Add media type registration request #1000
Conversation
index.html
Outdated
| @@ -5224,6 +5224,79 @@ <h2>IANA Considerations</h2> | |||
| </li> | |||
| </ul> | |||
|
|
|||
| <section id="media-type"> | |||
| <h2>The <code>application/credential+json</code> Media Type</h2> | |||
There was a problem hiding this comment.
| <h2>The <code>application/credential+json</code> Media Type</h2> | |
| <h2>The <code>application/vc+json</code> Media Type</h2> |
I'm on the IETF mediatype mailing list as a reviewer -- I expect that claiming "application/credential" will be frowned upon -- if I saw this come across, that's the feedback I intend to provide.
I expect we'll be asked to change it to "application/verifiable-credential" or just "application/vc" as the base string (with +whatever after it) to ensure we're not stomping on any other type of "credentials".
There was a problem hiding this comment.
I don't think I can accept this change, because the intention is to define the media type for the "data model" not the "secured data model".... unless we say that a "verifiable credential" can be "unsecured" similar to how "alg: none" is used...
In other words, proof is not a required member of application/vc+json... and likely would be a forbidden.
If thats ok, I am happy to accept this change, see the proposals on the mailing lists for the intended use of this cty with COSE and JOSE.
There was a problem hiding this comment.
- https://lists.w3.org/Archives/Public/public-vc-wg/2022Nov/0034.html (use with JWS)
- https://lists.w3.org/Archives/Public/public-vc-wg/2022Dec/0011.html (use with COSE Sign 1)
There was a problem hiding this comment.
definitions of the JOSE header parameters are very clear that
cty which is used to declare the media type of the secured content (the payload) , should be credential+xxx and not verifiable-credential+xxx.
typ which is used to declare the media type of this complete JWS should be verifiable-credential+xxx.
the ship that vc-data-model spec defined credential in a different way than identity industry used to define/use it has sailed. with credential term being more and more accepted as it is defined in vc-data-model spec, with good arguments, registration of credential+xxx should be possible.
There was a problem hiding this comment.
with credential term being more and more accepted as it is defined in vc-data-model spec, with good arguments, registration of credential+xxx should be possible.
Alright, if the VCWG is going to get behind that argument, it might be doable. We'll have to see what the media types list says. It helps that there isn't a single registered media type that has the word "credential" in it today, we might find out why when we try to register it. :)
msporny
requested review from
dlongley,
dmitrizagidulin,
mprorock and
peacekeeper
|
The issue was discussed in a meeting on 2023-01-11
View the transcript2.3. Add media type registration request (pr vc-data-model#1000)See github pull request vc-data-model#1000. Manu Sporny: Next PR 1000 is about media types registration.. Michael Jones: There is an important distinction between the type that is signed versus the type that is the entire thing..
Manu Sporny: Mike's comments will be useful input to the PR. Mike will provide more info in writing.. Michael Jones: IETF may need multiple plus signs.. Manu Sporny: This will have impact on the W3C VC efforts as well.. |
|
This PR has a LOT of disconnected discussion of |
Co-authored-by: Manu Sporny <[email protected]>
|
@TallTed wrote:
Yes, agreed. The discussions include:
There seem to be multiple parallel discussions going on here, with some suggestions that we're going to have even more media types in the future. At present, given this PR, I can't tell which one of these media types are going to eventually be a valid media type for things associated with this specification:
It's hard to understand where the current proposal fits in the options above, and it's not clear that making the distinction between a "credential" and "verifiable credential" via the media type really buys us enough value. I can see a future where we have the following media types (/cc @gkellogg):
@OR13, what's the plan here -- which one of the above are you intending as options? Are there more? |
|
@msporny the intention is implemented in the PR, the proposals here explain one potential use of this type in JOSE and COSE: Looking forward to discussing on a special topic call. |
this should be a good discussion, and hopefully productive. I don't think we need to have all answers in at once, especially as we are in "work in progress" mode. concern from my side that we might make "perfect" the enemy of the good here and prevent forward progress by trying to define every possible case in advance, rather than moving forward with one or two items we know we need, and then hashing out details as we go on the other items |
|
@mprorock Agree mike, this topic has already been discussed a lot. There are a lot of places where |
|
@OR13 wrote:
I'm on board with the concept of having two different media types, and also dubious that developers will use them properly for the same reason that
Neither do I, but I do think that we have to have a better understanding of the path forward than what we have right now. We don't want to paint ourselves into a corner either. My hope is that we can get to that plan in the upcoming Special Topic call.
Yes, you can make iterative progress that way... and it's also how one paints themselves into a corner. That's the concern here. All that said, here's a cut at a unified philosophy for doing media type processing:
Once we define these media types, we'll have to talk about what happens when things go wrong, such as:
I suggest the answers to the questions above are:
Thoughts? |
|
Yes (I think) to 1, and 4... maybe 2 and 3... I think we should cover negotiation and the |
|
Cross-posting this here from #978: Also, if people want to publish VCs in web pages, which media type should they use? Is it going to make things more challenging for this use case if we have extra media types that mean the same thing? People publish structured data using |
|
For JOSE (JWS-secured) containers, it seems one could do |
|
@dlongley I would guess that both Indeed, your comment about using And they like the ability to be as specific as possible. |
Co-authored-by: Manu Sporny <[email protected]>
index.html
Outdated
| <section id="media-type"> | ||
| <h2>The <code>application/credential+ld+json</code> Media Type</h2> | ||
| <p> | ||
| This specification registers the <code>application/credential+json</code> MIME Media Type specifically for |
There was a problem hiding this comment.
| This specification registers the <code>application/credential+json</code> MIME Media Type specifically for | |
| This specification registers the <code>application/credential+ld+json</code> MIME Media Type specifically for |
There was a problem hiding this comment.
Yes, please apply this correction.
Co-authored-by: Dave Longley <[email protected]>
Co-authored-by: Manu Sporny <[email protected]>
There was a problem hiding this comment.
Having had a discussion with @OR13 about this, I understand that this PR is quite focused in what it's attempting to achieve and I agree with what this PR is attempting to achieve, which is at least one registered media type that can be used in cty, there may be others that the group registers in the future and those should go in separate PRs.
|
Normative, multiple reviews, changes requested and made, no objections, merging. |
|
For folks wondering how to use this new media type, here is an example: |
|
Here is the media type in use with cose sign 1: |
|
The issue was discussed in a meeting on 2023-01-17
View the transcript1. Add media type registration request (pr data-model#1000)See github pull request vc-data-model#1000. Orie Steele: Any objections to merging PR #1000?.
Kristina Yasuda: I think we should merge it..
Orie Steele: There are more approvals than I've seen on any PR since we resumed working.. Brent Zundel: Please give us a summary.
Brent Zundel: If there are no objections, I believe it would be appropriate to merge it. Orie Steele: A credential becomes a Verifiable Credential when it contains an embedded or external proof. Michael Jones: Merge it. Manu Sporny: The only thing that prevents divergence is talking to one another across the specs.
Manu Sporny: It's always possible to register too many media types or create non-interoperability. Michael Prorock: There's an important lesson from this PR. The quickness of its approval indicates that this was needed.. Brent Zundel: At this stage, we first wanted to talk about PR 1000. Manu Sporny: Please provide something for the disposition comments when you merge things.. Brent Zundel: Can the associated issues be closed?. |
|
Can someone add or point to what the definition/purpose/goals of a "media type" is/are to this conversation? The above discussion is quite abstract if it isn't anchored in an agreed upon definition/purpose/goals of what a media type is. UPDATE: Is this an agreeable definition? https://developer.mozilla.org/en-US/docs/Glossary/MIME_type If so, then the chosen credential media types need to specifically reflect the physical format/structure/serialization of each type of credential. ...and by implication, "application/credential" should never be acceptable (as a standalone media type) because it is too general. The media type naming pattern also needs to be naturally extendable to allow for additional credential types in the future. For example, https://youtu.be/uo4RuT__IXw?t=2685s suggests some dimensions to consider when designing a credential media type "namespace". From https://en.wikipedia.org/wiki/Media_type
Per https://en.wikipedia.org/wiki/Media_type, perhaps "credential" should be advocated as a top-level media type ...a peer to "application" and "text". (Go big or go home 😉🙂 ...after all we are designing the future Internet.) |
|
For example, something like the following...
|
Addresses #978 (comment)
Preview | Diff