Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Suggest to make explicit reference to the JADES standard #1481

Open
anthonycamilleri opened this issue Apr 18, 2024 · 3 comments
Open

Suggest to make explicit reference to the JADES standard #1481

anthonycamilleri opened this issue Apr 18, 2024 · 3 comments
Labels
CR1 This item was processed during CR1 editorial Purely editorial changes to the specification.

Comments

@anthonycamilleri
Copy link

anthonycamilleri commented Apr 18, 2024
edited

Digital Signatures in Europe are regulated by the eIDAS directive, which sets mandatory technical specifications for legally admissible digital signatures in Europe. There are a range of different signature options, covering enveloped, enveloping and detached signatures, with different 'baselines' which essentially add signed timestamps to a file for long-term preservation.

An example of a JADES-LTA signed credential is attached to this issue - this one contains the highest level of assurance, with extendable long-term archiving timestamps - as produced by the DSS libraries (reference libraries for implementing the JADES standards, distributed by the European Commission to all member states).

Given the geographic scope of JADES (27 countries adopting this standard through legislation),and the sheer number of users that will be covered by the implementation, I would suggest that at minimum the standard would recognise the existence of the JADES standard, and that JADES standards can be used with verifiable credentials, and are RECOMMENDED for users based in the EU.

The appropriate reference would be to
(TS 119 182-1 - V1.1.1 - Electronic Signatures and Infrastructures (ESI); JAdES digital signatures; Part 1: Building blocks and JAdES baseline signatures (etsi.org)).
@brentzundel
Copy link
Member

I'm not opposed to seeing an example in the spec that has been secured using JAdES, but the WG will need to come to consensus on that.

Has it been listed in the VC Specifications Directory as a viable securing mechanism? That should be the first step regardless.

@msporny msporny added editorial Purely editorial changes to the specification. CR1 This item was processed during CR1 labels Apr 21, 2024
@anthonycamilleri
Copy link
Author

@brentzundel added as w3c/vc-specs-dir#36

@msporny
Copy link
Member

msporny commented May 27, 2024

@anthonycamilleri wrote:

@brentzundel added as w3c/vc-specs-dir#36

This has been merged and included in the VC Specs Directory.

I'll note that the example linked to above is really big and verbose. Do you think you could add a JADES extension to respec-vc? That is what we use to generate the digitally signed examples. We could include JADES as another tab in some of the examples if you did so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
CR1 This item was processed during CR1 editorial Purely editorial changes to the specification.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@msporny @anthonycamilleri @brentzundel