
      ]
      "id": "did:example:123456789abcdefghi",
      <span class="comment">...</span>
      "verificationMethod": [{
        "id": "did:example:123#_Qq0UL2Fq651Q0Fjd6TvnYE-faHiOpRlPVQcY_-tA4A",
        "type": "JsonWebKey", <span class="comment">// external (property value)</span>
        "controller": "did:example:123",
        "publicKeyJwk": {
          "crv": "Ed25519", <span class="comment">// external (property name)</span>
          "x": "VCpo2LMLhn6iWku8MKvSLg2ZAoC-nlOyPVQaO3FxVeQ", <span class="comment">// external (property name)</span>
          "kty": "OKP", <span class="comment">// external (property name)</span>
          "kid": "_Qq0UL2Fq651Q0Fjd6TvnYE-faHiOpRlPVQcY_-tA4A" <span class="comment">// external (property name)</span>
        }
      }],
      <span class="comment">...</span>
    }
            </pre>
          </section>


          <section>
            <h3>JsonWebKey</h3>
            <p>
The JSON Web Key (JWK) data model is a specific type of <a>verification method</a>
that uses the JWK specification [[RFC7517]] to encode key types into a
set of parameters.
            </p>

            <p>
When specifing a `JsonWebKey`, the object takes the following form:
            </p>

            <dl>
              <dt>type</dt>
              <dd>
The value of the `type` property MUST contain the string `JsonWebKey`.
              </dd>
              <dt><dfn class="lint-ignore">publicKeyJwk</dfn></dt>
              <dd>
The `publicKeyJwk` property is REQUIRED, and its value MUST
be a JSON Web Key that conforms to [[RFC7517]].
It is RECOMMENDED that verification methods that use
JWKs [[RFC7517]] to represent their <a>public keys</a> use the value of `kid` as
their fragment identifier. It is RECOMMENDED that JWK `kid` values be set to
the public key fingerprint [[RFC7638]]. See the first key in
<a href="#example-various-verification-method-types"></a> for an example of a
public key with a compound key identifier.
              </dd>
              <dt><dfn class="lint-ignore">secretKeyJwk</dfn></dt>
              <dd>
The `secretKeyJwk` property is OPTIONAL. If present, its value MUST be a <a
data-cite="INFRA#ordered-map">map</a> representing a JSON Web Key that conforms
to [[RFC7517]].
              </dd>
            </dl>

            <p>
An example of an object that conforms to this data model is provided below:
            </p>

            <pre class="example nohighlight"
              title="JSON Web Key encoding of an secp384r1 (P-384) public key">
{
  "id": "did:example:123456789abcdefghi#key-1",
  "type": "JsonWebKey",
  "controller": "did:example:123456789abcdefghi",
  "publicKeyJwk": {
      "kid": "key-1",
      "kty": "EC",
      "crv": "P-384",
      "alg": "ES384",
      "x": "1F14JSzKbwxO-Heqew5HzEt-0NZXAjCu8w-RiuV8_9tMiXrSZdjsWqi4y86OFb5d",
      "y": "dnd8yoq-NOJcBuEYgdVVMmSxonXg-DU90d7C4uPWb_Lkd4WIQQEH0DyeC2KUDMIU"
    }
}
            </pre>

            <p>
In the example above, the `publicKeyJwk` value contains the JSON Web Key.
The `kty` property encodes the key type of "OKP", which means
"Octet string key pairs". The `alg` property identifies the algorithm intended
for use with the public key. Although `alg` is optional, it is RECOMMENDED to be included to avoid security issues arising from using the same key with multiple algorithms. The `crv` property identifies the particular
curve type of the public key. The `kid` property is a hint used to help discover the key; 
if present, the `kid` value SHOULD match, or be included in the
`id` property of the encapsulating `JsonWebKey` object, as part of the path, query or fragment of the URL. Finally, the `x`
property specifies the point on the Ed25519 curve that is associated with the
public key.
            </p>

            <p>
The `publicKeyJwk` property MUST NOT contain any property marked as
"Private" in any registry contained in the JOSE Registries [[JOSE-REGISTRIES]], including "d".
            </p>

            <p>
The JSON Web Key data model is also capable of encoding <em>secret keys</em>, sometimes
referred to as <em>private keys</em>.
            </p>

            <pre class="example nohighlight"
              title="JSON Web Key encoding of a secp384r1 (P-384) secret key">
{
  "id": "did:example:123456789abcdefghi#key-1",
  "type": "JsonWebKey",
  "controller": "did:example:123456789abcdefghi",
  "secretKeyJwk": {
      "kty": "EC",
      "crv": "P-384",
      "alg": "ES384",
      "d": "fGwges0SX1mj4eZamUCL4qtZijy9uT15fI4gKTuRvre4Kkoju2SHM4rlFOeKVraH",
      "x": "1F14JSzKbwxO-Heqew5HzEt-0NZXAjCu8w-RiuV8_9tMiXrSZdjsWqi4y86OFb5d",
      "y": "dnd8yoq-NOJcBuEYgdVVMmSxonXg-DU90d7C4uPWb_Lkd4WIQQEH0DyeC2KUDMIU"
    }
}
            </pre>

            <p>
The private key example above is almost identical to the previous example of the
public key, except that the information is stored in the `secretKeyJwk` property
(rather than the `publicKeyJwk`), and the private key value is encoded in the `d`
property thereof (alongside the `x` property, which still specifies the point on
the secp384r1 curve that is associated with the public key).
            </p>

          </section>

          <section>
            <h3>Referring to Verification Methods</h3>
            <p>
<a>Verification methods</a> can be referenced from properties
associated with various <a>verification relationships</a> as described in <a
href="#verification-relationships"></a>. Referencing <a>verification methods</a>
allows them to be used by more than one <a>verification relationship</a>.
            </p>

            <p>
If the value of a <a>verification method</a> property is a
URL <a data-cite="INFRA#string">string</a>, the <a>verification method</a> has
been included by reference and its properties will need to be retrieved from
elsewhere in the <a>controller document</a> or from another <a>controller document</a>. This
is done by dereferencing the URL and searching the resulting <a>resource</a> for a
<a>verification method</a> <a data-cite="INFRA#ordered-map">map</a> with an
`id` property whose value matches the URL.
            </p>

            <pre class="example nohighlight"
            title="Referencing verification methods">
    {
<span class="comment">...</span>

      "authentication": [
        <span class="comment">// this key is referenced and might be used by</span>
        <span class="comment">// more than one verification relationship</span>
        "did:example:123456789abcdefghi#keys-1",
      ],

<span class="comment">...</span>
    }
            </pre>
          </section>
        </section>

        <section>
          <h2>Verification Relationships</h2>

          <p>
A <a>verification relationship</a> expresses the relationship between the
<a>controller</a> and a <a>verification method</a>.
          </p>
          <p>
Different <a>verification relationships</a> enable the associated
<a>verification methods</a> to be used for different purposes. It is up to a
<em>verifier</em> to ascertain the validity of a verification attempt by
checking that the <a>verification method</a> used is contained in the
appropriate <a>verification relationship</a> property of the
<a>controller document</a>.
          </p>
          <p>
The <a>verification relationship</a> between the <a>controller</a> and the
<a>verification method</a> is explicit in the <a>controller document</a>.
<a>Verification methods</a> that are not associated with a particular
<a>verification relationship</a> cannot be used for that <a>verification
relationship</a>.
          </p>
          <p>
The <a>controller document</a> does not express revoked keys using a <a>verification
relationship</a>. If a referenced verification method is not in the latest
<a>controller document</a> used to dereference it, then that verification method is
considered invalid or revoked.
          </p>
          <p>
The following sections define several useful <a>verification relationships</a>.
A <a>controller document</a> MAY include any of these, or other properties, to
express a specific <a>verification relationship</a>. In order to maximize global
interoperability, any such properties used SHOULD be registered in the
Data Integrity Specification Registries [TBD: DIS-REGISTRIES].
          </p>

          <section>
            <h2>Authentication</h2>

            <p>
The `authentication` <a>verification relationship</a> is used to
specify how the <a>controller</a> is expected to be <a>authenticated</a>, for
purposes such as logging into a website or engaging in any sort of
challenge-response protocol.
            </p>

            <dl>
              <dt id="defn-authentication">authentication</dt>
              <dd>
The `authentication` property is OPTIONAL. If present, its
value MUST be a <a data-cite="INFRA#ordered-set">set</a> of one or more
<a>verification methods</a>. Each <a>verification method</a> MAY be embedded or
referenced.
              </dd>
            </dl>

            <pre class="example nohighlight" title="Authentication property
                          containing three verification methods">
    {
      "@context": [
        "https://www.w3.org/ns/did/v1",
        "https://www.w3.org/ns/credentials/v2"
      ],
      "id": "did:example:123456789abcdefghi",
      <span class="comment">...</span>
      "authentication": [
        <span class="comment">// this method can be used to authenticate as did:...fghi</span>
        "did:example:123456789abcdefghi#keys-1",
      <span class="comment">...</span>
    }
            </pre>

            <p>
If authentication is established, it is up to the application to decide what to
do with that information.
            </p>
            <p>
This is useful to any <em>authentication verifier</em> that needs to check to
see whether an entity that is attempting to <a>authenticate</a> is, in fact,
presenting a valid proof of authentication. When a <em>verifier</em> receives
some data (in some protocol-specific format) that contains a proof that was made
for the purpose of "authentication", and that says that an entity is identified
by the `id`, then that <em>verifier</em> checks to ensure that the proof can be
verified using a <a>verification method</a> (e.g., <a>public key</a>) listed
under `<a>authentication</a>` in the <a>controller document</a>.
            </p>
            <p>
Note that the <a>verification method</a> indicated by the
`<a>authentication</a>` property of a <a>controller document</a> can
only be used to <a>authenticate</a> the <a>controller</a>. To
<a>authenticate</a> a different <a>controller</a>, the entity associated with
the value of `controller` needs to <a>authenticate</a> with its
<em>own</em> <a>controller document</a> and associated
`<a>authentication</a>` <a>verification relationship</a>.
            </p>
          </section>

          <section>
            <h2>Assertion</h2>

            <p>
The `assertionMethod` <a>verification relationship</a> is used to
specify how the <a>controller</a> is expected to express claims, such as for
the purposes of issuing a Verifiable Credential [[?VC-DATA-MODEL-2.0]].
            </p>

            <dl>
              <dt>assertionMethod</dt>
              <dd>
The `assertionMethod` property is OPTIONAL. If present, its
value MUST be a <a data-cite="INFRA#ordered-set">set</a> of
one or more <a>verification methods</a>. Each <a>verification method</a> MAY be
embedded or referenced.
              </dd>
            </dl>

            <p>
This property is useful, for example, during the processing of a <a>verifiable
credential</a> by a verifier.
            </p>

            <pre class="example nohighlight" title="Assertion method property">
    {
      "@context": [
        "https://www.w3.org/ns/did/v1",
        "https://www.w3.org/ns/credentials/v2"
      ],
      "id": "did:example:123456789abcdefghi",
      <span class="comment">...</span>
      "assertionMethod": [
        <span class="comment">// this method can be used to assert statements as did:...fghi</span>
        "did:example:123456789abcdefghi#keys-1",
      <span class="comment">...</span>
    }
            </pre>
          </section>



        </section>
      </section>
      </section>

    <section class="normative">
      <h2>JOSE Header Parameters</h2>
      <p>
        The normative statements in <a data-cite="RFC7515#section-4.1">Registered Header Parameter
          Names</a>
        apply to securing credentials and presentations.
      </p>
      <p>
        The normative statements in <a data-cite="RFC7519#section-5">JOSE Header</a>
        apply to securing credentials and presentations.
      </p>
      <p>
        The data model for the JOSE Header is JSON
        (application/json), not JSON-LD (application/ld+json).
      </p>
      <p>
        The normative statements in <a data-cite="RFC7519#section-5.3">Replicating Claims as Header
          Parameters</a>
        apply to securing claims about a credential subject.
      </p>
      <p>
        When replicating claims from the JWT Claims Set to Header Parameters, it is
        RECOMMENDED to use [[RFC7519]],
	the IANA <a href="https://www.iana.org/assignments/jwt/jwt.xhtml">JSON Web Token Claims</a> registry, and
	the IANA <a href="https://www.iana.org/assignments/jose/jose.xhtml">JSON Web Signature and Encryption Header Parameters</a> registry
        to identify any claims that might be confused with
        members defined by the [[VC-DATA-MODEL]. These include but are not
        limited to: <code>iss</code>, <code>kid</code>,
        <code>alg</code>, <code>iat</code>,
        <code>exp</code>, and <code>cnf</code>.
      </p>
      <p>
        When the <code>iat</code> and/or <code>exp</code> JWT claims are present,
        they represent the issuance and expiration time of the signature, respectively.
        Note that these are different from the <code>validFrom</code> and <code>validUntil</code> properties
        defined in <a data-cite="VC-DATA-MODEL#validity-period">Validity Period</a>
        that represent the validity of the data that is being secured.
      </p>
      <p>
        The JWT Claim Names <code>vc</code> and <code>vp</code>
        MUST NOT be present as header parameters.
      </p>
      <p>
        When present, members of the header are to be interpreted and
        processed according to the corresponding definitions found in
	the IANA <a href="https://www.iana.org/assignments/jose/jose.xhtml">JSON Web Signature and Encryption Header Parameters</a> registry and
	the IANA <a href="https://www.iana.org/assignments/jwt/jwt.xhtml">JSON Web Token Claims</a> registry.
      </p>
      <p>
        Additional members may be present. If they are not understood,
        they MUST be ignored.
      </p>
    </section>
  </section>

  <section id="conformance">
    <section class="normative">
      <h2>Securing Verifiable Credentials</h2>
      <p>The <a data-cite="VC-DATA-MODEL#proof-formats"></a> describes the approach taken by JSON Web
        Tokens to secure JWT Claims Sets as <i>applying an
        <code>external proof</code></i>.
      </p>
      <p>The normative statements in <a data-cite="VC-DATA-MODEL#securing-verifiable-credentials">Securing
          Verifiable Credentials</a> apply to securing
        <code>application/vc+ld+json</code> and
        <code>application/vp+ld+json</code>
        as <code>application/vc+ld+json+sd-jwt</code> and
        <code>application/vp+ld+json+sd-jwt</code>.
      </p>
      <p>For clarity, these requirements are repeated here:</p>
      <ul>
        <li>
          <p>
            At least one securing mechanism, and the details necessary
            to evaluate it, MUST be expressed for a credential or
            presentation to be a verifiable credential or verifiable
            presentation; that is, to be verifiable.
          </p>
        </li>
        <li>
          <p>
            Methods of securing credentials or presentations that embed
            a proof in the data model MUST use the proof property.
          </p>
        </li>
        <li>
          <p>
            Methods of securing credentials or presentations that use an
            external proof MAY use the proof property.
          </p>
        </li>
        <li>
          <p>
            One or more cryptographic proofs that can be used to detect
            tampering and verify the authorship of a credential or
            presentation. The specific method used for an embedded proof
            MUST be included using the type property.
          </p>
        </li>
      </ul>
      <p class="advisement">
        The type <code>VerifiableCredential</code> and
        <code>VerifiablePresentation</code> are RDF Classes.
        <br /><br />
        The presence of the word "Verifiable" does not convey a
        cryptographic verification capability exists.
        <br /><br />
        The presence of the JSON <code>proof</code> member does not
        convey a cryptographic verification capability exists.
        <br /><br />
        The presence of the JSON <code>proof</code> member is
        optional in both <code>VerifiableCredential</code> and
        <code>VerifiablePresentation</code>.
        <br /><br />
        The presence of the JSON <code>proof</code> member is
        optional in both <code>application/vc+ld+json</code> and
        <code>application/vp+ld+json</code>.
      </p>
      <p>
        JSON Web Token implementers are advised to review <a data-cite="RFC7519#section-8">Implementation
          Requirements</a>.
      </p>
      <p>
        Accordingly, Issuers, Holders, and Verifiers MUST understand the
        JSON Web Token header parameter
        <code>"alg": "none"</code> when securing the [[VC-DATA-MODEL]]
        with JSON Web Tokens.
      </p>
      <p>
        When content types from the [[VC-DATA-MODEL]] are secured using
        JSON Web Tokens, the header parameter <code>"alg": "none"</code>,
	MUST be used to communicate that a JWT Claims Set (a
        Verifiable Credential or a Verifiable Presentation) has no
        integrity protection.
      </p>
      <p>
        When a JWT Claims Set (a Verifiable Credential or a
        Verifiable Presentation) contains
        <code>proof</code>, and the JSON Web Token header contains
        <code>"alg": "none"</code>, the JWT Claims Set MUST be considered to
        have no integrity protection.
      </p>
      <p class="advisement">
        Verifiable Credentials and Verifiable Presenatations are not
        required to be secured or integrity protected or to contain a
        <code>proof</code> member.
      </p>
      <p>Issuers, Holders, and Verifiers MUST ignore all JWT Claims Sets that
        have no integrity protection.</p>
    </section>
  
</section>

  <section class="normative">
    <h2>IANA Considerations</h2>

    <section>
    <h2>Media Types</h2>
    <section id="vc-ld-sd-jwt-media-type">
      <h2><code>application/vc+ld+json+sd-jwt</code></h2>
      <p>
        This specification registers the
        <code>application/vc+ld+json+sd-jwt</code> Media Type specifically for
        identifying a <a data-cite="SD-JWT"></a>
        conforming to the Verifiable Credential Data Model.
      </p>
      <table>
        <tr>
          <td>Type name: </td>
          <td>application</td>
        </tr>
        <tr>
          <td>Subtype name: </td>
          <td>vc+ld+json+sd-jwt</td>
        </tr>
        <tr>
          <td>Required parameters: </td>
          <td>None</td>
        </tr>
        <tr>
          <td>Encoding considerations: </td>
          <td>
            binary; application/sd-jwt values are a series of base64url-encoded values 
            (some of which may be the empty string) separated by period ('.') or tilde ('~') characters.
          </td>
        </tr>
        <tr>
          <td>Security considerations: </td>
          <td>
            <p>As defined in this specification. See also the security
            considerations in <a data-cite="SD-JWT"></a>.</p>
          </td>
        </tr>
        <tr>
          <td>Contact: </td>
          <td>
            W3C Verifiable Credentials Working Group <a
            href="mailto:public-vc-wg@w3.org">public-vc-wg@w3.org</a>
          </td>
        </tr>
      </table>
    </section>
    <section id="vp-ld-sd-jwt-media-type">
      <h2><code>application/vp+ld+json+sd-jwt</code></h2>
      <p>
        This specification registers the
        <code>application/vp+ld+json+sd-jwt</code> Media Type specifically for
        identifying a <a data-cite="SD-JWT"></a>
        conforming to the Verifiable Presentations.
      </p>
      <table>
        <tr>
          <td>Type name: </td>
          <td>application</td>
        </tr>
        <tr>
          <td>Subtype name: </td>
          <td>vp+ld+json+sd-jwt</td>
        </tr>
        <tr>
          <td>Required parameters: </td>
          <td>None</td>
        </tr>
        <tr>
          <td>Encoding considerations: </td>
          <td>
            binary; application/sd-jwt values are a series of base64url-encoded values 
            (some of which may be the empty string) separated by period ('.') or tilde ('~') characters.
          </td>
        </tr>
        <tr>
          <td>Security considerations: </td>
          <td>
            <p>As defined in this specification. See also the security
            considerations in <a data-cite="SD-JWT"></a>.</p>
          </td>
        </tr>
        <tr>
          <td>Contact: </td>
          <td>
            W3C Verifiable Credentials Working Group <a
            href="mailto:public-vc-wg@w3.org">public-vc-wg@w3.org</a>
          </td>
        </tr>
      </table>
    </section>
  </section>
  

  <section id="json-web-token-claim-registrations">
    <h3>Registered Claims</h3>
    <p>
      This section retains deprecated registered claim names 
      that were previously submitted to the Internet Engineering Steering
      Group (IESG) for review, approval, and registration with IANA in the
      "JSON Web Token Claims Registry".
    </p>

    <p class="issue" data-number="119"></p>
    
      <section id="vc-json-web-token-claim">
        <h4>`vc`</h4>
        <table>
          <tr>
            <th>Claim Name: </th>
            <td>"vc" </td>
          </tr>
          <tr>
            <th>Claim Description: </th>
            <td>Verifiable Credential</td>
          </tr>
          <tr>
            <th>Change Controller:  </th>
            <td>W3C</td>
          </tr>
          <tr>
            <th>Specification Document(s): </th>
            <td>
            <a href="https://www.w3.org/TR/vc-data-model/">Section 6.3.1.2: JSON Web Token
              Extensions of Verifiable Credentials Data Model 1.0</a>
            </td>
          </tr>
        </table>
      </section>

      <section id="vp-json-web-token-claim">
        <h4>`vp`</h4>
        <table>
          <tr>
            <th>Claim Name: </th>
            <td>"vp"</td>
          </tr>
          <tr>
            <th>Claim Description: </th>
            <td>Verifiable Presentation</td>
          </tr>
          <tr>
            <th>Change Controller: </th>
            <td>W3C</td>
          </tr>
          <tr>
            <th>Specification Document(s):</th>
            <td>
              <a href="https://www.w3.org/TR/vc-data-model/">Section 6.3.1.2: JSON Web Token
                Extensions of Verifiable Credentials Data Model 1.0</a>
            </td>
          </tr>
        </table>
      </section>
    </section>
  </section>
</section>
  <section>
    <h3>Other Considerations</h3>

    <section>
      <h2>Privacy Considerations</h2>
      <p>
        Verifiable Credentials often contain sensitive information that
        needs to be protected to ensure the privacy and security of
        organizations and individuals. This section outlines some
        privacy considerations relevant to implementers and users.
      </p>
      <p>
        Implementers are advised to note and abide by all privacy
        considerations called out in the [[VC-DATA-MODEL]].
      </p>
      <p>
        Implementers are additionally advised to reference the
        <a href="https://www.rfc-editor.org/rfc/rfc7519#section-12">Privacy
          Consideration</a>
        section of the JWT specification for privacy guidance.
      </p>
      <p>
        In addition to the privacy recommendations in the
        [[VC-DATA-MODEL]], the following considerations are given:
      <ul>
        <li>
          <p>
            Minimization of data: It is considered best practice for
            Verifiable Credentials to only contain the minimum amount of
            data necessary to achieve their intended purpose. This helps
            to limit the amount of sensitive information that is shared
            or stored unnecessarily.
          </p>
        </li>
        <li>
          <p>
            Informed consent: It is considered best practice that
            individuals be fully informed about how their data will be
            used and provide the ability to consent to or decline the
            use of their data. This helps to ensure that individuals
            maintain control over their own personal information.
          </p>
        </li>
        <li>
          <p>
            Data protection: It is considered best practice to protect
            Verifiable Credentials using strong encryption and other
            security measures to prevent unauthorized access,
            modification, or disclosure.
          </p>
        </li>
      </ul>
      </p>
      <p>
        These considerations are not exhaustive, and implementers and
        users are advised to consult additional privacy resources and
        best practices to ensure the privacy and security of Verifiable
        Credentials implemented using VC-JWT.
      </p>
    </section>
    <section>
      <h2>Security Considerations</h2>
      <p>
        This section outlines security considerations for implementers
        and users of this specification. It is important to carefully
        consider these factors to ensure the security and integrity of
        Verifiable Credentials when implemented using JWTs.
      </p>
      <p>
        When implementing VC-JWTs, it is essential to address all
        security issues relevant to broad cryptographic applications.
        This especially includes protecting the user's asymmetric
        private and symmetric secret keys, as well as employing
        countermeasures against various attacks. Failure to adequately
        address these issues could compromise the security and integrity
        of Verifiable Credentials, potentially leading to unauthorized
        access, modification, or disclosure of sensitive information.
      </p>
      <p>
        Implementers are advised to follow best practices and
        established cryptographic standards to ensure the secure
        handling of keys and other sensitive data. Additionally, conduct
        regular security assessments and audits to identify and address
        any vulnerabilities or threats.
      </p>
      <p>
        Follow all security considerations outlined in [[rfc7515]] and
        [[rfc7519]].
      </p>
      <p>
        When utilizing JSON-LD, take special care around remote
        retrieval of contexts and follow the additional security
        considerations noted in [[json-ld11]].
      </p>
      <p>
        As noted in [[rfc7515]] when utilizing JSON [[rfc7159]], strict
        validation is a security requirement. If malformed JSON is
        received, it may be impossible to reliably interpret the
        producer's intent, potentially leading to ambiguous or
        exploitable situations. To prevent these risks, it is essential
        to use a JSON parser that strictly validates the syntax of all
        input data. It is essential that any JSON inputs that do not
        conform to the JSON-text syntax defined in [[rfc7159]] be
        rejected in their entirety by JSON parsers. Failure to reject
        invalid input could compromise the security and integrity of
        Verifiable Credentials.
      </p>
    </section>
    <section class="informative">
      <h2>Accessibility</h2>
      <p>
        When implementing this specification, it is crucial for
        technical implementers to consider various accessibility
        factors. Ignoring accessibility concerns renders the information
        unusable for a significant portion of the population. To ensure
        equal access for all individuals, regardless of their abilities,
        it is vital to adhere to accessibility guidelines and standards,
        such as the Web Content Accessibility Guidelines (WCAG 2.1)
        [[WCAG21]]. This becomes even more critical when establishing
        systems that involve cryptography, as they have historically
        posed challenges for assistive technologies.
      </p>
      <p>
        Implementers are advised to note and abide by all accessibility
        considerations called out in the [[VC-DATA-MODEL]].
      </p>
    </section>


    <section class="informative">
      <h2>Internationalization</h2>
      <p>
        Implementers should take into account several
        internationalization considerations when publishing data
        described in this specification. Disregarding
        internationalization hampers the production and consumption of
        data across diverse languages and societies, thereby restricting
        the applicability and significantly reducing the value of the
        specification as a standard.
      </p>
      <p>
        Implementers are advised to note and abide by all
        internationalization considerations called out in the
        [[VC-DATA-MODEL]], see also <a href="https://www.w3.org/standards/webdesign/i18n">i18n</a>,
        <a href="https://url.spec.whatwg.org">URL Standard</a>
      </p>
    </section>

  </section>


  <section class="informative">
    <h3>Appendix</h3>
    <section>
      <h2>Controllers</h2>
      <pre class="example" title="A verifiable credential controller document">
{
  "@context": ["https://www.w3.org/ns/did/v1", {
    "@vocab": "https://vendor.example#"
  }],
  "id": "did:web:vendor.example",
  "alsoKnownAs": ["https://vendor.example",
    "did:jwk:eyJraWQiOiJ1cm46aWV0ZjpwYXJhbXM6b2F1dGg6andrLXRodW1icHJpbnQ6c2hhLTI1NjpGZk1iek9qTW1RNGVmVDZrdndUSUpqZWxUcWpsMHhqRUlXUTJxb2JzUk1NIiwia3R5IjoiT0tQIiwiY3J2IjoiRWQyNTUxOSIsImFsZyI6IkVkRFNBIiwieCI6IkFOUmpIX3p4Y0tCeHNqUlBVdHpSYnA3RlNWTEtKWFE5QVBYOU1QMWo3azQifQ"
  ],
  "verificationMethod": [{
    "id": "#urn:ietf:params:oauth:jwk-thumbprint:sha-256:NzbLsXh8uDCcd-6MNwXF4W_7noWXFZAfHkxZsRGC9Xs",
    "type": "JsonWebKey",
    "controller": "did:web:vendor.example",
    "publicKeyJwk": {
      "kty": "EC",
      "crv": "P-521",
      "alg": "ES512",
      "x": "AFTyMw-fIYJNg6fBVJvOPOsLxmnNj8HgqMChyRL0swLaefVAc7wrWZ8okQJqMmvv03JRUp277meQZM3JcvXFkH1v",
      "y": "ALn96CrD88b4TClmkl1sk0xk2FgAIda97ZF8TUOjbeWSzbKnN2KB6pqlpbuJ2xIRXvsn5BWQVlAT2JGpGwDNMyV1"
    }
  }, {
    "id": "#z6MkhEdpG12jyQegrr62ACRmNY8gc531W2j9Xo39cHphuCEH",
    "type": "JsonWebKey2020",
    "controller": "https://vendor.example",
    "publicKeyJwk": {
      "kid": "urn:ietf:params:oauth:jwk-thumbprint:sha-256:FfMbzOjMmQ4efT6kvwTIJjelTqjl0xjEIWQ2qobsRMM",
      "kty": "OKP",
      "crv": "Ed25519",
      "alg": "EdDSA",
      "x": "ANRjH_zxcKBxsjRPUtzRbp7FSVLKJXQ9APX9MP1j7k4"
    }
  }, {
    "id": "#subject-authenticaton",
    "type": "JsonWebKey",
    "controller": "did:web:vendor.example",
    "publicKeyJwk": {
      "kty": "EC",
      "crv": "P-384",
      "alg": "ES384",
      "x": "PxgAmVYOQvSNcMYL2tOzoLwSWn4Ta3tIMPEUKR8pxeb-gmR11-DyKHBoIiY-2LhM",
      "y": "BZEBTkImVdpwvxR9THIRw16eblnj5-tZa7m-ww5uVd4kyPJNRoWUn2aT9ZuarAe-"
    }
  }, {
    "id": "#credential-issuance",
    "type": "JsonWebKey",
    "controller": "did:web:vendor.example",
    "publicKeyJwk": {
      "kty": "EC",
      "crv": "P-256",
      "alg": "ES256",
      "x": "MYvnaI87pfrn3FpTqW-yNiFcF1K7fedJiqapm20_q7c",
      "y": "9YEbT6Tyuc7xp9yRvhOUVKK_NIHkn5HpK9ZMgvK5pVw"
    }
  }, {
    "id": "#key-agreement",
    "type": "JsonWebKey",
    "controller": "did:web:vendor.example",
    "publicKeyJwk": {
      "kty": "OKP",
      "crv": "X25519",
      "alg": "ECDH-ES+A128KW",
      "x": "qLZkSTbstvMWPTivmiQglEFWG2Ff7gNDVoVisdZTr1I"
    }
  }],
  "authentication": ["#subject-authenticaton"],
  "assertionMethod": ["#credential-issuance"]
}
      </pre>

    </section>
    <section>
      <h3>Credentials</h3>
      <pre class="example vc-jose-cose-vc-example" title="A revocable credential with multiple subjects" data-alg="ES256" data-typ="vc+ld+json+sd-jwt" data-cty="vc+ld+json">
{
  "@context": ["https://www.w3.org/ns/credentials/v2",
    "https://www.w3.org/ns/credentials/examples/v2"
  ],
  "id": "https://contoso.example/credentials/23894672394",
  "type": ["VerifiableCredential", "K9UnitCredential"],
  "issuer": {
    "id": "https://contoso.example"
  },
  "validFrom": "2015-04-16T05:11:32.432Z",
  "credentialStatus": {
    "id": "https://contoso.example/credentials/status/4#273762",
    "type": "StatusList2021Entry",
    "statusPurpose": "revocation",
    "statusListIndex": "273762",
    "statusListCredential": "https://contoso.example/credentials/status/4"
  },
  "credentialSubject": [{
    "id": "did:example:1312387641",
    "type": "Person"
  }, {
    "id": "did:example:63888231",
    "type": "Dog"
  }]
}
      </pre>

      <pre class="example vc-jose-cose-vc-example" title="A credential with a schema">
{
  "@context": [
    "https://www.w3.org/ns/credentials/v2",
    "https://www.w3.org/ns/credentials/examples/v2"
  ],
  "id": "https://contoso.example/credentials/35327255",
  "type": ["VerifiableCredential", "KYCExample"],
  "issuer": "did:web:contoso.example",
  "validFrom": "2019-05-25T03:10:16.992Z",
  "validUntil": "2027-05-25T03:10:16.992Z",
  "credentialSchema": {
    "id": "https://contoso.example/bafybeigdyr...lqabf3oclgtqy55fbzdi",
    "type": "JsonSchema"
  },
  "credentialSubject": {
    "id": "did:example:1231588",
    "type": "Person"
  }
}
      </pre>
    </section>

    <section>
      <h2>
        Presentations
      </h2>

      <pre class="example vc-jose-cose-vp-example" title="Presentation" data-alg="ES256" data-typ="vp+ld+json+sd-jwt" data-cty="vp+ld+json">
{
  "@context": ["https://www.w3.org/ns/credentials/v2"],
  "type": ["VerifiablePresentation"],
  "holder": "urn:ietf:params:oauth:jwk-thumbprint:sha-256:_Fpfe27AuGmEljZE9s2lw2UH-qrZLRFNrWbJrWIe4SI",
  "verifiableCredential": [{
      "@context": [
        "https://www.w3.org/ns/credentials/v2"
      ],
      "type": [
        "VerifiableCredential"
      ],
      "issuer": "https://issuer.example/issuers/68",
      "validFrom": "2023-06-07T21:14:14.148Z",
      "credentialSubject": {
        "id": "https://subject.vendor.example"
      }
    },
    "https://vendor.example/credentials/42", 
    "did:example:123",
    "urn:uuid:01ec9426-c175-4e39-a006-d30050e28214",
    "urn:ietf:params:oauth:jwk-thumbprint:sha-256:_Fpfe27AuGmEljZE9s2lw2UH-qrZLRFNrWbJrWIe4SI",
    "data:application/vc+ld+json;base64,eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvbnMvY3JlZGVudGlhbHMvdjIiXSwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6andrOmV5SnJhV1FpT2lKMWNtNDZhV1YwWmpwd1lYSmhiWE02YjJGMWRHZzZhbmRyTFhSb2RXMWljSEpwYm5RNmMyaGhMVEkxTmpwdlFtUm1kbVpET1hoNk1GOUJVWFpSTjNZMU1YbERXbDl6ZUdwNU56VkNUSEpJZWsxT1Jqa3lPV1U0SWl3aWEzUjVJam9pVDB0UUlpd2lZM0oySWpvaVJXUXlOVFV4T1NJc0ltRnNaeUk2SWtWa1JGTkJJaXdpZUNJNklqTmljbU5zYjBJNGFEUk5XbFZJYms5UVVHbGtTbXd0U2pkdVVsRkpXSFJUYUZwM1oyNW1jbHAxVDI4aWZRIiwidmFsaWRGcm9tIjoiMjAyMy0wNi0wN1QyMToxNDoxNC4xNDhaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJodHRwczovL3N1YmplY3QudmVuZG9yLmV4YW1wbGUifX0="
  ]
}
      </pre>

    </section>

    <section>
      <h3>Data URIs</h3>
      <pre class="example" title="JSON-LD Verifiable Credential">
data:application/vc+ld+json;base64,eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvbnMvY3JlZGVudGlhbHMvdjIiXSwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6andrOmV5SnJhV1FpT2lKMWNtNDZhV1YwWmpwd1lYSmhiWE02YjJGMWRHZzZhbmRyTFhSb2RXMWljSEpwYm5RNmMyaGhMVEkxTmpwdlFtUm1kbVpET1hoNk1GOUJVWFpSTjNZMU1YbERXbDl6ZUdwNU56VkNUSEpJZWsxT1Jqa3lPV1U0SWl3aWEzUjVJam9pVDB0UUlpd2lZM0oySWpvaVJXUXlOVFV4T1NJc0ltRnNaeUk2SWtWa1JGTkJJaXdpZUNJNklqTmljbU5zYjBJNGFEUk5XbFZJYms5UVVHbGtTbXd0U2pkdVVsRkpXSFJUYUZwM1oyNW1jbHAxVDI4aWZRIiwidmFsaWRGcm9tIjoiMjAyMy0wNi0wN1QyMToxNDoxNC4xNDhaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJodHRwczovL3N1YmplY3QudmVuZG9yLmV4YW1wbGUifX0=
      </pre>

      <pre class="example" title="JSON-LD Verifiable Presentation">
data:application/vp+ld+json+json;base64,eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvbnMvY3JlZGVudGlhbHMvdjIiXSwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6andrOmV5SnJhV1FpT2lKMWNtNDZhV1YwWmpwd1lYSmhiWE02YjJGMWRHZzZhbmRyTFhSb2RXMWljSEpwYm5RNmMyaGhMVEkxTmpwdlFtUm1kbVpET1hoNk1GOUJVWFpSTjNZMU1YbERXbDl6ZUdwNU56VkNUSEpJZWsxT1Jqa3lPV1U0SWl3aWEzUjVJam9pVDB0UUlpd2lZM0oySWpvaVJXUXlOVFV4T1NJc0ltRnNaeUk2SWtWa1JGTkJJaXdpZUNJNklqTmljbU5zYjBJNGFEUk5XbFZJYms5UVVHbGtTbXd0U2pkdVVsRkpXSFJUYUZwM1oyNW1jbHAxVDI4aWZRIiwidmFsaWRGcm9tIjoiMjAyMy0wNi0wN1QyMToxNDoxNC4xNDhaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJodHRwczovL3N1YmplY3QudmVuZG9yLmV4YW1wbGUifX0=
      </pre>
    </section>

    <section>
      <h2>
        Detached Payload
      </h2>
      <p class="issue">TODO add COSE Sign1 detached payload examples</p>
    </section>
  </section>
  </section>
</body>

</html>