Signed Data (JSON – LD vs JWTS or something else)

From IIW

Signed Data (JSON – LD vs JWTS or Something Else)

Day/Session:Wednesday 1K

Convener:Pelle Braendgaard

Notes-taker(s): Pelle Braendgaard

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

There are pros and cons of json-ld-signatures vs JWTs. While this was a general conversation it was seen in the context of W3C Verifiable Credentials.



- Semantics

- Graph

- Human Readable


- Difficult to integrity/canonicalization of graph for signing purposes

- Canonicalization requirement

- Difficult to understand what is signed

- Cognitive overload when understanding data

- Lack of diversity in tooling

- You have to really know what you do to verify a signed json-ld document

Asks of JSON-LD community to make it useful for Verifiable Credentials:

- Better Tooling (automatically resolve DIDs and verify signatures)

- Better documentation for specific use cases

- Middleware for various server implementations to automatically verify signatures etc of json-ld requests

- Remove embedded schema



- You always know what is signed (easy to verify)

- No canonicalization needed

- Good tooling


- Key definition/lookup part is not very well defined

- No built in semantics/schemas

- Not Human Readable

Asks of JWT community:

- Libraries should support DID resolution (eg implementation:

- Help work on defining Verifiable Credentials using JWT