The current protocols make use of two different Serialization formats:
- OpenID4VP uses JSON
- 18013-5 uses CBOR
There is no real difference in expressiveness between these two formats. There are advantages to both of these:
- JSON is more widely used, and is human readable. As a consequence it is a bit better of a developer experience for implementation and debugging.
- CBOR has a more efficient serialization, saving ~33% overhead in size from Base64 encoding and is more suited to processing in a resource constrained environment such as a Secure Element.
Some commonly brought up considerations:
- In-person presentations, especially through NFC, are highly time and payload size sensitive
- Online presentations are less time-sensitive, but may result in cross-device flows with similar
- Due to the signing of payloads, it isn't possible for platforms to handle transformations (though libraries can help here).
The possible options are:
- CBOR - Only
Define the protocol as CBOR CDDL only.
Pros
- Most performant
- Single format, reducing developer work and spec work
Cons
- Requires building better tooling for developers
- JSON - Only
Define the protocol as a JSON schema only.
Pros
- Mostly widely used format
- Single format, reducing developer work and spec work
Cons
- Worse in person experience
- Makes certain Wallet architectures prohibitive
(Note: cons are probably prohibitive for this option)
- JSON + CBOR
Define spec 'serialization agnostic' and then define matching JSON schema for online/non-size sensitive usecases) and CBOR CDDL for in-person.
Pros:
- Allows developers to work with the tools they are most familiar
Cons:
- Additional spec work, as it is not always trivial to specify in both formats (e.g. different wrapper crypto structures, canonical serialization etc)
- Additional implementation work for any base library, or party supporting both
- Risk of lack of inter-op unless some party (likely wallet) is mandated to support both
The current protocols make use of two different Serialization formats:
There is no real difference in expressiveness between these two formats. There are advantages to both of these:
Some commonly brought up considerations:
The possible options are:
Define the protocol as CBOR CDDL only.
Pros
Cons
Define the protocol as a JSON schema only.
Pros
Cons
(Note: cons are probably prohibitive for this option)
Define spec 'serialization agnostic' and then define matching JSON schema for online/non-size sensitive usecases) and CBOR CDDL for in-person.
Pros:
Cons: