By Christopher Allen, Tim Daubenschütz, Manu Sporny, Noah Thorp, Harlan Wood, Glenn Willen, Alessandro Voto
In social networks, markets, and value chains we have a hard time determining what is true and who to trust. Yet verified information is critical for the functioning of a networked democratic society. The portable reputation toolkit is intended to address these issues. Full use cases are described in detail here.
These Portable Reputation Toolkit proof of concept scripts allow you to:
- Generate DIDs using did-io
- Create JSON-LD claims
- Sign the claims with a Bitcoin private key using jsonld-signatures
- Create proof of existence for these claims using OpenTimestamps
- Upload the signed, timestamped claim to IPFS
Future goals:
- Allow a user to request a claim
- Retrieve existing claims
- Search, filter and algorithmically evaluate claims
git clone https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2016.git
cd rebooting-the-web-of-trust-fall2016/draft-documents/portable-reputation
npm install
Use --help
to see available options:
src/claim --help
Usage: claim [options]
Options:
-c, --creator <creator> DID or URL of claim creator
-t, --target <target> DID or URI of claim target
-p, --private-key <key> Bitcoin private key
-s, --claim-summary <summary> Summary of claim type
-t, --tags <tag1,tag2> Add tags
For example, running:
src/claim \
--creator did:00a65b11-593c-4a46-bf64-8b83f3ef698f \
--target did:59f269a0-0847-4f00-8c4c-26d84e6714c4 \
--private-key L4mEi7eEdTNNFQEWaa7JhUKAbtHdVvByGAqvpJKC53mfiqunjBjw \
--claim-summary 'Awesome paper!!!' \
--tags 'Reputation, Professional'
will generate a JSON-LD verifiable claim something like:
{
"@context": "https://w3id.org/credentials/v1",
"type": [
"Reputation",
"Professional",
"Claim"
],
"issuer": "did:00a65b11-593c-4a46-bf64-8b83f3ef698f",
"issued": "2016-10-22T01:21:44-07:00",
"claim": {
"id": "did:59f269a0-0847-4f00-8c4c-26d84e6714c4",
"summary": "Awesome paper!!!"
},
"signature": {
"type": "sha256-ecdsa-secp256k1-2016",
"created": "2016-10-22T08:21:44Z",
"creator": "sha256-ecdsa-secp256k1-public-key:020d79074ef137d4f338c2e6bef2a49c618109eccf1cd01ccc3286634789baef4b",
"domain": "example.com",
"signatureValue": "H7tsv5rpXGXr5XLi7KvWVyYhDzO+ODC5g5ZOuhPx04vZYRW1omE7c104BoQUT6PdZjo/RRoZiFkCfsYEjs+qsIg="
},
"openTimestamp": "AE9wZW5UaW1lc3RhbXBzAABQcm9vZgC/ieLohOiSlAEI7wrxwSIVAIJ9pU2GXw2ONcyQxr/wn2XfHhg+7siJRsrwEOlyrF1dR91SCAX1Bj2AGdYI//AQZ0mReqKHaS6C9Y6maBLl2gjxBFgLIZvwCAwzlodWl0BeAIPf4w0u+QyOLi1odHRwczovL2FsaWNlLmJ0Yy5jYWxlbmRhci5vcGVudGltZXN0YW1wcy5vcmfwEHDNg8S8EFKhOM4MF71sTeMI8QRYCyGb8AgSRweqKUbulACD3+MNLvkMjiwraHR0cHM6Ly9ib2IuYnRjLmNhbGVuZGFyLm9wZW50aW1lc3RhbXBzLm9yZw=="
}
These claims are to be signed by a distributed identifier (DID) and notarized with Open Timestamps or similar.
- Assertion includes a proposition about an identity, an evaluation of that proposition, and an array of evidence.
The id of the content is not included in the address. There is no way to include an IPFS id based on the hash JSON-LD itself.
{
"@context": "TODO",
"type": ["Claim", "Assertion"],
"issuer": "https://portable-reputation-toolkit.xyz",
"issued": "2016-10-20T11:36Z",
"claim": {
"id": "did:btc1:xxx-id-this-proposition-refers-to",
"proposition": "Competent at cryptography security reviews", // statement, proposition, assertion, description?
"evaluation": true, // true, false, null or range?
"description": "By looking at the git commit comments, penetration test documents they authored, and reviews of their work I have determined they are competent at cryptography security reviews",
"evidence": ["https://github.com/WebOfTrustInfo/cryptography_foo/xyz",
"http://example.com/evidence/2",
"http://example.com/penetration_test_document/5"
"http://example.com/written_statement_by_trusted_person/3"]
},
"signature": {
"type": "sha256-ecdsa-secp256k1-2016",
"created": "2016-06-18T21:19:10Z",
"creator": "did:btc1:xxx-person-making-the-claim",
"domain": "TODO",
"nonce": "598c63d6",
"signatureValue": "H/K6n7KpnxCY6kIkef4wUrLl8QmOKCaLWXXg5YAFM7Z5aOGYVLB0OPxXopnMIsjYqO9WNa5O+JxZT9bxRO6siTc="
},
"address": "ipfs-asdfjhasdfhjkahsdflasdf",
"proofOfExistence": [""]
}
A proposition is neither true or false. It is like an assertion that delays evaluation until evidence has been provided. It implicitly sets "evaluation" : null
and does not link to evidence. A signature in this case verifies who originated the claim but not that the proposition is true. The signature for a proposition without an evaluation may be optional in some cases.
{
"@context": "TODO",
"id": "did:btc1:xyz-id-of-the-proposition",
"type": ["Claim", "Proposition"],
"issuer": "https://portable-reputation-toolkit.xyz",
"issued": "2016-10-20T11:36Z",
"claim": {
"id": "did:btc1:xxx-id-of-the-person-this-proposition-refers-to",
"proposition": "Competent at TIG welding"
},
"signature": {
"type": "sha256-ecdsa-secp256k1-2016",
"created": "2016-06-18T21:19:10Z",
"creator": "did:btc1:xxx-person-making-the-claim",
"domain": "TODO",
"nonce": "598c63d6",
"signatureValue": "H/K6n7KpnxCY6kIkef4wUrLl8QmOKCaLWXXg5YAFM7Z5aOGYVLB0OPxXopnMIsjYqO9WNa5O+JxZT9bxRO6siTc="
}
}
Note the URL link to the media and the signed evidence hash. This is a compact way to verify that the media evidence has not been tampered with.
{
"@context": "TODO",
"id": "did:btc1:xyz-id-of-evidence", // use what did?
"type": ["Claim", "SignedEvidence"],
"issuer": "https://portable-reputation-toolkit.xyz",
"issued": "2016-10-20T11:36Z",
"claim": {
"id": "http://youtube.com/xyzabc",
"description": "Video of TIG welding demonstration",
"evidence-hash": "xyz-hash-of-evidence"
},
"signature": {
"type": "sha256-ecdsa-secp256k1-2016",
"created": "2016-06-18T21:19:10Z",
"creator": "did:btc1:xxx-person-making-the-claim",
"domain": "TODO",
"nonce": "598c63d6",
"signatureValue": "H/K6n7KpnxCY6kIkef4wUrLl8QmOKCaLWXXg5YAFM7Z5aOGYVLB0OPxXopnMIsjYqO9WNa5O+JxZT9bxRO6siTc="
}
}
Claims in this form can be applied to propositions or assertions that already have evidence.
{
"@context": "TODO",
"id": "did:btc1:xyz-id-of-the-evaluation",
"type": ["Claim", "Evaluation"],
"issuer": "https://portable-reputation-toolkit.xyz",
"issued": "2016-10-20T11:36Z",
"claim": {
"id": "did:btc1:xyz-id-of-the-proposition",
"evalution": true,
"evidence": ["did:btc1:xyz-id-of-evidence",
"http://example.com/written_statement", "did:btc1:xyz-id-of-signed-evidence"],
"description": "I attest that this person is a competent TIG welder based on my review of the video and their written statement."
},
"signature": {
"type": "sha256-ecdsa-secp256k1-2016",
"created": "2016-06-18T21:19:10Z",
"creator": "did:btc1:xxx-person-making-the-claim",
"domain": "TODO",
"nonce": "598c63d6",
"signatureValue": "H/K6n7KpnxCY6kIkef4wUrLl8QmOKCaLWXXg5YAFM7Z5aOGYVLB0OPxXopnMIsjYqO9WNa5O+JxZT9bxRO6siTc="
}
}