1. Yes, I support the charter text. 2. Yes, I am willing to participate in the development of the WG drafts. 3. Yes, I am willing to review charter drafts. 4. Yes, I am willing to work on implementations--we have resourcing available for this later in the quarter.
On Mon, Oct 17, 2022 at 6:45 PM Karen O'Donoghue <odonoghue= [email protected]> wrote: > Everyone... > > On 12 October 2022, we held the second BoF for JSON Web Proofs proposed > work [1] as a follow-on to the BoF held at IETF 114 [2]. > > We had a robust discussion on problem to be solved and the proposed scope > of work. A draft charter was previously circulated on the mailing list and > discussed during the meeting. Polling of the BoF participants showed a > strong consensus on understanding of the problem and interest to solve it > in the IETF. There was also critical mass of energy to do this work. There > was some feedback on the charter along with consensus to reuse the JOSE > mailing list. > > The charter was updated based on the feedback from the BoF and is > available here and included below: > > https://github.com/json-web-proofs/json-web-proofs/blob/main/charter-ietf-jose-03.md > > Now with a revised charter available, we'd like to continue this BoF > conversion with an email thread to gauge interest to forming a WG to ensure > we also capture views from those who were unable to attend the BoF or those > who want to reiterate their positions. Please respond to the list: > > (1) Do you support the charter text? Or do you have objections or blocking > concerns (please describe what they might be)? > > If you do support the charter text: > (2) Are you willing to author or participate in the developed of the WG > drafts? > (3) Are you willing to review the WG drafts? > (4) Are you interested in implementing the WG drafts? > > If you previously spoke of at the BoF, you are welcome to repeat yourself > here. > > If you have been following along on the mailing list, the charter text > below is the one that was being polished in GitHub ( > https://github.com/json-web-proofs/json-web-proofs/blob/main/charter-ietf-jose-03.md). > > > This call for feedback will end on Monday, 24 October 2022. > > Thanks, > Karen and John > > [1] > https://datatracker.ietf.org/meeting/interim-2022-jwp-01/materials/minutes-interim-2022-jwp-01-202210121300-00 > [2] https://notes.ietf.org/notes-ietf-114-jwp# > [3] > https://github.com/json-web-proofs/json-web-proofs/blob/main/charter-ietf-jose-03.md > > *Draft Charter:* > > The original JSON Object Signing and Encryption (JOSE) working group > <https://datatracker.ietf.org/doc/charter-ietf-jose/02/> standardized > JSON-based representations for: > > - Integrity-protected objects – JSON Web Signatures (JWS) [RFC 7515 > <https://www.rfc-editor.org/rfc/rfc7515.html>] > - Encrypted objects – JSON Web Encryption (JWE) [RFC 7516 > <https://www.rfc-editor.org/rfc/rfc7516.html>] > - Key representations – JSON Web Key (JWK) [RFC 7517 > <https://www.rfc-editor.org/rfc/rfc7517.html>] > - Algorithm definitions – JSON Web Algorithms (JWA) [RFC 7518 > <https://www.rfc-editor.org/rfc/rfc7518.html>] > - Test vectors for the above – Examples of Protecting Content Using > JSON Object Signing and Encryption [RFC 7520 > <https://www.rfc-editor.org/rfc/rfc7520.html>] > > These were used to define the JSON Web Token (JWT) [RFC 7519 > <https://www.rfc-editor.org/rfc/rfc7519.html>], which in turn, has seen > widespread deployment in areas as diverse as digital identity > <https://openid.net/connect/> and secure telephony > <https://www.ietf.org/blog/stir-action/>. > > Concurrent to the growth of adoption of these standards to express and > communicate sensitive data has been an increasing societal focus on > privacy. Common privacy themes in identity solutions are user consent, > minimal disclosure, and unlinkability. > > A multi-decade research activity for a sizeable academic and applied > cryptography community, often referred to as anonymous credentials, targets > privacy and knowledge protection. Some of the cryptographic techniques > developed in this space involve pairing-friendly curves and zero-knowledge > proofs (ZKPs) (to name just a few). Some of the benefits of zero-knowledge > proof algorithms include unlinkability, selective disclosure, and the > ability to use predicate proofs. > > The current container formats defined by JOSE and JWT are not able to > represent data using zero-knowledge proof algorithms. Among the reasons are > that most require an additional transform or finalize step, many are > designed to operate on sets and not single messages, and the interface to > ZKP algorithms has more inputs than conventional signing algorithms. The > reconstituted JSON Object Signing and Encryption (JOSE) working group will > address these new needs, while reusing aspects of JOSE and JWT, where > applicable. > > This group is chartered to work on the following deliverables: > > - > > An Informational document detailing Use Cases and Requirements for new > specifications enabling JSON-based selective disclosure and zero-knowledge > proofs. > - > > Standards Track document(s) specifying representation(s) of > independently-disclosable integrity-protected sets of data and/or proofs > using JSON-based data structures, which also aims to prevent the ability to > correlate by different verifiers. > - > > Standards Track document(s) specifying representation(s) of JSON-based > claims and/or proofs enabling selective disclosure of these claims and/or > proofs, and that also aims to prevent the ability to correlate by different > verifiers. > - > > Standards Track document(s) specifying how to use existing > cryptographic algorithms and defining their algorithm identifiers. The > working group will not invent new cryptographic algorithms. > - > > Standards Track document(s) specifying how to represent keys for these > new algorithms as JSON Web Keys (JWKs). > - > > An Informational document defining test vectors for these new > specifications. > - > > Standards Track document(s) defining CBOR-based representations > corresponding to all the above, building upon the COSE and CWT > specifications in the same way that the above build on JOSE and JWT. > > One or more of these goals may be combined into a single document, in > which case the concrete milestones for these goals will be satisfied by the > consolidated document(s). > > An informal goal of the working group is close coordination with the > rechartered > W3C Verifiable Credentials WG > <https://www.w3.org/2022/05/proposed-vc-wg-charter.html>, which has taken > a dependency on this work for the second version of its Verifiable > Credentials specification. The working group will also coordinate with the > Selective > Disclosure JWT > <https://datatracker.ietf.org/doc/draft-ietf-oauth-selective-disclosure-jwt/> > work in the OAuth working group, the Privacy Pass > <https://datatracker.ietf.org/doc/charter-ietf-privacypass/> working > group, and the CFRG. > > _______________________________________________ > jose mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/jose >
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
