Feature/editorial intro and format

[mprorock]

Many line number changes here. Actual changes in this:

1. Reformat and reflow for consistent indentation in the html and line breaks
2. retitle to "Securing Verifiable Credentials using JOSE and COSE" with new short name "vc-jose-cose"
3. reorder sections so securing core data model comes first
4. adjust abstract, and add introductory text that refers to items we are actually doing in this spec

---

Preview | Diff

[OR13]

nit, maybe a second p tag.

[OR13]

same issue with payload vs claimset... I don't think it makes sense to call a COSE Sign1 "payload" a "claimset"... I think we will need to do a lot of cleanup if we remove the "native JWT encoding from the spec, basically replacing the word "claimset" with "payload" everywhere, and making it content type explicitly JSON-LD ... and NOT... JSON.

[OR13]

nit, on formatting this for spec readability

[OR13]

typ only works for JSON payloads... same issue as https://github.com/w3c/vc-jwt/pull/112/files#r1245326420

[mprorock]

yeah - didn't adjust this text, but something we need to address in next pass

[OR13]

nit on formatting

[OR13]

reminder about this typ issue... cc @selfissued

[OR13]

There is no tag for typ in COSE Headers, so there is no CWT equivalent of JWT.

[OR13]

nit, some text here would help with future editorial cleanup

[OR13]

I expect we will remove this section, @selfissued remains the only objector to #88

I suggest an editorial issue marker to communicate this better to readers.

[OR13]

I have nits, but I don't know if any of them matter.

Please add the issue markers for tag, to assist them in their review

[mprorock]

I have nits, but I don't know if any of them matter.

Please add the issue markers for tag, to assist them in their review

yeah - the nits are in sections i didn't touch - only non-format changes were in doc title and abstract/intro
will add issue markers separately in a follow on PR

[andresuribe87]

with new short name "vc-jose-cose"

Curious how this will be performed? Will this repository be renamed?

[mprorock]

with new short name "vc-jose-cose"

Curious how this will be performed? Will this repository be renamed?

Will leave that to the chairs, but is suspect that will be the case

[mprorock]

@selfissued need to get this one merged so that we are building on consistent formatting - blocking addressing of additional PRs to address notes from @OR13 above

[mprorock]

since this is hard to read due to reformatting, the actual changes are here (everything else untouched):

changes:

<title>Securing Verifiable Credentials using JOSE and COSE</title>

shortName: "vc-jose-cose",

added/adjusted:

 <section id="introduction">
    <h2>Introduction</h2>
    <p>
      This specification describes how to secure media types
      expressing Verifiable Credentials and Verifiable Presentations
      as described in the [[VC-DATA-MODEL]], using approaches
      described by the COSE and JOSE working groups at IETF. This
      includes JWTs [[RFC7519]], JWS [[RFC7515]], and COSE [[RFC8152]]
      and provides an approach using well defined content types
      [[RFC6838]] to identify that the type of data being secured
      conforms with the [[VC-DATA-MODEL]].
    </p>
    <p>
      JSON Web Signatures (JWS) [[RFC7515]] provide a standardized
      mechanism for digitally signing JSON data. It provides a means
      to ensure the integrity, authenticity, and non-repudiation of
      the information contained in a JSON object. JWS enables secure
      communication and trust between parties by adding a
      cryptographic signature to a payload. This signature is
      generated using a private key and can be verified using the
      corresponding public key. JWS enables content integrity, authentication and non repudiation, 
      protecting data from unauthorized modifications. The
      versatility and wide adoption of JWS make it an essential
      component for verifying the authenticity and integrity of
      data in various applications, including
      authentication, authorization, and secure data exchange. These
      properties make JWS especially well suited to securing the
      JSON-LD [[VC-DATA-MODEL]] and through this to provide a means of
      supporting the three party model (issuer, verifier, holder) for
      exchange of credentials enabled in verifiable credenials.
    </p>

added:

<p>
      CBOR Object Signing and Encryption (COSE) [[RFC8152]] is a
      specification that defines a framework for signing and
      encrypting CBOR (Concise Binary Object Representation) [RFC8949]
      data structures. COSE provides a standardized way to secure the
      integrity, authenticity, and confidentiality of CBOR-encoded
      information. It offers a flexible and extensible set of
      cryptographic options, allowing for a wide range of algorithms
      to be used for signing and encryption.

      COSE supports two main operations: signing and encryption. For
signing, COSE allows the creation of digital signatures over
      CBOR data using various algorithms such as HMAC, RSA, ECDSA, or
      EdDSA. These signatures provide assurance of data integrity and
      authenticity. COSE also supports encryption, enabling the
      confidentiality of CBOR data by encrypting it with symmetric or
      asymmetric encryption algorithms.
    </p>
  </section>

[selfissued]

Approved with two comments to address before merging.

[OR13]

Editorial, merging

[TallTed]

Needs re-reading...

It provides a means
to ensure the integrity, authenticity, and non-repudiation of
the information contained in a JSON object. 

is redundant with

JWS enables content integrity, authentication and non repudiation, 
protecting data from unauthorized modifications.