Open
Description
I'm sorry to post so many concepts in 1 issue.
There are a lot of existing IETF WGs that have a part of this picture, and I wanted to paint how I see them being related.
flowchart
subgraph ietf [IETF]
subgraph oauth [OAUTH]
oauth_dpop["DPoP"]
oauth_jwt["JWT"]
oauth_sd_jwt["SD-JWT"]
oauth_vc["SD-JWT Verifiable Credentials"]
oauth_status_list["JWT / CWT Status Lists"]
oauth_client_attestation["Client Attestation"]
oauth_client_attestation -.-> oauth_dpop
oauth_sd_jwt -.-> oauth_dpop
oauth_sd_jwt -.-> oauth_vc
oauth_status_list -.-> oauth_jwt
oauth_status_list -.-> oauth_sd_jwt
oauth_status_list -.-> oauth_vc
end
subgraph rats [RATs]
rats_client_attestation["? Client Attestation"]
rats_device_id["? EUID"]
rats_device_id -.-> rats_client_attestation
end
subgraph scitt [SCITT]
scitt_ts["Transparency Service"]
end
subgraph kt [KEY TRANS]
kt_ts["Transparency Service"]
end
subgraph satp [SATP]
satp_gateway["SATP Gateway"]
end
subgraph cose [COSE]
cose_sign1["COSE Sign1"]
cose_cwt["CWT"]
cose_sd_cwt["? SD-CWT"]
cose_key["COSE Key"]
end
subgraph jose [JOSE]
jose_jwk["JWK"]
jose_jwp["JWP"]
end
subgraph openpgp [OpenPGP]
openpgp_keys["PGP Keys"]
openpgp_signatures["PGP Signatures"]
openpgp_keys -.-> openpgp_signatures
end
subgraph whodis [WHODIS]
whodis_arch["???"]
end
end
subgraph w3c [W3C]
w3c_vc["Verifiable Credentials"]
w3c_vc_di["Data Integrity Verifiable Credentials"]
w3c_vc_jose_cose["JOSE / COSE Verifiable Credentials"]
w3c_did["JSON-LD Decentralized Identifiers"]
w3c_status_list["JSON-LD Status Lists"]
w3c_status_list <-.-> w3c_vc
w3c_vc -.-> w3c_vc_di
w3c_vc -.-> w3c_vc_jose_cose
w3c_vc -.-> w3c_did
w3c_vc_jose_cose -.-> oauth_vc
w3c_vc_jose_cose -.-> cose_sign1
w3c_vc_jose_cose -.-> oauth_jwt
end
subgraph w3c_ccg [W3C CCG]
w3c_ccg_did_web["DID Web"]
w3c_ccg_did_key["DID Key"]
end
subgraph external [Misc Community]
did_jwk["DID JWK"]
end
subgraph abstract [Generic Concepts]
identity["Identity"]
identity_docs["Identity Documents (Signed Public Keys)"]
identity_claims["Identity Claims (Attributes bound to Identity Documents)"]
identity --> identity_docs
identity --> identity_claims
end
identity_docs -.-> w3c_did
identity_claims -.-> w3c_vc
identity_claims -.-> oauth_jwt
identity_claims -.-> oauth_sd_jwt
identity_claims -.-> oauth_vc
identity_claims -.-> cose_sign1
identity_claims -.-> cose_cwt
identity_claims -.-> cose_sd_cwt
identity_claims -.-> jose_jwp
identity_claims -.-> oauth_status_list
identity_claims -.-> oauth_client_attestation
identity_claims -.-> rats_client_attestation
identity_claims -.-> openpgp_keys
identity_claims -.-> openpgp_signatures
w3c_did -.-> did_jwk
w3c_did -.-> w3c_ccg_did_key
w3c_did -.-> w3c_ccg_did_web
w3c_did -.-> satp_gateway
w3c_did -.-> jose_jwk
jose_jwk -.-> did_jwk
jose_jwk -- ? --> kt_ts
openpgp_keys -- ? --> kt_ts
cose_key -- ? --> kt_ts
jose_jwk -.-> scitt_ts
openpgp_keys -.-> scitt_ts
cose_key -.-> scitt_ts
cose_sign1 -.-> scitt_ts
cose_cwt -.-> scitt_ts
cose_sd_cwt -.-> scitt_ts
w3c_ccg_did_web -.-> scitt_ts
did_jwk -.-> scitt_ts
Summarizing some of key takeaways from the picture.
iss and kid are critical in the context of identity at IETF.
key and signature formats are also critical.
transparency services are interested in key material and claims.
W3C "DIDs" and "VCs" are very interested in JSON-LD / RDF.
IETF concept of "identifiers and claims" tend to follow an existing format, like JOSE / COSE / x509 or OpenPGP.
Some of the W3C work relies on IETF work for security foundation.
Some IETF work relies on W3C for data modeling (DIDs are supported in SATP and SCITT, possibly also relevant to other work).
Metadata
Metadata
Assignees
Labels
No labels