didcomm-messaging icon indicating copy to clipboard operation
didcomm-messaging copied to clipboard

Published 20 hours ago verified publisher icon decentralized-identity

Confusion between JWM vs JWS and wrong examples

Open FabioPinheiro opened this issue 1 year ago • 1 comments

The DID Comm specs we can read: All three DIDComm message formats — plaintext, signed, and encrypted — can be correctly understood as more generic [JWMs (JSON Web Messages)](https://tools.ietf.org/html/draft-looker-jwm-01) Although there are a lot of reference to JWS in the DID Comm specification

Links: DID Comm specs signed examples JWM draft JWS RFC7515

The problem is that the signed message looks more like the examples in JWS and the JWM. Because JWS uses the JWS Unprotected Header to have the kid and JWM uses JWS Protected Header.

Ex from the DID Comm specs:

{
   "payload":"eyJpZCI6IjEyMzQ1Njc4OTAiLCJ0eXAiOiJhcHBsaWNhdGlvbi9kaWRjb21tLXBsYWluK2pzb24iLCJ0eXBlIjoiaHR0cDovL2V4YW1wbGUuY29tL3Byb3RvY29scy9sZXRzX2RvX2x1bmNoLzEuMC9wcm9wb3NhbCIsImZyb20iOiJkaWQ6ZXhhbXBsZTphbGljZSIsInRvIjpbImRpZDpleGFtcGxlOmJvYiJdLCJjcmVhdGVkX3RpbWUiOjE1MTYyNjkwMjIsImV4cGlyZXNfdGltZSI6MTUxNjM4NTkzMSwiYm9keSI6eyJtZXNzYWdlc3BlY2lmaWNhdHRyaWJ1dGUiOiJhbmQgaXRzIHZhbHVlIn19",
   "signatures":[
      {
         "protected":"eyJ0eXAiOiJhcHBsaWNhdGlvbi9kaWRjb21tLXNpZ25lZCtqc29uIiwiYWxnIjoiRVMyNTYifQ",
         "signature":"gcW3lVifhyR48mLHbbpnGZQuziskR5-wXf6IoBlpa9SzERfSG9I7oQ9pssmHZwbvJvyMvxskpH5oudw1W3X5Qg",
         "header":{
            "kid":"did:example:alice#key-2"
         }
      }
   ]
}

FabioPinheiro avatar Oct 25 '23 16:10 FabioPinheiro

JWM does not have signatures.header We need to fix all examples is make JWM. But JWM document is an Expired Draft. So I'm not fully convinced this is the best solution

FabioPinheiro avatar Feb 14 '24 00:02 FabioPinheiro