JOSE

JOSE (JSON Object Signing and Encryption) is the IETF standards family covering how to sign, encrypt, and key-wrap JSON payloads. The member specs are RFC 7515 (JWS — JSON Web Signatures), RFC 7516 (JWE — JSON Web Encryption), RFC 7517 (JWK — JSON Web Keys), RFC 7518 (JWA — JSON Web Algorithms), and RFC 7519 (JWT — JSON Web Tokens).

JWS is what most people think of when they say "JWT" — a signed JSON payload with a standardized header-payload-signature triple, URL-safe base64-encoded. OAuth, OpenID Connect, and much of enterprise IAM run on JWS.

In the W3C VC world, JOSE and JSON-LD represent the two serialization philosophies. VC-JWT uses JOSE: the credential is a JWT payload, signed as a JWS. LearnCoin uses JSON-LD + Linked Data Proofs instead, which preserves the graph structure at the cost of more complex canonicalization. When we implement OpenID4VCI for EUDI Wallet support, we'll likely emit VC-JWT variants alongside the canonical JSON-LD ones.