Enable CBOR Representation(s) of Verifiable Credentials #985
Comments
|
Blockchain Commons, and our financial sponsors from the cryptographic wallet & chip industry, have committed to moving to deterministic CBOR. Why?
There is a more specific comparison with other formats in Appendix E of the IETF spec for CBOR: We've added a few comparison links at "Why CBOR? Why not Protocol Buffers??" We made this decision some time ago, and we keep being happy with our choice. Specifically, we are planning to submit this spec for Gordian Envelopes that leverages deterministic CBOR as an IETF Internet-Draft by end of the week:
It adds to CBOR:
We have a high-level overview of Gordian Envelops at:
A more engineering-level introduction at:
We have a video playlist starting with a 10m high-level introduction:
We have a reference CLI implementation (written in Swift) available now, and some of our patrons have begun porting libraries to more languages like Kotlin, Typescript, Python, and Blockchain Commons is also committed to porting to Rust as funding allows. Let us know your needs! For those of you who don't like videos, we have an annotated introduction to our CLI reference implementation that really demonstrates of the power of CBOR with Gordian Envelopes: We have also written up a number of "use case" documents to demonstrate what is possible using Gordian Envelopes. Specifically, the VC community may find our "Educational Credential" use case interesting:
-- Christopher Allen |
|
I'm against "defining W3C Verifiable Credentials data model in CBOR". I don't believe W3C is the right place to "define a new data model for arbitrary claims in CBOR" especially if there is already plans to do that work at IETF. (ACDCs and Gordian) There are also a lot of incompatibilities, and politics between JOSE and COSE which make the idea of doing anything other than securing the W3C Verifiable Credentials Data Model... Not something the W3C is well positioned to accomplish successfully. I also think that there are several COSE structures that should be supported, and we should avoid locking implementers into CWTs as the only supported format for COSE. TLDR, as I said at TPAC I am in favor of securing the W3C VC Data Model with JWS, JWT, JWE and COSE... I'm not in favor of starting from scratch on a new abstract data model. We're not making any progress meaningfully improving what we are already committed to, it's not a good time to suggest pulling in new work. |
|
What is the best link(s) to a primer on CBOR? |
|
One other reason CBOR can be a lot more compact than JSON that people not currently using it may not be familiar with: Instead of having to use string member names as JSON requires, like "credentialSubject", numeric member names can be used, including single-byte member names such as 3. Yes, you would have to understand the mapping between "credentialSubject" and 3, but it's a significant savings worth having for some use cases. |
Agreed - i think timing will be important here - I also think that we should not start from scratch, but should leverage the VC data model as it exists in 1.1 as a starting place. Hugely supportive of CBOR encoding for VCs and am willing to contribute time to this. |
Of course, if one is using JSON-LD, one can build an It's funny how many arguments can be applied to neighboring scenarios, eh? |
|
If this WG is going to attempt multiple representations, we will need to develop a shared mental model for how they relate to the core data model, and it should be handled much better than what was done to the DID spec. I can see one path forward, that I would support, inspired by the work at IETF - https://datatracker.ietf.org/doc/draft-birkholz-rats-corim/ They provide a JSON and CBOR representations. We could take the existing namespace: For every property in the namespace, add a tag for it, and manage the tags in a centralized registry like (but not equivalent too, aka a new registry): Then define lossless bidirectional mappings between JSON and CBOR representations for And then define proof formats for
I don't see this recommendation as "altering the core data model".... I see it as defining a mapping from the "core data model" to JSON or CBOR. I can imagine this going wrong and making things massively worse than they already are today, especially given the current state of the I suggest we think of supporting CBOR in this manner as a "stretch goal", and tackle it after we have addressed the obvious flaws related to the current JSON mappings. If we keep trying to attack the core data model, we are never going to get to FPWD for After all, the charter allows us to decide what to focus on... it doesn't guarantee delivery... If Starting work on CBOR seriously threatens the working groups ability to do a "good job" on the things we have already said we would do, but have yet to show real progress on. I can't meaningfully contribute to so many work items... Its already a stretch to support the current work items:
Let's show progress on eating whats on our plate, before loading up on more sugar. |
It's worth noting that CBOR-LD does this programmatically and automatically for any JSON-LD contexts. IOW, it avoids the artisan-approach but still achieves semantic compression. CBOR-LD also already maps to / from the existing model and JSON-LD representation. |
|
I think the discussion in issue #973 |
|
Has been discussed, we've talking about how |
|
The issue was discussed in a meeting on 2023-02-08
View the transcript4.1. Enable CBOR Representation(s) of Verifiable Credentials (issue vc-data-model#985)See github issue vc-data-model#985. Brent Zundel: enable cbor representations of VCs. Orie Steele: has been proposal for cbor in P.R #1000. Manu Sporny: already cbor representations for VCs. Not standardised. Have cbor-ld that will take jsonld VCs and compress. Brent Zundel: any other comments. |
|
I suggest closing this issue, vc-jwt already covers a cose sign1 scenario for vc+ld+json. |
|
closing based on conversation during 2023-04-05 VCWG call |
|
The issue was discussed in a meeting on 2023-04-05
View the transcript3.3. Enable CBOR Representation(s) of Verifiable Credentials (issue vc-data-model#985)See github issue vc-data-model#985. Brent Zundel: Will assign both to the issue to discuss and move things forward. Dave Longley: Who would be the closest, based on resolutions made previously?
Dave Longley: Maybe we should close this.
Ivan Herman: Do we want to add another work item for CBOR representation?
Michael Jones: I concur. With where we are and what we need to do, not willing to add another work item.
Michael Jones: Supports closing. Kevin Dean: CBOR supported in ACDC, so may be covered there. Brent Zundel: ivan will close it. |
|
No objections raised since being marked |
Many parties have already created and deployed ad-hoc CBOR representations of Verifable Credentials. Unfortunately, none of these are standards or standards-track at present.
One of CBOR's obvious advantages over JSON is size. Binary data such as signatures doesn't pay the 33% size inflation that base64url-enoding binary data incurs in JSON.
The DID abstract data model succeeded in enabling CBOR representations. (Yes, the DID working group didn't agree on what CBOR representation to standardize, although that could change in the future.) We should likewise explicitly enable standardization of CBOR Verifiable Credential representations with the Verifiable Credentials Data Model.
The text was updated successfully, but these errors were encountered: