DRAFT: DagJWS CACAO

[zachferland]

Create and verify IPLD based JWS payloads using chain-agnostic Object Capabilities and blockchain accounts.

[oed]

Looks good overall.

Minor comments:

• Replace ‘ with ` throughout
• Maybe mention that a DagJWS is really like any JWS but the payload is a base64url encoded CID
• Maybe include an example complete DagJWS with a CACAO?

[zachferland]

Fixed formatting, added dagjws payload note, and added full example

[oed]

Can we use the full example with non-abbreviated strings?
So that you can test an implementation against it.

[bumblefudge]

would it make sense to
1.) publish a sample/reference IPLD block and pin it for posterity, then
2.) link to it from the spec as an https://{cidv1}.ipfs.dweb.link/ link?
and/or
3.) put the entire IPLD block into an /assets/ folder in this repo and link to that from the spec as well to help people make sure they're fetching/deserializing/etc properly ?

i might be taking this whole test vector thing too far but i'm sure the folks at PL outercore would appreciate my asking for this to be extremely n00b-friendly to help with ipfs outreach :D

[zachferland]

test vectors are always nice, but not sure if makes sense for this spec here

This spec mostly describes how to use a cacao with a JWS, ie adding cacao in header and how to verify, it then also happens to be encoded in dag-jose, i think most of serialization/pathing/etc is entirely covered by dag-jose and would be covered by any tests vectors there and some verification is already covered by cacao spec, thanks for commenting!

[bumblefudge]

maybe it's worth adding to this section a little more syntax

• i.e. does the URI have to be dereferenceable? ipfs:// only or is https://{cidv1}.{gateway} or "/{cid}" acceptable?

and some semantics

• i.e. when dereferenced do you always get an IPLD object describing capabilities? is it cacao-formatted by default? where would someone look to make sense of what they get back if it isn't? etc.

[chunningham]

Is it possible to adopt more of a "should" and "recommended" approach for the CACAO object? By that I mean that use of a CACAO could be recommended but any authorisation-delegating token is possible. I'm thinking of UCANs, but in principle I think any "appropriate" alternative may be allowed.

Language in this spec which references particular features of CACAO (e.g. comparing the aud to the kid) can perhaps instead depend on a definition for "appropriate" which requires said features. Alternatively, I understand if CACAO is meant here as that given definition and can expand to include any reasonable candidate for a format.

Overall I think this fills a good niche in both UCAN and CACAO for a common ipld-native invocation token format, which is unspecified so far.

[oed]

Overall I think this fills a good niche in both UCAN and CACAO for a common ipld-native invocation token format, which is unspecified so far.

This is exactly what's intended here :)
CACAO here is meant as an IPLD representation of any OCAP. There is ongoing work to eventually make CACAO and ucan-ipld equivalent. So eventually a "CACAO" can be a SIWE+ReCap or a UCAN.

The kid property has nothing to do with the CACAO and can be used for a DagJWS in general to indicate which DID signed the JWS.

[zachferland]

Going to close soon instead of move forward, in favor of a future specification that builds on #196 and supports both cacao/ucan and other changes there

[bumblefudge]

Closing while #196 works out-- Zach will reopen/start over after