Ambiguous language about specifying claims #63
Comments
|
The sentence is meant to suggest that the cryptographic method is used to verify whether an entity issued a set of claims/statements or not and is not specific to JWTs. It applies to any securing mechanism used to protect assertions made by an issuer. Please suggest some language. |
|
This issue seems to be asking for the inverse of what some other recently filed issues are asking for. We have two issues that are asking for more text for things that are out of scope for the controller document: And issues that are asking for less because those things are out of scope for the controller document: We might want some generic language that indicates something like "Verification relationships allow controllers to authorize verification methods for use for specific purposes, but how specific use cases are achieved such as authenticating to a website, accessing a resource using a capability, encrypting data, or expressing assertions or claims is out of scope for this specification." For this particular issue, we could change this sentence: "The assertionMethod verification relationship is used to specify how the controller is expected to express claims, such as for the purposes of issuing a verifiable credential." To: "The assertionMethod verification relationship is used to specify verification methods that a controller authorizes for use when expressing assertions or claims, such as in verifiable credentials." I think this would be more accurate. |
|
@dlongley's suggested wording works for me. |
msporny
added
the
ready for pr
|
I agree that this is ready for a PR. |
selfissued
added
pr exists
https://www.w3.org/TR/2024/WD-controller-document-20240817/#assertion
In "The assertionMethod verification relationship is used to specify how the controller is expected to express claims, such as for the purposes of issuing a verifiable credential.", it's not clear what it means to "specify how the controller is expected to express claims". A normal reading of the English text in this context might lead one to believe this is saying something about the JWT claims that might be contained in a credential, but I doubt that's what it's about. What is it about?
The text was updated successfully, but these errors were encountered: