You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This library already has code in the works to do "strict" conversion of authorization requests / presentation definitions to VPRs, throwing if the presentation definitions are too complex. However, we probably want to add a mode where a VPR that would produce a superset of what's required can be produced as an initial filtering mechanism that will work on databases that cannot (or should not) process (untrusted) JSON schema queries.
For more details:
It should be possible to perform simplistic type-based queries on encrypted storage, followed by local filtering using more complex queries.
"Presentation Definitions" from the Presentation Exchange spec include JSON schema as a query mechanism, but it's not feasible to use this to query an encrypted database or to try to apply a JSON schema iteratively across every document in a database. Work is in progress to transform presentation definitions to VPRs, which should produce more workable queries that could be run against databases, but for more complex presentation definitions, this might be insufficient. A multiple phased approach might work:
Convert presentation definition to VPR.
Use VPR to build simple query to run against encrypted storage.
Run more complex query against decrypted results.
Things to note:
Running untrusted JSON schema is an attack vector, especially if it has regexes in it. This will need to be explored.
Running untrusted JSON path is also an attack vector (same issue as JSON schema) and conversion to JSON pointer should be used as a possible mitigation, simply rejecting the use of any regexes along the way.
Might need a mode to generate a VPR that isn't a perfect match for a presentation definition ... a "lax" mode instead of throwing an error when the presentation definition can't be fully converted to a VPR, but instead a VPR that would return a "superset" of results can be produced.
The text was updated successfully, but these errors were encountered:
This library already has code in the works to do "strict" conversion of authorization requests / presentation definitions to VPRs, throwing if the presentation definitions are too complex. However, we probably want to add a mode where a VPR that would produce a superset of what's required can be produced as an initial filtering mechanism that will work on databases that cannot (or should not) process (untrusted) JSON schema queries.
For more details:
It should be possible to perform simplistic type-based queries on encrypted storage, followed by local filtering using more complex queries.
"Presentation Definitions" from the Presentation Exchange spec include JSON schema as a query mechanism, but it's not feasible to use this to query an encrypted database or to try to apply a JSON schema iteratively across every document in a database. Work is in progress to transform presentation definitions to VPRs, which should produce more workable queries that could be run against databases, but for more complex presentation definitions, this might be insufficient. A multiple phased approach might work:
Things to note:
The text was updated successfully, but these errors were encountered: