From 99d166f808b6c326e9961a15fdbe4e9197504b01 Mon Sep 17 00:00:00 2001 From: "artem.ivanov" Date: Wed, 15 Nov 2023 15:32:00 +0300 Subject: [PATCH 1/9] Added section about W3C credential/presentation representation Signed-off-by: artem.ivanov --- data/W3CCredential.json | 36 +++ data/W3CPresentation.json | 53 ++++ data/anoncreds-w3c-context.json | 89 ++++++ spec/header.md | 1 + spec/w3c_representation.md | 533 ++++++++++++++++++++++++++++++++ specs.json | 1 + 6 files changed, 713 insertions(+) create mode 100644 data/W3CCredential.json create mode 100644 data/W3CPresentation.json create mode 100644 data/anoncreds-w3c-context.json create mode 100644 spec/w3c_representation.md diff --git a/data/W3CCredential.json b/data/W3CCredential.json new file mode 100644 index 0000000..e0d5782 --- /dev/null +++ b/data/W3CCredential.json @@ -0,0 +1,36 @@ +{ + "@context": [ + "https://www.w3.org/2018/credentials/v1", + "https://raw.githubusercontent.com/DSRCorporation/anoncreds-spec/w3c-credentials/data/anoncreds-w3c-context.json" + ], + "type": [ + "VerifiableCredential", + "AnonCredsCredential" + ], + "issuer": "did:sov:3avoBCqDMFHFaKUHug9s8W", + "issuanceDate": "2023-10-26T01:17:32Z", + "credentialSchema": { + "type": "AnonCredsDefinition", + "definition": "did:sov:3avoBCqDMFHFaKUHug9s8W:3:CL:13:default", + "schema": "did:sov:3avoBCqDMFHFaKUHug9s8W:2:basic_person:0.1.0", + "encoding": "auto" + }, + "credentialSubject": { + "firstName": "Alice", + "lastName": "Jones", + "age": "18" + }, + "proof": [ + { + "type": "CLSignature2023", + "signature": "AAAgf9w5.....8Z_x3FqdwRHoWruiF0FlM" + }, + { + "type": "Ed25519Signature2020", + "created": "2021-11-13T18:19:39Z", + "verificationMethod": "did:sov:3avoBCqDMFHFaKUHug9s8W#key-1", + "proofPurpose": "assertionMethod", + "proofValue": "z58DAdFfa9SkqZMVPxAQpic7ndSayn1PzZs6ZjWp1CktyGesjuTSwRdoWhAfGFCF5bppETSTojQCrfFPP2oumHKtz" + } + ] +} \ No newline at end of file diff --git a/data/W3CPresentation.json b/data/W3CPresentation.json new file mode 100644 index 0000000..b589933 --- /dev/null +++ b/data/W3CPresentation.json @@ -0,0 +1,53 @@ +{ + "@context":[ + "https://www.w3.org/2018/credentials/v1", + "https://raw.githubusercontent.com/DSRCorporation/anoncreds-spec/w3c-credentials/data/anoncreds-w3c-context.json" + ], + "type":[ + "VerifiablePresentation", + "AnonCredsPresentation" + ], + "verifiableCredential":[ + { + "@context":[ + "https://www.w3.org/2018/credentials/v1", + "https://raw.githubusercontent.com/DSRCorporation/anoncreds-spec/w3c-credentials/data/anoncreds-w3c-context.json" + ], + "type":[ + "VerifiableCredential", + "AnonCredsCredential" + ], + "credentialSchema": { + "type": "AnonCredsDefinition", + "definition": "did:sov:3avoBCqDMFHFaKUHug9s8W:3:CL:13:default", + "schema": "did:sov:3avoBCqDMFHFaKUHug9s8W:2:basic_person:0.1.0", + "encoding": "auto" + }, + "credentialSubject":{ + "firstName":"Alice", + "age":{ + "type":"AnonCredsPredicate", + "p_type":">=", + "p_value":18 + } + }, + "issuanceDate":"2023-11-15T10:59:48.036203Z", + "issuer":"issuer:id/path=bar", + "proof":{ + "type":"AnonCredsPresentationProof2023", + "mapping":{ + "predicates":["predicate1_referent"], + "revealedAttributeGroups":[], + "revealedAttributes":["attr1_referent"], + "unrevealedAttributes":[] + }, + "proofValue":"eyJzdWJfcHJvb2Yi...zMTc1NzU0NDAzNDQ0ODUifX1dfX19" + } + } + ], + "proof":{ + "type":"AnonCredsPresentationProof2023", + "challenge":"413296376279822794586260", + "proofValue":"eyJhZ2dyZWdhdGVkIjp7ImNfaGFzaCI6IjEwMT...IsMzAsMTM1LDE4MywxMDcsMTYwXV19fQ==" + } +} \ No newline at end of file diff --git a/data/anoncreds-w3c-context.json b/data/anoncreds-w3c-context.json new file mode 100644 index 0000000..3d0075c --- /dev/null +++ b/data/anoncreds-w3c-context.json @@ -0,0 +1,89 @@ +{ + "@context": { + "@version": 1.1, + "@protected": true, + "ac": "https://anoncreds.example/2022/ns#", + "xsd": "http://www.w3.org/2001/XMLSchema#", + + "AnonCredsCredential": "ac:AnonCredsCredential", + + "AnonCredsDefinition": { + "@id": "ac:AnonCredsDefinition", + "@context": { + "@version": 1.1, + "@protected": true, + "definition": { + "@id": "ac:definition", + "@type": "@id" + }, + "schema": { + "@id": "ac:schema", + "@type": "@id" + }, + "revocationRegistry": { + "@id": "ac:revocationRegistry", + "@type": "@id" + }, + "encoding": { + "@id": "ac:encoding", + "@type": "@vocab", + "@context": { + "@version": 1.1, + "@protected": true, + "auto": "ac:autoEncoding" + } + } + } + }, + + "AnonCredsPresentation": "ac:AnonCredsPresentation", + + "AnonCredsPresentationProof2023": { + "@id": "ac:AnonCredsPresentationProof2023", + "@context": { + "@version": 1.1, + "@protected": true, + "mapping": { + "@id": "ac:mapping", + "@type": "@json" + }, + "proofValue": { + "@id": "ac:proofValue", + "@type": "xsd:string" + }, + "challenge": { + "@id": "ac:challenge", + "@type": "xsd:string" + } + } + }, + + "CLSignature2023": { + "@id": "ac:CLSignature2023", + "@context": { + "@version": 1.1, + "@protected": true, + "signature": { + "@id": "ac:signature", + "@type": "xsd:string" + } + } + }, + + "AnonCredsPredicate": { + "@id": "ac:AnonCredsPredicate", + "@context": { + "@version": 1.1, + "@protected": true, + "p_type": { + "@id": "ac:p_type", + "@type": "xsd:string" + }, + "p_value": { + "@id": "ac:p_value", + "@type": "xsd:decimal" + } + } + } + } +} \ No newline at end of file diff --git a/spec/header.md b/spec/header.md index dc4d260..92706c8 100644 --- a/spec/header.md +++ b/spec/header.md @@ -15,6 +15,7 @@ AnonCreds Specification - Sam Curren - Victor Martinez Jurado - [Aritra Bhaduri](https://github.com/aritrocoder) +- [Artem Ivanov](https://github.com/Artemkaaas) diff --git a/spec/w3c_representation.md b/spec/w3c_representation.md new file mode 100644 index 0000000..165b6d5 --- /dev/null +++ b/spec/w3c_representation.md @@ -0,0 +1,533 @@ +## W3C Verifiable Credentials Representation + +This section describes how legacy AnonCreds credentials can be represented in the form of W3C Verifiable +Credentials standard. + +### Credential + +This section describes how [W3C credential concepts](https://www.w3.org/TR/vc-data-model/#basic-concepts) are applied to +AnonCreds W3C credential representation. + +Example AnonCreds W3C formatted credential: + +```json +{ + "@context": [ + "https://www.w3.org/2018/credentials/v1", + "https://raw.githubusercontent.com/DSRCorporation/anoncreds-spec/w3c-credentials/data/anoncreds-w3c-context.json" + ], + "type": [ + "VerifiableCredential", + "AnonCredsCredential" + ], + "issuer": "did:sov:3avoBCqDMFHFaKUHug9s8W", + "issuanceDate": "2023-10-26T01:17:32Z", + "credentialSchema": { + "type": "AnonCredsDefinition", + "definition": "did:sov:3avoBCqDMFHFaKUHug9s8W:3:CL:13:default", + "schema": "did:sov:3avoBCqDMFHFaKUHug9s8W:2:basic_person:0.1.0", + "encoding": "auto" + }, + "credentialSubject": { + "firstName": "Alice", + "lastName": "Jones", + "age": "18" + }, + "proof": [ + { + "type": "CLSignature2023", + "signature": "AAAgf9w5.....8Z_x3FqdwRHoWruiF0FlM" + }, + { + "type": "Ed25519Signature2020", + "created": "2021-11-13T18:19:39Z", + "verificationMethod": "did:sov:3avoBCqDMFHFaKUHug9s8W#key-1", + "proofPurpose": "assertionMethod", + "proofValue": "z58DAdFfa9SkqZMVPxAQpic7ndSayn1PzZs6ZjWp1CktyGesjuTSwRdoWhAfGFCF5bppETSTojQCrfFPP2oumHKtz" + } + ] +} +``` + +#### Context + +W3C [Context](https://www.w3.org/TR/vc-data-model/#contexts) section requires including of `@context` property to +verifiable credential. + +The value of the `@context` property must be one or more resolvable [URI](https://www.w3.org/TR/vc-data-model/#dfn-uri) +that result in machine-readable [JSON-LD](https://www.w3.org/TR/vc-data-model/#json-ld) information about the object +format. + +The **context** definition used for AnonCreds W3C credentials representation can be +discovered [here](../data/anoncreds-w3c-context.json). + +In the case of W3C AnonCreds credentials, the `@context` attribute includes an extra +entry `https://github.io/anoncreds-w3c/context.json` +which is required for the resolution of custom structure definitions and looks the following: + +``` +{ + ... + "@context": [ + "https://www.w3.org/2018/credentials/v1", + "https://github.io/anoncreds-w3c/context.json" + ], + ... +} +``` + +#### Identifiers + +W3C [Identifiers](https://www.w3.org/TR/vc-data-model/#identifiers) section defines an optional capability to assign +some kind of identifier to the verifiable credential so that others can express statements about the same thing. + +In the case of W3C AnonCreds credentials, the `id` attribute is not included into `CL` credential proof signature, but +it +can be optionally set in credential to support other integrity proof types. + +#### Types + +W3C [Types](https://www.w3.org/TR/vc-data-model/#types) section requires including of `type` property to verifiable +credential. +The value of the `type` property must be one or more [URI](https://www.w3.org/TR/vc-data-model/#dfn-uri) resolvable +through the defined [@context](#context) to the information required for determining whether a verifiable credential has +a valid structure. + +In the case of W3C AnonCreds credentials, the `type` attribute includes an extra entry `AnonCredsCredential` +pointing to the difference in a base credential structure and looks the following: + +``` +{ + ... + "type": [ + "VerifiableCredential", // general verifiable credential definition + "AnonCredsCredential", // definition for AnonCreds credentials + ] + ... +} +``` + +#### Credential Subject + +W3C [Credential Subject](https://www.w3.org/TR/vc-data-model/#credential-subject) section requires including +of `credentialSubject` property to verifiable credential. + +Credential subject value contains [claims](https://www.w3.org/TR/vc-data-model/#claims) about one or more subjects. + +In the context of W3C AnonCreds credentials, credential subject property is compliant with the following statements: + +- credentials will always include claims about only one subjects. + - So that `credentialSubject` property will always be represented as an object entry, but not an array. +- credentials claims are always represented as key value pairs, where `value` is the `raw` value of CL credential + attributes. + - encoded CL credential values are not included in the credential subject + +In the case of W3C AnonCreds credentials, the `credentialSubject` attribute looks the following: + +``` +{ + ... + "credentialSubject": { + "firstName": "Alice", + "lastName": "Jones", + "age": "18" + } + ... +} +``` + +#### Data Schemas + +W3C [Credential Schema](https://www.w3.org/TR/vc-data-model/#data-schemas) section defines an optional capability to +include `credentialSchema` property to enforce a specific structure on a given verifiable credential and encoding used +to map the claims of a verifiable credential to an alternative representation format. + +In the case of W3C AnonCreds credentials, the `credentialSchema` attribute defines a custom `AnonCredsDefinition` +schema in order to include the information about AnonCreds related definitions to credential and looks the following: + +``` +{ + ... + "credentialSchema": { + "type": "AnonCredsDefinition", + "definition": "did:sov:3avoBCqDMFHFaKUHug9s8W:3:CL:13:default", + "schema": "did:sov:3avoBCqDMFHFaKUHug9s8W:2:fabername:0.1.0", + "encoding": "auto" + }, + ... +} +``` + +**Credential Schema Data**: + +* `schema` - id of AnonCreds Schema +* `definition` - id of AnonCreds Credential Definition +* `revocation_registry` - (Optional) id of AnonCreds Revocation Registry +* `encoding` - attributes encoding algorithm to apply for generating encoded credential values + * encoded credential attribute values (binary representation required for doing CL signatures) are not included + neither to `credentialSubject` or `signature` + * `encoding: auto` implies using the algorithm defined + at [Aries RFC 0592 Indy Attachments section](https://github.com/hyperledger/aries-rfcs/tree/main/features/0592-indy-attachments#encoding-claims) + to generate encoded values under the hood during the signature generation and proof verification. + +#### Issuer + +W3C [Issuer](https://www.w3.org/TR/vc-data-model/#issuer) section requires including of `issuer` property to express the +issuer of a verifiable credential. + +In the case of W3C AnonCreds credentials, the `issuer` attribute should be represented as a +resolvable [DID URL](https://w3c-ccg.github.io/did-resolution/) and looks the following: + +``` +{ + ... + "issuer": "did:sov:3avoBCqDMFHFaKUHug9s8W", + ... +} +``` + +#### Issuance Date + +W3C [Issuance Date](https://www.w3.org/TR/vc-data-model/#issuance-date) section requires including of `issuanceDate` +property to express the date and time when a credential becomes valid. + +In the case of W3C AnonCreds credentials, the `issuanceDate` attribute should contain the time when a credential was +issued or +transformed from legacy form, and looks the following: + +``` +{ + ... + "issuanceDate": "2010-01-01T19:23:24Z", + ... +} +``` + +#### Proofs (Signatures) + +W3C [Proofs (Signatures)](https://www.w3.org/TR/vc-data-model/#proofs-signatures) section requires including of `proof` +property to express confirmation of the credential's validity. + +According to the specification, one or many proof objects can be added to verifiable credentials. +In the case of W3C AnonCreds credentials, the `proof` attribute should contain at least two proof +objects: `AnonCreds CL` proof +and [Non-AnonCreds Data Integrity](https://www.w3.org/TR/vc-data-model/#data-integrity-proofs) proof. + +##### AnonCreds CL proof + +`AnonCreds CL` proof constructed from the `CL` signature of a verifiable credential. + +The defined [@context](#context) includes a definition for the `CLSignature2023` type describing the format of the proof +entry: + +``` +{ + ... + "proof": [ + { + "type": "CLSignature2022", + "signature": "AAAgf9w5lZg....RYp8Z_x3FqdwRHoWruiF0FlM" + } + ] + ... +} +``` + +**Credential proof signature** + +* `type` - `CLSignature2023` +* `signature` - credential signature received by + * building the following object from [cryptographic signature](./data_flow_issuance.md#the-credential-signature) + data: + ``` + { + "signature": {..}, + "signature_correctness_proof": {..}, + "rev_reg": Option<{..}>, + "witness": Option<{..}>, + } + ``` + * encoding the object + as [base64 attachment](https://github.com/hyperledger/aries-rfcs/tree/main/concepts/0017-attachments#base64url) + +##### Non-AnonCreds Integrity proof + +In order to better conform to the W3C specification AnonCreds based credential allows including +of non-AnonCreds [Data Integrity Proof](https://www.w3.org/TR/vc-data-model/#data-integrity-proofs) which must be +generated using one +of NIST-approved algorithms (RSA, ECDSA, EdDSA). + +#### Expiration + +W3C [Expiration](https://www.w3.org/TR/vc-data-model/#expiration) section defines an optional capability to include +credential expiration information. + +In the case of W3C AnonCreds credentials, instead of including `expirationDate` property there is defined another +[Announced Revocation Data Flow](./data_flow_revocation.md). + +In order to satisfy this flow, id of `revocationRegistry` must be included into the `credentialSchema` and revocation +data (`rev_reg` and `witness`) must be included into the proof signature. + +``` +{ + ... + "credentialSchema": { + "type": "AnonCredsDefinition", + "definition": "did:sov:3avoBCqDMFHFaKUHug9s8W:3:CL:13:default", + "schema": "did:sov:3avoBCqDMFHFaKUHug9s8W:2:fabername:0.1.0", + "revocationRegistry": "did:sov:NcYxiDXkpYi6ov5FcYDi1e:4:NcYxiDXkpYi6ov5FcYDi1e:3:CL:NcYxiDXkpYi6ov5FcYDi1e:2:gvt:1.0:tag:CL_ACCUM:TAG_1", + "encoding": "auto" + }, + ... +} +``` + +#### Status + +W3C [Status](https://www.w3.org/TR/vc-data-model/#status) section defines an optional capability to include credential +status information. + +In the case of W3C AnonCreds credentials, instead of including `expirationDate` property there is defined another +[Announced Revocation Data Flow](./data_flow_revocation.md). + +In order to satisfy this flow, id of `revocationRegistry` must be included into the `credentialSchema` and revocation +data (`rev_reg` and `witness`) must be included into the proof signature. + +### Presentation + +This section describes how [W3C presentation concepts](https://www.w3.org/TR/vc-data-model/#contexts) are applied to +AnonCreds W3C presentation representation. + +Example AnonCreds W3C formatted presentation: + +```json +{ + "@context":[ + "https://www.w3.org/2018/credentials/v1", + "https://raw.githubusercontent.com/DSRCorporation/anoncreds-spec/w3c-credentials/data/anoncreds-w3c-context.json" + ], + "type":[ + "VerifiablePresentation", + "AnonCredsPresentation" + ], + "verifiableCredential":[ + { + "@context":[ + "https://www.w3.org/2018/credentials/v1", + "https://raw.githubusercontent.com/DSRCorporation/anoncreds-spec/w3c-credentials/data/anoncreds-w3c-context.json" + ], + "type":[ + "VerifiableCredential", + "AnonCredsCredential" + ], + "credentialSchema": { + "type": "AnonCredsDefinition", + "definition": "did:sov:3avoBCqDMFHFaKUHug9s8W:3:CL:13:default", + "schema": "did:sov:3avoBCqDMFHFaKUHug9s8W:2:basic_person:0.1.0", + "encoding": "auto" + }, + "credentialSubject":{ + "firstName":"Alice", + "age":{ + "type":"AnonCredsPredicate", + "p_type":">=", + "p_value":18 + } + }, + "issuanceDate":"2023-11-15T10:59:48.036203Z", + "issuer":"issuer:id/path=bar", + "proof":{ + "type":"AnonCredsPresentationProof2023", + "mapping":{ + "predicates":["predicate1_referent"], + "revealedAttributeGroups":[], + "revealedAttributes":["attr1_referent"], + "unrevealedAttributes":[] + }, + "proofValue":"eyJzdWJfcHJvb2Yi...zMTc1NzU0NDAzNDQ0ODUifX1dfX19" + } + } + ], + "proof":{ + "type":"AnonCredsPresentationProof2023", + "challenge":"413296376279822794586260", + "proofValue":"eyJhZ2dyZWdhdGVkIjp7ImNfaGFzaCI6IjEwMT...IsMzAsMTM1LDE4MywxMDcsMTYwXV19fQ==" + } +} +``` + +#### Context + +W3C [Context](https://www.w3.org/TR/vc-data-model/#contexts) section requires including of `@context` property to +verifiable presentation. + +The value of the `@context` property must be one or more resolvable [URI](https://www.w3.org/TR/vc-data-model/#dfn-uri) +that result in machine-readable [JSON-LD](https://www.w3.org/TR/vc-data-model/#json-ld) information about the object +format. + +The **context** definition used for AnonCreds W3C presentations representation can be +discovered [here](../data/anoncreds-w3c-context.json). + +In the case of W3C AnonCreds presentations, the `@context` attribute includes an extra +entry `https://github.io/anoncreds-w3c/context.json` +which is required for the resolution of custom structure definitions and looks the following: + +``` +{ + ... + "@context": [ + "https://www.w3.org/2018/credentials/v1", + "https://github.io/anoncreds-w3c/context.json" + ], + ... +} +``` + +#### Types + +W3C [Types](https://www.w3.org/TR/vc-data-model/#types) section requires including of `type` property to verifiable +presentation. +The value of the `type` property must be one or more [URI](https://www.w3.org/TR/vc-data-model/#dfn-uri) resolvable +through the defined [@context](#context) to the information required for determining whether a verifiable presentation +has a valid structure. + +In the case of W3C AnonCreds presentations, the `type` attribute includes an extra entry `AnonCredsPresentation` +pointing to the difference in a base presentation structure and looks the following: + +``` +{ + ... + "type": [ + "VerifiablePresentation", // general verifiable presentation definition + "AnonCredsPresentation" // definition for AnonCreds presentation + ] + ... +} +``` + +#### Verifiable Credential + +W3C [Verifiable Credential](https://www.w3.org/TR/vc-data-model/#presentations-0) section requires including +of `verifiableCredential` property to a verifiable presentation constructed from one or more [verifiable credentials](#credential). + +The listed [credentials](#credential) must include attributes and predicated requested in +the [presentation request](./data_flow_presentation_create_request.md). + +[Verifiable credentials](#credential) mostly looks same as described at the [Credential Structure](#credential) +section but with some differences. + +##### Credential Subject + +In the case of W3C AnonCreds presentations, in contrast to the general verifiable credential structure +(when all attributes represented as key value pairs), the `credentialSubject` attribute can contain two +kinds of values: +* string - corresponds to a requested attribute which was revealed in the presentation + ``` + "credentialSubject":{ + ... + "firstName":"Alice", + ... + } + ``` +* object - corresponds to a requested predicate resolved by presentation without revealing an exact value + ``` + "credentialSubject":{ + ... + "age":{ + "type":"AnonCredsPredicate", + "p_type":">=", + "p_value":18 + } + ... + } + ``` + > The defined [@context](#context) includes the definition for the `AnonCredsPredicate` type describing the format of the resolved predicate + + +##### Proof (Signature) + +In the case of W3C AnonCreds presentations, the `proof` attribute for each verifiable credential must be an object of +`AnonCredsPresentationProof2023` type which looks the following: + +``` + "proof": { + "type": "AnonCredsPresentationProof2023", + "mapping": { + "revealedAttributes": ["attribute_0"], + "unrevealedAttributes": ["attribute_1"], + "requestedPredicates": ["predicate_1"] + }, + "proofValue": "AAEBAnr2Ql...0UhJ-bIIdWFKVWxjU3ePxv_7HoY5pUw", + "timestamp": Option<1234567>, + } +``` + +**Verifiable Credential Proof structure** + +* `proofValue` - encoded proof generated for each specific credential received by + * building the following object from [cryptographic proof](./data_flow_presentation_create_presentation.md) + data: + ``` + { + sub_proof: { + "primary_proof": { + "eq_proof": { ... }, + "ge_proofs": [ ... ] + }, + "non_revoc_proof": { ... } + } + } + ``` + * encoding the object + as [base64 attachment](https://github.com/hyperledger/aries-rfcs/tree/main/concepts/0017-attachments#base64url) +* `mapping` - explicit mapping pointing to the data requested in the presentation request + * data: attribute/predicate reference (key) in the presentation request + * `revealedAttributes` - list of requested attributes revealed using the credential + * `unrevealedAttributes` - list of requested attributes presented in the credential but left unrevealed + * `requestedPredicates` - list of predicates resolved using the credential +* `timestamp` - (Optional) if revocation supported and requested, time as a total number of seconds from Unix Epoch + representing pointing to the specif moment of revocation registry + +#### Proof + +W3C [Proofs (Signatures)](https://www.w3.org/TR/vc-data-model/#proofs-signatures) section requires including of `proof` +property to express confirmation of the presentation's validity. + +As we described in the above section verifiable credentials can contain two proof entries (CL AnonCreds of Non-AnonCreds +Data Integrity). +Unlike verifiable credentials, presentations can contain only one proof object. + +It is verifier and holder responsibility to negotiate which proof must be used +(CL AnonCreds of Non-AnonCreds Data Integrity) in the presentation: + +* Generate an W3C AnonCreds presentation, with all it’s privacy-preserving power and predicates +* Present the VC using one of Non-AnonCreds Integrity Proof Signatures + +``` +{ + ... + "proof": { + "type": "AnonCredsPresentationProof2023", + "challenge": "182453895158932070575246", + "proofValue": "AAAgtMR4DrkY--ZVgKHmUANE04ET7TzUxZ0vZmVcNt4nCkwBABUACQJ69kJVIxHVAQAIAaJ19l-agSA" + } + ... +} +``` + +**Presentation Proof structure** + +* `challenge` - nonce taken from the presentation request +* `proofValue` - encoded proof contained aggregated crypto proof data received by + * building the following object from [cryptographic proof](./data_flow_presentation_create_presentation.md) + data: + ``` + { + aggregated: { + "c_hash": "...", + "c_list": [...] + } + } + ``` + * encoding the object + as [base64 attachment](https://github.com/hyperledger/aries-rfcs/tree/main/concepts/0017-attachments#base64url) diff --git a/specs.json b/specs.json index a75a172..3fee945 100644 --- a/specs.json +++ b/specs.json @@ -21,6 +21,7 @@ "data_flow_revocation.md", "anoncreds_methods.md", "crypto.md", + "w3c_representation.md", "anoncreds_conventions.md", "iana_considerations.md", "security_considerations.md", From 6c85b5bbf6e00faa3137123ced656447e43a9b43 Mon Sep 17 00:00:00 2001 From: "artem.ivanov" Date: Mon, 20 Nov 2023 12:13:27 +0300 Subject: [PATCH 2/9] Use array for predicates Signed-off-by: artem.ivanov --- data/W3CPresentation.json | 58 +++++++++++++++++++++----------------- spec/w3c_representation.md | 33 +++++++++++++--------- 2 files changed, 52 insertions(+), 39 deletions(-) diff --git a/data/W3CPresentation.json b/data/W3CPresentation.json index b589933..73de94b 100644 --- a/data/W3CPresentation.json +++ b/data/W3CPresentation.json @@ -1,19 +1,19 @@ { - "@context":[ + "@context": [ "https://www.w3.org/2018/credentials/v1", "https://raw.githubusercontent.com/DSRCorporation/anoncreds-spec/w3c-credentials/data/anoncreds-w3c-context.json" ], - "type":[ + "type": [ "VerifiablePresentation", "AnonCredsPresentation" ], - "verifiableCredential":[ + "verifiableCredential": [ { - "@context":[ + "@context": [ "https://www.w3.org/2018/credentials/v1", "https://raw.githubusercontent.com/DSRCorporation/anoncreds-spec/w3c-credentials/data/anoncreds-w3c-context.json" ], - "type":[ + "type": [ "VerifiableCredential", "AnonCredsCredential" ], @@ -23,31 +23,37 @@ "schema": "did:sov:3avoBCqDMFHFaKUHug9s8W:2:basic_person:0.1.0", "encoding": "auto" }, - "credentialSubject":{ - "firstName":"Alice", - "age":{ - "type":"AnonCredsPredicate", - "p_type":">=", - "p_value":18 - } + "credentialSubject": { + "firstName": "Alice", + "age": [ + { + "type": "AnonCredsPredicate", + "p_type": ">=", + "p_value": 18 + } + ] }, - "issuanceDate":"2023-11-15T10:59:48.036203Z", - "issuer":"issuer:id/path=bar", - "proof":{ - "type":"AnonCredsPresentationProof2023", - "mapping":{ - "predicates":["predicate1_referent"], - "revealedAttributeGroups":[], - "revealedAttributes":["attr1_referent"], - "unrevealedAttributes":[] + "issuanceDate": "2023-11-15T10:59:48.036203Z", + "issuer": "issuer:id/path=bar", + "proof": { + "type": "AnonCredsPresentationProof2023", + "mapping": { + "predicates": [ + "predicate1_referent" + ], + "revealedAttributeGroups": [], + "revealedAttributes": [ + "attr1_referent" + ], + "unrevealedAttributes": [] }, - "proofValue":"eyJzdWJfcHJvb2Yi...zMTc1NzU0NDAzNDQ0ODUifX1dfX19" + "proofValue": "eyJzdWJfcHJvb2Yi...zMTc1NzU0NDAzNDQ0ODUifX1dfX19" } } ], - "proof":{ - "type":"AnonCredsPresentationProof2023", - "challenge":"413296376279822794586260", - "proofValue":"eyJhZ2dyZWdhdGVkIjp7ImNfaGFzaCI6IjEwMT...IsMzAsMTM1LDE4MywxMDcsMTYwXV19fQ==" + "proof": { + "type": "AnonCredsPresentationProof2023", + "challenge": "413296376279822794586260", + "proofValue": "eyJhZ2dyZWdhdGVkIjp7ImNfaGFzaCI6IjEwMT...IsMzAsMTM1LDE4MywxMDcsMTYwXV19fQ==" } } \ No newline at end of file diff --git a/spec/w3c_representation.md b/spec/w3c_representation.md index 165b6d5..504bf3e 100644 --- a/spec/w3c_representation.md +++ b/spec/w3c_representation.md @@ -328,11 +328,13 @@ Example AnonCreds W3C formatted presentation: }, "credentialSubject":{ "firstName":"Alice", - "age":{ - "type":"AnonCredsPredicate", - "p_type":">=", - "p_value":18 - } + "age":[ + { + "type":"AnonCredsPredicate", + "p_type":">=", + "p_value":18 + } + ] }, "issuanceDate":"2023-11-15T10:59:48.036203Z", "issuer":"issuer:id/path=bar", @@ -429,21 +431,26 @@ kinds of values: ... } ``` -* object - corresponds to a requested predicate resolved by presentation without revealing an exact value +* array of objects - corresponds to a requested predicates resolved by presentation without revealing an exact value + * The value is an array as multiple predicates can be requested over the same attributed ``` "credentialSubject":{ ... - "age":{ - "type":"AnonCredsPredicate", - "p_type":">=", - "p_value":18 - } + "age":[ + { + "type":"AnonCredsPredicate", + "p_type":">=", + "p_value":18 + } + ] ... } ``` - > The defined [@context](#context) includes the definition for the `AnonCredsPredicate` type describing the format of the resolved predicate + * A predicate object consists of the following data: + * `type` - `AnonCredsPredicate` type defined in the scope of [@context](#context) and describes the format of the resolved predicate + * `p_type` - type of the predicate: [same as in request](./data_flow_presentation_create_request.md) + * `p_value` - value of the predicate: [same as in request](./data_flow_presentation_create_request.md) - ##### Proof (Signature) In the case of W3C AnonCreds presentations, the `proof` attribute for each verifiable credential must be an object of From 7cc81af9288e20b9221f5d95fba0990a1494ddce Mon Sep 17 00:00:00 2001 From: "artem.ivanov" Date: Tue, 21 Nov 2023 10:23:31 +0300 Subject: [PATCH 3/9] Process review comments Signed-off-by: artem.ivanov --- data/W3CCredential.json | 4 +- data/W3CCredentialWithRevocation.json | 40 +++++++++++++++ data/W3CPresentation.json | 8 +-- data/W3CPresentationWithRevocation.json | 63 +++++++++++++++++++++++ data/anoncreds-w3c-context.json | 18 +++---- spec/w3c_representation.md | 66 ++++++++++++++----------- 6 files changed, 154 insertions(+), 45 deletions(-) create mode 100644 data/W3CCredentialWithRevocation.json create mode 100644 data/W3CPresentationWithRevocation.json diff --git a/data/W3CCredential.json b/data/W3CCredential.json index e0d5782..96d8162 100644 --- a/data/W3CCredential.json +++ b/data/W3CCredential.json @@ -1,7 +1,7 @@ { "@context": [ "https://www.w3.org/2018/credentials/v1", - "https://raw.githubusercontent.com/DSRCorporation/anoncreds-spec/w3c-credentials/data/anoncreds-w3c-context.json" + "https://raw.githubusercontent.com/hyperledger/anoncreds-spec/main/data/anoncreds-w3c-context.json" ], "type": [ "VerifiableCredential", @@ -22,7 +22,7 @@ }, "proof": [ { - "type": "CLSignature2023", + "type": "AnonCredsProof2023", "signature": "AAAgf9w5.....8Z_x3FqdwRHoWruiF0FlM" }, { diff --git a/data/W3CCredentialWithRevocation.json b/data/W3CCredentialWithRevocation.json new file mode 100644 index 0000000..0ac94fd --- /dev/null +++ b/data/W3CCredentialWithRevocation.json @@ -0,0 +1,40 @@ +{ + "@context": [ + "https://www.w3.org/2018/credentials/v1", + "https://raw.githubusercontent.com/hyperledger/anoncreds-spec/main/data/anoncreds-w3c-context.json" + ], + "type": [ + "VerifiableCredential", + "AnonCredsCredential" + ], + "issuer": "did:sov:3avoBCqDMFHFaKUHug9s8W", + "issuanceDate": "2023-10-26T01:17:32Z", + "credentialSchema": { + "type": "AnonCredsDefinition", + "definition": "did:sov:3avoBCqDMFHFaKUHug9s8W:3:CL:13:default", + "schema": "did:sov:3avoBCqDMFHFaKUHug9s8W:2:basic_person:0.1.0", + "encoding": "auto" + }, + "credentialStatus":{ + "type":"AnonCredsCredentialStatusList2023", + "id":"did:sov:3avoBCqDMFHFaKUHug9s8W:4:3avoBCqDMFHFaKUHug9s8W:3:CL:3avoBCqDMFHFaKUHug9s8W:2:basic_person:1.0:tag:CL_ACCUM:TAG_1" + }, + "credentialSubject": { + "firstName": "Alice", + "lastName": "Jones", + "age": "18" + }, + "proof": [ + { + "type": "AnonCredsProof2023", + "signature": "AAAgf9w5.....8Z_x3FqdwRHoWruiF0FlM" + }, + { + "type": "Ed25519Signature2020", + "created": "2021-11-13T18:19:39Z", + "verificationMethod": "did:sov:3avoBCqDMFHFaKUHug9s8W#key-1", + "proofPurpose": "assertionMethod", + "proofValue": "z58DAdFfa9SkqZMVPxAQpic7ndSayn1PzZs6ZjWp1CktyGesjuTSwRdoWhAfGFCF5bppETSTojQCrfFPP2oumHKtz" + } + ] +} \ No newline at end of file diff --git a/data/W3CPresentation.json b/data/W3CPresentation.json index 73de94b..2adf259 100644 --- a/data/W3CPresentation.json +++ b/data/W3CPresentation.json @@ -1,7 +1,7 @@ { "@context": [ "https://www.w3.org/2018/credentials/v1", - "https://raw.githubusercontent.com/DSRCorporation/anoncreds-spec/w3c-credentials/data/anoncreds-w3c-context.json" + "https://raw.githubusercontent.com/hyperledger/anoncreds-spec/main/data/anoncreds-w3c-context.json" ], "type": [ "VerifiablePresentation", @@ -11,7 +11,7 @@ { "@context": [ "https://www.w3.org/2018/credentials/v1", - "https://raw.githubusercontent.com/DSRCorporation/anoncreds-spec/w3c-credentials/data/anoncreds-w3c-context.json" + "https://raw.githubusercontent.com/hyperledger/anoncreds-spec/main/data/anoncreds-w3c-context.json" ], "type": [ "VerifiableCredential", @@ -28,8 +28,8 @@ "age": [ { "type": "AnonCredsPredicate", - "p_type": ">=", - "p_value": 18 + "predicate": ">=", + "value": 18 } ] }, diff --git a/data/W3CPresentationWithRevocation.json b/data/W3CPresentationWithRevocation.json new file mode 100644 index 0000000..b6d8be5 --- /dev/null +++ b/data/W3CPresentationWithRevocation.json @@ -0,0 +1,63 @@ +{ + "@context": [ + "https://www.w3.org/2018/credentials/v1", + "https://raw.githubusercontent.com/hyperledger/anoncreds-spec/main/data/anoncreds-w3c-context.json" + ], + "type": [ + "VerifiablePresentation", + "AnonCredsPresentation" + ], + "verifiableCredential": [ + { + "@context": [ + "https://www.w3.org/2018/credentials/v1", + "https://raw.githubusercontent.com/hyperledger/anoncreds-spec/main/data/anoncreds-w3c-context.json" + ], + "type": [ + "VerifiableCredential", + "AnonCredsCredential" + ], + "credentialSchema": { + "type": "AnonCredsDefinition", + "definition": "did:sov:3avoBCqDMFHFaKUHug9s8W:3:CL:13:default", + "schema": "did:sov:3avoBCqDMFHFaKUHug9s8W:2:basic_person:0.1.0", + "encoding": "auto" + }, + "credentialStatus":{ + "type":"AnonCredsCredentialStatusList2023", + "id":"did:sov:3avoBCqDMFHFaKUHug9s8W:4:3avoBCqDMFHFaKUHug9s8W:3:CL:3avoBCqDMFHFaKUHug9s8W:2:basic_person:1.0:tag:CL_ACCUM:TAG_1" + }, + "credentialSubject": { + "firstName": "Alice", + "age": [ + { + "type": "AnonCredsPredicate", + "predicate": ">=", + "value": 18 + } + ] + }, + "issuanceDate": "2023-11-15T10:59:48.036203Z", + "issuer": "issuer:id/path=bar", + "proof": { + "type": "AnonCredsPresentationProof2023", + "mapping": { + "predicates": [ + "predicate1_referent" + ], + "revealedAttributeGroups": [], + "revealedAttributes": [ + "attr1_referent" + ], + "unrevealedAttributes": [] + }, + "proofValue": "eyJzdWJfcHJvb2Yi...zMTc1NzU0NDAzNDQ0ODUifX1dfX19" + } + } + ], + "proof": { + "type": "AnonCredsPresentationProof2023", + "challenge": "413296376279822794586260", + "proofValue": "eyJhZ2dyZWdhdGVkIjp7ImNfaGFzaCI6IjEwMT...IsMzAsMTM1LDE4MywxMDcsMTYwXV19fQ==" + } +} \ No newline at end of file diff --git a/data/anoncreds-w3c-context.json b/data/anoncreds-w3c-context.json index 3d0075c..c671daf 100644 --- a/data/anoncreds-w3c-context.json +++ b/data/anoncreds-w3c-context.json @@ -20,10 +20,6 @@ "@id": "ac:schema", "@type": "@id" }, - "revocationRegistry": { - "@id": "ac:revocationRegistry", - "@type": "@id" - }, "encoding": { "@id": "ac:encoding", "@type": "@vocab", @@ -36,6 +32,8 @@ } }, + "AnonCredsCredentialStatusList2023": "ac:AnonCredsCredentialStatusList2023", + "AnonCredsPresentation": "ac:AnonCredsPresentation", "AnonCredsPresentationProof2023": { @@ -58,8 +56,8 @@ } }, - "CLSignature2023": { - "@id": "ac:CLSignature2023", + "AnonCredsProof2023": { + "@id": "ac:AnonCredsProof2023", "@context": { "@version": 1.1, "@protected": true, @@ -75,12 +73,12 @@ "@context": { "@version": 1.1, "@protected": true, - "p_type": { - "@id": "ac:p_type", + "predicate": { + "@id": "ac:predicate", "@type": "xsd:string" }, - "p_value": { - "@id": "ac:p_value", + "value": { + "@id": "ac:value", "@type": "xsd:decimal" } } diff --git a/spec/w3c_representation.md b/spec/w3c_representation.md index 504bf3e..aecf92a 100644 --- a/spec/w3c_representation.md +++ b/spec/w3c_representation.md @@ -35,7 +35,7 @@ Example AnonCreds W3C formatted credential: }, "proof": [ { - "type": "CLSignature2023", + "type": "AnonCredsProof2023", "signature": "AAAgf9w5.....8Z_x3FqdwRHoWruiF0FlM" }, { @@ -217,7 +217,7 @@ and [Non-AnonCreds Data Integrity](https://www.w3.org/TR/vc-data-model/#data-int `AnonCreds CL` proof constructed from the `CL` signature of a verifiable credential. -The defined [@context](#context) includes a definition for the `CLSignature2023` type describing the format of the proof +The defined [@context](#context) includes a definition for the `AnonCredsProof2023` type describing the format of the proof entry: ``` @@ -225,7 +225,7 @@ entry: ... "proof": [ { - "type": "CLSignature2022", + "type": "AnonCredsProof2023", "signature": "AAAgf9w5lZg....RYp8Z_x3FqdwRHoWruiF0FlM" } ] @@ -235,7 +235,7 @@ entry: **Credential proof signature** -* `type` - `CLSignature2023` +* `type` - `AnonCredsProof2023` * `signature` - credential signature received by * building the following object from [cryptographic signature](./data_flow_issuance.md#the-credential-signature) data: @@ -257,41 +257,49 @@ of non-AnonCreds [Data Integrity Proof](https://www.w3.org/TR/vc-data-model/#dat generated using one of NIST-approved algorithms (RSA, ECDSA, EdDSA). -#### Expiration +#### Status -W3C [Expiration](https://www.w3.org/TR/vc-data-model/#expiration) section defines an optional capability to include -credential expiration information. +W3C [Status](https://www.w3.org/TR/vc-data-model/#status) section defines an optional capability to include +`credentialStatus` property to express credential status information, such as whether it is revoked. -In the case of W3C AnonCreds credentials, instead of including `expirationDate` property there is defined another -[Announced Revocation Data Flow](./data_flow_revocation.md). +In the case of W3C AnonCreds credentials, the `type` attribute of `credentialStatus` must +be `AnonCredsCredentialStatusList2023` (defined in the scope of [@context](#context)) pointing that +[AnonCreds Credential Revocation Flow](./data_flow_revocation.md) is used for credential issuance. +The `id` attribute of `credentialStatus` must contain id of revocation registry. -In order to satisfy this flow, id of `revocationRegistry` must be included into the `credentialSchema` and revocation -data (`rev_reg` and `witness`) must be included into the proof signature. +Also, credential revocation data including revocation registry and witness values (`rev_reg` and `witness`) must be +included into the credential proof signature as demonstrated above in [AnonCreds CL proof](#anoncreds-cl-proof) section. ``` { ... - "credentialSchema": { - "type": "AnonCredsDefinition", - "definition": "did:sov:3avoBCqDMFHFaKUHug9s8W:3:CL:13:default", - "schema": "did:sov:3avoBCqDMFHFaKUHug9s8W:2:fabername:0.1.0", - "revocationRegistry": "did:sov:NcYxiDXkpYi6ov5FcYDi1e:4:NcYxiDXkpYi6ov5FcYDi1e:3:CL:NcYxiDXkpYi6ov5FcYDi1e:2:gvt:1.0:tag:CL_ACCUM:TAG_1", - "encoding": "auto" + "credentialStatus": { + "type": "AnonCredsCredentialStatusList2023", + "id": "did:sov:NcYxiDXkpYi6ov5FcYDi1e:4:NcYxiDXkpYi6ov5FcYDi1e:3:CL:NcYxiDXkpYi6ov5FcYDi1e:2:gvt:1.0:tag:CL_ACCUM:TAG_1" }, ... } ``` -#### Status +#### Expiration -W3C [Status](https://www.w3.org/TR/vc-data-model/#status) section defines an optional capability to include credential -status information. +W3C [Expiration](https://www.w3.org/TR/vc-data-model/#expiration) section defines an optional capability to include +credential expiration information. In the case of W3C AnonCreds credentials, instead of including `expirationDate` property there is defined another -[Announced Revocation Data Flow](./data_flow_revocation.md). +[Announced Revocation Data Flow](./data_flow_revocation.md) implementing through +the using if [`credentialStatus`](#status) property. -In order to satisfy this flow, id of `revocationRegistry` must be included into the `credentialSchema` and revocation -data (`rev_reg` and `witness`) must be included into the proof signature. +``` +{ + ... + "credentialStatus": { + "type": "AnonCredsCredentialStatusList2023", + "id": "did:sov:NcYxiDXkpYi6ov5FcYDi1e:4:NcYxiDXkpYi6ov5FcYDi1e:3:CL:NcYxiDXkpYi6ov5FcYDi1e:2:gvt:1.0:tag:CL_ACCUM:TAG_1" + }, + ... +} +``` ### Presentation @@ -331,8 +339,8 @@ Example AnonCreds W3C formatted presentation: "age":[ { "type":"AnonCredsPredicate", - "p_type":">=", - "p_value":18 + "predicate":">=", + "value":18 } ] }, @@ -439,8 +447,8 @@ kinds of values: "age":[ { "type":"AnonCredsPredicate", - "p_type":">=", - "p_value":18 + "predicate":">=", + "value":18 } ] ... @@ -448,8 +456,8 @@ kinds of values: ``` * A predicate object consists of the following data: * `type` - `AnonCredsPredicate` type defined in the scope of [@context](#context) and describes the format of the resolved predicate - * `p_type` - type of the predicate: [same as in request](./data_flow_presentation_create_request.md) - * `p_value` - value of the predicate: [same as in request](./data_flow_presentation_create_request.md) + * `predicate` - type of the predicate: [same as in request](./data_flow_presentation_create_request.md) + * `value` - value of the predicate: [same as in request](./data_flow_presentation_create_request.md) ##### Proof (Signature) From 029fed4904548f40961eb1cb3193765c6444e893 Mon Sep 17 00:00:00 2001 From: "artem.ivanov" Date: Wed, 22 Nov 2023 17:27:07 +0300 Subject: [PATCH 4/9] Document clean up Signed-off-by: artem.ivanov --- spec/w3c_representation.md | 133 ++++++++++++++++++++++++++----------- 1 file changed, 93 insertions(+), 40 deletions(-) diff --git a/spec/w3c_representation.md b/spec/w3c_representation.md index aecf92a..34ce100 100644 --- a/spec/w3c_representation.md +++ b/spec/w3c_representation.md @@ -1,7 +1,7 @@ ## W3C Verifiable Credentials Representation -This section describes how legacy AnonCreds credentials can be represented in the form of W3C Verifiable -Credentials standard. +This section describes how legacy AnonCreds credentials and presentations can be represented in the form of +W3C Verifiable Credentials standard. ### Credential @@ -14,7 +14,7 @@ Example AnonCreds W3C formatted credential: { "@context": [ "https://www.w3.org/2018/credentials/v1", - "https://raw.githubusercontent.com/DSRCorporation/anoncreds-spec/w3c-credentials/data/anoncreds-w3c-context.json" + "https://raw.githubusercontent.com/hyperledger/anoncreds-spec/main/data/anoncreds-w3c-context.json" ], "type": [ "VerifiableCredential", @@ -62,7 +62,7 @@ The **context** definition used for AnonCreds W3C credentials representation can discovered [here](../data/anoncreds-w3c-context.json). In the case of W3C AnonCreds credentials, the `@context` attribute includes an extra -entry `https://github.io/anoncreds-w3c/context.json` +entry `https://raw.githubusercontent.com/hyperledger/anoncreds-spec/main/data/anoncreds-w3c-context.json` which is required for the resolution of custom structure definitions and looks the following: ``` @@ -70,7 +70,7 @@ which is required for the resolution of custom structure definitions and looks t ... "@context": [ "https://www.w3.org/2018/credentials/v1", - "https://github.io/anoncreds-w3c/context.json" + "https://raw.githubusercontent.com/hyperledger/anoncreds-spec/main/data/anoncreds-w3c-context.json" ], ... } @@ -116,9 +116,9 @@ Credential subject value contains [claims](https://www.w3.org/TR/vc-data-model/# In the context of W3C AnonCreds credentials, credential subject property is compliant with the following statements: -- credentials will always include claims about only one subjects. - - So that `credentialSubject` property will always be represented as an object entry, but not an array. -- credentials claims are always represented as key value pairs, where `value` is the `raw` value of CL credential +- Credentials always include claims about only one subjects. + - So that `credentialSubject` property is always represented as an object entry, but not an array. +- Credentials claims are always represented as key value pairs, where `value` is the `raw` value of CL credential attributes. - encoded CL credential values are not included in the credential subject @@ -160,6 +160,7 @@ schema in order to include the information about AnonCreds related definitions t **Credential Schema Data**: +* `type` - `AnonCredsDefinition` * `schema` - id of AnonCreds Schema * `definition` - id of AnonCreds Credential Definition * `revocation_registry` - (Optional) id of AnonCreds Revocation Registry @@ -190,6 +191,8 @@ resolvable [DID URL](https://w3c-ccg.github.io/did-resolution/) and looks the fo W3C [Issuance Date](https://www.w3.org/TR/vc-data-model/#issuance-date) section requires including of `issuanceDate` property to express the date and time when a credential becomes valid. +The value of the `issuanceDate` property must be a string value of +an [XMLSCHEMA11-2](https://www.w3.org/TR/xmlschema11-2/#dateTime) combined date-time. In the case of W3C AnonCreds credentials, the `issuanceDate` attribute should contain the time when a credential was issued or @@ -209,9 +212,8 @@ W3C [Proofs (Signatures)](https://www.w3.org/TR/vc-data-model/#proofs-signatures property to express confirmation of the credential's validity. According to the specification, one or many proof objects can be added to verifiable credentials. -In the case of W3C AnonCreds credentials, the `proof` attribute should contain at least two proof -objects: `AnonCreds CL` proof -and [Non-AnonCreds Data Integrity](https://www.w3.org/TR/vc-data-model/#data-integrity-proofs) proof. +In the case of W3C AnonCreds credentials, the `proof` attribute must contain `AnonCreds CL` proof +and may contain more [Non-AnonCreds Data Integrity](https://www.w3.org/TR/vc-data-model/#data-integrity-proofs) proofs. ##### AnonCreds CL proof @@ -233,12 +235,11 @@ entry: } ``` -**Credential proof signature** +**Credential Proof Signature Data**: * `type` - `AnonCredsProof2023` -* `signature` - credential signature received by - * building the following object from [cryptographic signature](./data_flow_issuance.md#the-credential-signature) - data: +* `signature` - credential signature received by: + * building the following object from [cryptographic signature](./data_flow_issuance.md#the-credential-signature): ``` { "signature": {..}, @@ -247,22 +248,26 @@ entry: "witness": Option<{..}>, } ``` - * encoding the object - as [base64 attachment](https://github.com/hyperledger/aries-rfcs/tree/main/concepts/0017-attachments#base64url) + * `signature` - [cryptographic credential signature correctness proof](./data_flow_issuance.md#the-credential-signature) generated for the credential. + * `signature_correctness_proof` - [credential signature correctness proof](./data_flow_issuance.md#the-credential-signature) generated for the credential. + * `rev_reg` - `null` if the credential is not revocable. A description of the element and generation process when the credential is revocable are in the section [Supporting Revocation in a Credential](./data_flow_issuance.md#supporting-revocation-in-a-credential). + * `witness` - `null` if the credential is not revocable. A description of the element and generation process when the credential is revocable are in the section [Supporting Revocation in a Credential](./data_flow_issuance.md#supporting-revocation-in-a-credential). + + * encoding the object + as [base64url attachment](https://github.com/hyperledger/aries-rfcs/tree/main/concepts/0017-attachments#base64url) ##### Non-AnonCreds Integrity proof In order to better conform to the W3C specification AnonCreds based credential allows including of non-AnonCreds [Data Integrity Proof](https://www.w3.org/TR/vc-data-model/#data-integrity-proofs) which must be -generated using one -of NIST-approved algorithms (RSA, ECDSA, EdDSA). +generated using one of NIST-approved algorithms (RSA, ECDSA, EdDSA). #### Status W3C [Status](https://www.w3.org/TR/vc-data-model/#status) section defines an optional capability to include `credentialStatus` property to express credential status information, such as whether it is revoked. -In the case of W3C AnonCreds credentials, the `type` attribute of `credentialStatus` must +In the case of W3C AnonCreds credentials, if a credential is revocable, the `type` attribute of `credentialStatus` must be `AnonCredsCredentialStatusList2023` (defined in the scope of [@context](#context)) pointing that [AnonCreds Credential Revocation Flow](./data_flow_revocation.md) is used for credential issuance. The `id` attribute of `credentialStatus` must contain id of revocation registry. @@ -270,6 +275,8 @@ The `id` attribute of `credentialStatus` must contain id of revocation registry. Also, credential revocation data including revocation registry and witness values (`rev_reg` and `witness`) must be included into the credential proof signature as demonstrated above in [AnonCreds CL proof](#anoncreds-cl-proof) section. +A description of generation process when the credential is revocable is in the section [Supporting Revocation in a Credential](./data_flow_issuance.md#supporting-revocation-in-a-credential). + ``` { ... @@ -301,6 +308,50 @@ the using if [`credentialStatus`](#status) property. } ``` +Example AnonCreds W3C formatted revocable credential: +``` +{ + "@context": [ + "https://www.w3.org/2018/credentials/v1", + "https://raw.githubusercontent.com/hyperledger/anoncreds-spec/main/data/anoncreds-w3c-context.json" + ], + "type": [ + "VerifiableCredential", + "AnonCredsCredential" + ], + "issuer": "did:sov:3avoBCqDMFHFaKUHug9s8W", + "issuanceDate": "2023-10-26T01:17:32Z", + "credentialSchema": { + "type": "AnonCredsDefinition", + "definition": "did:sov:3avoBCqDMFHFaKUHug9s8W:3:CL:13:default", + "schema": "did:sov:3avoBCqDMFHFaKUHug9s8W:2:basic_person:0.1.0", + "encoding": "auto" + }, + "credentialStatus":{ + "type":"AnonCredsCredentialStatusList2023", + "id":"did:sov:3avoBCqDMFHFaKUHug9s8W:4:3avoBCqDMFHFaKUHug9s8W:3:CL:3avoBCqDMFHFaKUHug9s8W:2:basic_person:1.0:tag:CL_ACCUM:TAG_1" + }, + "credentialSubject": { + "firstName": "Alice", + "lastName": "Jones", + "age": "18" + }, + "proof": [ + { + "type": "AnonCredsProof2023", + "signature": "AAAgf9w5.....8Z_x3FqdwRHoWruiF0FlM" + }, + { + "type": "Ed25519Signature2020", + "created": "2021-11-13T18:19:39Z", + "verificationMethod": "did:sov:3avoBCqDMFHFaKUHug9s8W#key-1", + "proofPurpose": "assertionMethod", + "proofValue": "z58DAdFfa9SkqZMVPxAQpic7ndSayn1PzZs6ZjWp1CktyGesjuTSwRdoWhAfGFCF5bppETSTojQCrfFPP2oumHKtz" + } + ] +} +``` + ### Presentation This section describes how [W3C presentation concepts](https://www.w3.org/TR/vc-data-model/#contexts) are applied to @@ -312,7 +363,7 @@ Example AnonCreds W3C formatted presentation: { "@context":[ "https://www.w3.org/2018/credentials/v1", - "https://raw.githubusercontent.com/DSRCorporation/anoncreds-spec/w3c-credentials/data/anoncreds-w3c-context.json" + "https://raw.githubusercontent.com/hyperledger/anoncreds-spec/main/data/anoncreds-w3c-context.json" ], "type":[ "VerifiablePresentation", @@ -322,7 +373,7 @@ Example AnonCreds W3C formatted presentation: { "@context":[ "https://www.w3.org/2018/credentials/v1", - "https://raw.githubusercontent.com/DSRCorporation/anoncreds-spec/w3c-credentials/data/anoncreds-w3c-context.json" + "https://raw.githubusercontent.com/hyperledger/anoncreds-spec/main/data/anoncreds-w3c-context.json" ], "type":[ "VerifiableCredential", @@ -379,7 +430,7 @@ The **context** definition used for AnonCreds W3C presentations representation c discovered [here](../data/anoncreds-w3c-context.json). In the case of W3C AnonCreds presentations, the `@context` attribute includes an extra -entry `https://github.io/anoncreds-w3c/context.json` +entry `https://raw.githubusercontent.com/hyperledger/anoncreds-spec/main/data/anoncreds-w3c-context.json` which is required for the resolution of custom structure definitions and looks the following: ``` @@ -387,7 +438,7 @@ which is required for the resolution of custom structure definitions and looks t ... "@context": [ "https://www.w3.org/2018/credentials/v1", - "https://github.io/anoncreds-w3c/context.json" + "https://raw.githubusercontent.com/hyperledger/anoncreds-spec/main/data/anoncreds-w3c-context.json" ], ... } @@ -429,8 +480,8 @@ section but with some differences. ##### Credential Subject In the case of W3C AnonCreds presentations, in contrast to the general verifiable credential structure -(when all attributes represented as key value pairs), the `credentialSubject` attribute can contain two -kinds of values: +(when all attributes represented as key value pairs), the `credentialSubject` attribute values can be represented +in two forms: * string - corresponds to a requested attribute which was revealed in the presentation ``` "credentialSubject":{ @@ -477,22 +528,23 @@ In the case of W3C AnonCreds presentations, the `proof` attribute for each verif } ``` -**Verifiable Credential Proof structure** +**Verifiable Credential Proof Data** -* `proofValue` - encoded proof generated for each specific credential received by +* `proofValue` - encoded proof generated for each specific credential received by: * building the following object from [cryptographic proof](./data_flow_presentation_create_presentation.md) data: - ``` - { - sub_proof: { - "primary_proof": { - "eq_proof": { ... }, - "ge_proofs": [ ... ] - }, - "non_revoc_proof": { ... } + ``` + { + sub_proof: { + "primary_proof": { + "eq_proof": { ... }, + "ge_proofs": [ ... ] + }, + "non_revoc_proof": { ... } + } } - } - ``` + ``` + * `sub_proof` - [cryptographyc proof](./data_flow_presentation_create_presentation.md#generate-the-presentation) generated for each used credential * encoding the object as [base64 attachment](https://github.com/hyperledger/aries-rfcs/tree/main/concepts/0017-attachments#base64url) * `mapping` - explicit mapping pointing to the data requested in the presentation request @@ -536,13 +588,14 @@ It is verifier and holder responsibility to negotiate which proof must be used * `proofValue` - encoded proof contained aggregated crypto proof data received by * building the following object from [cryptographic proof](./data_flow_presentation_create_presentation.md) data: - ``` + ``` { aggregated: { "c_hash": "...", "c_list": [...] } } - ``` + ``` + * `aggregated` - [aggregate proof](./data_flow_presentation_create_presentation.md#generate-the-presentation), across all of the source credentials that proves that the same link secret was used in the issuance of all of the credentials. * encoding the object as [base64 attachment](https://github.com/hyperledger/aries-rfcs/tree/main/concepts/0017-attachments#base64url) From 84e8fd73b07b45aa7e0101bc993e560b571f101e Mon Sep 17 00:00:00 2001 From: "artem.ivanov" Date: Thu, 23 Nov 2023 13:03:28 +0300 Subject: [PATCH 5/9] Changed proof encoding algorithm Signed-off-by: artem.ivanov --- spec/w3c_representation.md | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/spec/w3c_representation.md b/spec/w3c_representation.md index 34ce100..179f90f 100644 --- a/spec/w3c_representation.md +++ b/spec/w3c_representation.md @@ -253,8 +253,7 @@ entry: * `rev_reg` - `null` if the credential is not revocable. A description of the element and generation process when the credential is revocable are in the section [Supporting Revocation in a Credential](./data_flow_issuance.md#supporting-revocation-in-a-credential). * `witness` - `null` if the credential is not revocable. A description of the element and generation process when the credential is revocable are in the section [Supporting Revocation in a Credential](./data_flow_issuance.md#supporting-revocation-in-a-credential). - * encoding the object - as [base64url attachment](https://github.com/hyperledger/aries-rfcs/tree/main/concepts/0017-attachments#base64url) + * encoding the object using `MessagePack` and next encoding the output bytes as `Base64Url` string with no padding. ##### Non-AnonCreds Integrity proof @@ -545,8 +544,7 @@ In the case of W3C AnonCreds presentations, the `proof` attribute for each verif } ``` * `sub_proof` - [cryptographyc proof](./data_flow_presentation_create_presentation.md#generate-the-presentation) generated for each used credential - * encoding the object - as [base64 attachment](https://github.com/hyperledger/aries-rfcs/tree/main/concepts/0017-attachments#base64url) + * encoding the object using `MessagePack` and next encoding the output bytes as `Base64Url` string with no padding. * `mapping` - explicit mapping pointing to the data requested in the presentation request * data: attribute/predicate reference (key) in the presentation request * `revealedAttributes` - list of requested attributes revealed using the credential @@ -597,5 +595,4 @@ It is verifier and holder responsibility to negotiate which proof must be used } ``` * `aggregated` - [aggregate proof](./data_flow_presentation_create_presentation.md#generate-the-presentation), across all of the source credentials that proves that the same link secret was used in the issuance of all of the credentials. - * encoding the object - as [base64 attachment](https://github.com/hyperledger/aries-rfcs/tree/main/concepts/0017-attachments#base64url) + * encoding the object using `MessagePack` and next encoding the output bytes as `Base64Url` string with no padding. From 477c040f207bdc63a52090f00ad8ff0d623e2ca9 Mon Sep 17 00:00:00 2001 From: "artem.ivanov" Date: Thu, 23 Nov 2023 13:06:17 +0300 Subject: [PATCH 6/9] Drop mapping from presentation Signed-off-by: artem.ivanov --- data/W3CPresentation.json | 10 ---------- data/W3CPresentationWithRevocation.json | 10 ---------- data/anoncreds-w3c-context.json | 4 ---- spec/w3c_representation.md | 16 ---------------- 4 files changed, 40 deletions(-) diff --git a/data/W3CPresentation.json b/data/W3CPresentation.json index 2adf259..2e92a2e 100644 --- a/data/W3CPresentation.json +++ b/data/W3CPresentation.json @@ -37,16 +37,6 @@ "issuer": "issuer:id/path=bar", "proof": { "type": "AnonCredsPresentationProof2023", - "mapping": { - "predicates": [ - "predicate1_referent" - ], - "revealedAttributeGroups": [], - "revealedAttributes": [ - "attr1_referent" - ], - "unrevealedAttributes": [] - }, "proofValue": "eyJzdWJfcHJvb2Yi...zMTc1NzU0NDAzNDQ0ODUifX1dfX19" } } diff --git a/data/W3CPresentationWithRevocation.json b/data/W3CPresentationWithRevocation.json index b6d8be5..71032be 100644 --- a/data/W3CPresentationWithRevocation.json +++ b/data/W3CPresentationWithRevocation.json @@ -41,16 +41,6 @@ "issuer": "issuer:id/path=bar", "proof": { "type": "AnonCredsPresentationProof2023", - "mapping": { - "predicates": [ - "predicate1_referent" - ], - "revealedAttributeGroups": [], - "revealedAttributes": [ - "attr1_referent" - ], - "unrevealedAttributes": [] - }, "proofValue": "eyJzdWJfcHJvb2Yi...zMTc1NzU0NDAzNDQ0ODUifX1dfX19" } } diff --git a/data/anoncreds-w3c-context.json b/data/anoncreds-w3c-context.json index c671daf..905fdcc 100644 --- a/data/anoncreds-w3c-context.json +++ b/data/anoncreds-w3c-context.json @@ -41,10 +41,6 @@ "@context": { "@version": 1.1, "@protected": true, - "mapping": { - "@id": "ac:mapping", - "@type": "@json" - }, "proofValue": { "@id": "ac:proofValue", "@type": "xsd:string" diff --git a/spec/w3c_representation.md b/spec/w3c_representation.md index 179f90f..32663ac 100644 --- a/spec/w3c_representation.md +++ b/spec/w3c_representation.md @@ -398,12 +398,6 @@ Example AnonCreds W3C formatted presentation: "issuer":"issuer:id/path=bar", "proof":{ "type":"AnonCredsPresentationProof2023", - "mapping":{ - "predicates":["predicate1_referent"], - "revealedAttributeGroups":[], - "revealedAttributes":["attr1_referent"], - "unrevealedAttributes":[] - }, "proofValue":"eyJzdWJfcHJvb2Yi...zMTc1NzU0NDAzNDQ0ODUifX1dfX19" } } @@ -517,11 +511,6 @@ In the case of W3C AnonCreds presentations, the `proof` attribute for each verif ``` "proof": { "type": "AnonCredsPresentationProof2023", - "mapping": { - "revealedAttributes": ["attribute_0"], - "unrevealedAttributes": ["attribute_1"], - "requestedPredicates": ["predicate_1"] - }, "proofValue": "AAEBAnr2Ql...0UhJ-bIIdWFKVWxjU3ePxv_7HoY5pUw", "timestamp": Option<1234567>, } @@ -545,11 +534,6 @@ In the case of W3C AnonCreds presentations, the `proof` attribute for each verif ``` * `sub_proof` - [cryptographyc proof](./data_flow_presentation_create_presentation.md#generate-the-presentation) generated for each used credential * encoding the object using `MessagePack` and next encoding the output bytes as `Base64Url` string with no padding. -* `mapping` - explicit mapping pointing to the data requested in the presentation request - * data: attribute/predicate reference (key) in the presentation request - * `revealedAttributes` - list of requested attributes revealed using the credential - * `unrevealedAttributes` - list of requested attributes presented in the credential but left unrevealed - * `requestedPredicates` - list of predicates resolved using the credential * `timestamp` - (Optional) if revocation supported and requested, time as a total number of seconds from Unix Epoch representing pointing to the specif moment of revocation registry From 015291d21838e6f79e7b2b02c893abc2aaa5c878 Mon Sep 17 00:00:00 2001 From: "artem.ivanov" Date: Thu, 23 Nov 2023 13:33:57 +0300 Subject: [PATCH 7/9] Corrected formatting Signed-off-by: artem.ivanov --- spec/w3c_representation.md | 200 ++++++++++--------------------------- 1 file changed, 54 insertions(+), 146 deletions(-) diff --git a/spec/w3c_representation.md b/spec/w3c_representation.md index 32663ac..2c29003 100644 --- a/spec/w3c_representation.md +++ b/spec/w3c_representation.md @@ -8,46 +8,13 @@ W3C Verifiable Credentials standard. This section describes how [W3C credential concepts](https://www.w3.org/TR/vc-data-model/#basic-concepts) are applied to AnonCreds W3C credential representation. -Example AnonCreds W3C formatted credential: +Example AnonCreds W3C Credential +::: example Example AnonCreds W3C Credential: ```json -{ - "@context": [ - "https://www.w3.org/2018/credentials/v1", - "https://raw.githubusercontent.com/hyperledger/anoncreds-spec/main/data/anoncreds-w3c-context.json" - ], - "type": [ - "VerifiableCredential", - "AnonCredsCredential" - ], - "issuer": "did:sov:3avoBCqDMFHFaKUHug9s8W", - "issuanceDate": "2023-10-26T01:17:32Z", - "credentialSchema": { - "type": "AnonCredsDefinition", - "definition": "did:sov:3avoBCqDMFHFaKUHug9s8W:3:CL:13:default", - "schema": "did:sov:3avoBCqDMFHFaKUHug9s8W:2:basic_person:0.1.0", - "encoding": "auto" - }, - "credentialSubject": { - "firstName": "Alice", - "lastName": "Jones", - "age": "18" - }, - "proof": [ - { - "type": "AnonCredsProof2023", - "signature": "AAAgf9w5.....8Z_x3FqdwRHoWruiF0FlM" - }, - { - "type": "Ed25519Signature2020", - "created": "2021-11-13T18:19:39Z", - "verificationMethod": "did:sov:3avoBCqDMFHFaKUHug9s8W#key-1", - "proofPurpose": "assertionMethod", - "proofValue": "z58DAdFfa9SkqZMVPxAQpic7ndSayn1PzZs6ZjWp1CktyGesjuTSwRdoWhAfGFCF5bppETSTojQCrfFPP2oumHKtz" - } - ] -} +[[insert: ./data/W3CCredential.json ]] ``` +::: #### Context @@ -65,7 +32,7 @@ In the case of W3C AnonCreds credentials, the `@context` attribute includes an e entry `https://raw.githubusercontent.com/hyperledger/anoncreds-spec/main/data/anoncreds-w3c-context.json` which is required for the resolution of custom structure definitions and looks the following: -``` +```json { ... "@context": [ @@ -96,7 +63,7 @@ a valid structure. In the case of W3C AnonCreds credentials, the `type` attribute includes an extra entry `AnonCredsCredential` pointing to the difference in a base credential structure and looks the following: -``` +```json { ... "type": [ @@ -124,7 +91,7 @@ In the context of W3C AnonCreds credentials, credential subject property is comp In the case of W3C AnonCreds credentials, the `credentialSubject` attribute looks the following: -``` +```json { ... "credentialSubject": { @@ -145,7 +112,7 @@ to map the claims of a verifiable credential to an alternative representation fo In the case of W3C AnonCreds credentials, the `credentialSchema` attribute defines a custom `AnonCredsDefinition` schema in order to include the information about AnonCreds related definitions to credential and looks the following: -``` +```json { ... "credentialSchema": { @@ -179,7 +146,7 @@ issuer of a verifiable credential. In the case of W3C AnonCreds credentials, the `issuer` attribute should be represented as a resolvable [DID URL](https://w3c-ccg.github.io/did-resolution/) and looks the following: -``` +```json { ... "issuer": "did:sov:3avoBCqDMFHFaKUHug9s8W", @@ -198,7 +165,7 @@ In the case of W3C AnonCreds credentials, the `issuanceDate` attribute should co issued or transformed from legacy form, and looks the following: -``` +```json { ... "issuanceDate": "2010-01-01T19:23:24Z", @@ -222,7 +189,7 @@ and may contain more [Non-AnonCreds Data Integrity](https://www.w3.org/TR/vc-dat The defined [@context](#context) includes a definition for the `AnonCredsProof2023` type describing the format of the proof entry: -``` +```json { ... "proof": [ @@ -240,7 +207,7 @@ entry: * `type` - `AnonCredsProof2023` * `signature` - credential signature received by: * building the following object from [cryptographic signature](./data_flow_issuance.md#the-credential-signature): - ``` + ```json { "signature": {..}, "signature_correctness_proof": {..}, @@ -276,7 +243,7 @@ included into the credential proof signature as demonstrated above in [AnonCreds A description of generation process when the credential is revocable is in the section [Supporting Revocation in a Credential](./data_flow_issuance.md#supporting-revocation-in-a-credential). -``` +```json { ... "credentialStatus": { @@ -296,7 +263,7 @@ In the case of W3C AnonCreds credentials, instead of including `expirationDate` [Announced Revocation Data Flow](./data_flow_revocation.md) implementing through the using if [`credentialStatus`](#status) property. -``` +```json { ... "credentialStatus": { @@ -307,108 +274,26 @@ the using if [`credentialStatus`](#status) property. } ``` -Example AnonCreds W3C formatted revocable credential: -``` -{ - "@context": [ - "https://www.w3.org/2018/credentials/v1", - "https://raw.githubusercontent.com/hyperledger/anoncreds-spec/main/data/anoncreds-w3c-context.json" - ], - "type": [ - "VerifiableCredential", - "AnonCredsCredential" - ], - "issuer": "did:sov:3avoBCqDMFHFaKUHug9s8W", - "issuanceDate": "2023-10-26T01:17:32Z", - "credentialSchema": { - "type": "AnonCredsDefinition", - "definition": "did:sov:3avoBCqDMFHFaKUHug9s8W:3:CL:13:default", - "schema": "did:sov:3avoBCqDMFHFaKUHug9s8W:2:basic_person:0.1.0", - "encoding": "auto" - }, - "credentialStatus":{ - "type":"AnonCredsCredentialStatusList2023", - "id":"did:sov:3avoBCqDMFHFaKUHug9s8W:4:3avoBCqDMFHFaKUHug9s8W:3:CL:3avoBCqDMFHFaKUHug9s8W:2:basic_person:1.0:tag:CL_ACCUM:TAG_1" - }, - "credentialSubject": { - "firstName": "Alice", - "lastName": "Jones", - "age": "18" - }, - "proof": [ - { - "type": "AnonCredsProof2023", - "signature": "AAAgf9w5.....8Z_x3FqdwRHoWruiF0FlM" - }, - { - "type": "Ed25519Signature2020", - "created": "2021-11-13T18:19:39Z", - "verificationMethod": "did:sov:3avoBCqDMFHFaKUHug9s8W#key-1", - "proofPurpose": "assertionMethod", - "proofValue": "z58DAdFfa9SkqZMVPxAQpic7ndSayn1PzZs6ZjWp1CktyGesjuTSwRdoWhAfGFCF5bppETSTojQCrfFPP2oumHKtz" - } - ] -} +### AnonCreds W3C Revocable Credential + +::: example Example AnonCreds W3C Revocable Credential +```json +[[insert: ./data/W3CCredentialWithRevocation.json ]] ``` +::: ### Presentation This section describes how [W3C presentation concepts](https://www.w3.org/TR/vc-data-model/#contexts) are applied to AnonCreds W3C presentation representation. -Example AnonCreds W3C formatted presentation: +Example AnonCreds W3C Presentation: +::: example Example AnonCreds W3C Presentation: ```json -{ - "@context":[ - "https://www.w3.org/2018/credentials/v1", - "https://raw.githubusercontent.com/hyperledger/anoncreds-spec/main/data/anoncreds-w3c-context.json" - ], - "type":[ - "VerifiablePresentation", - "AnonCredsPresentation" - ], - "verifiableCredential":[ - { - "@context":[ - "https://www.w3.org/2018/credentials/v1", - "https://raw.githubusercontent.com/hyperledger/anoncreds-spec/main/data/anoncreds-w3c-context.json" - ], - "type":[ - "VerifiableCredential", - "AnonCredsCredential" - ], - "credentialSchema": { - "type": "AnonCredsDefinition", - "definition": "did:sov:3avoBCqDMFHFaKUHug9s8W:3:CL:13:default", - "schema": "did:sov:3avoBCqDMFHFaKUHug9s8W:2:basic_person:0.1.0", - "encoding": "auto" - }, - "credentialSubject":{ - "firstName":"Alice", - "age":[ - { - "type":"AnonCredsPredicate", - "predicate":">=", - "value":18 - } - ] - }, - "issuanceDate":"2023-11-15T10:59:48.036203Z", - "issuer":"issuer:id/path=bar", - "proof":{ - "type":"AnonCredsPresentationProof2023", - "proofValue":"eyJzdWJfcHJvb2Yi...zMTc1NzU0NDAzNDQ0ODUifX1dfX19" - } - } - ], - "proof":{ - "type":"AnonCredsPresentationProof2023", - "challenge":"413296376279822794586260", - "proofValue":"eyJhZ2dyZWdhdGVkIjp7ImNfaGFzaCI6IjEwMT...IsMzAsMTM1LDE4MywxMDcsMTYwXV19fQ==" - } -} +[[insert: ./data/W3CPresentation.json ]] ``` +::: #### Context @@ -426,7 +311,7 @@ In the case of W3C AnonCreds presentations, the `@context` attribute includes an entry `https://raw.githubusercontent.com/hyperledger/anoncreds-spec/main/data/anoncreds-w3c-context.json` which is required for the resolution of custom structure definitions and looks the following: -``` +```json { ... "@context": [ @@ -448,7 +333,7 @@ has a valid structure. In the case of W3C AnonCreds presentations, the `type` attribute includes an extra entry `AnonCredsPresentation` pointing to the difference in a base presentation structure and looks the following: -``` +```json { ... "type": [ @@ -476,7 +361,7 @@ In the case of W3C AnonCreds presentations, in contrast to the general verifiabl (when all attributes represented as key value pairs), the `credentialSubject` attribute values can be represented in two forms: * string - corresponds to a requested attribute which was revealed in the presentation - ``` + ```json "credentialSubject":{ ... "firstName":"Alice", @@ -485,7 +370,7 @@ in two forms: ``` * array of objects - corresponds to a requested predicates resolved by presentation without revealing an exact value * The value is an array as multiple predicates can be requested over the same attributed - ``` + ```json "credentialSubject":{ ... "age":[ @@ -508,7 +393,7 @@ in two forms: In the case of W3C AnonCreds presentations, the `proof` attribute for each verifiable credential must be an object of `AnonCredsPresentationProof2023` type which looks the following: -``` +```json "proof": { "type": "AnonCredsPresentationProof2023", "proofValue": "AAEBAnr2Ql...0UhJ-bIIdWFKVWxjU3ePxv_7HoY5pUw", @@ -521,7 +406,7 @@ In the case of W3C AnonCreds presentations, the `proof` attribute for each verif * `proofValue` - encoded proof generated for each specific credential received by: * building the following object from [cryptographic proof](./data_flow_presentation_create_presentation.md) data: - ``` + ```json { sub_proof: { "primary_proof": { @@ -552,7 +437,7 @@ It is verifier and holder responsibility to negotiate which proof must be used * Generate an W3C AnonCreds presentation, with all it’s privacy-preserving power and predicates * Present the VC using one of Non-AnonCreds Integrity Proof Signatures -``` +```json { ... "proof": { @@ -580,3 +465,26 @@ It is verifier and holder responsibility to negotiate which proof must be used ``` * `aggregated` - [aggregate proof](./data_flow_presentation_create_presentation.md#generate-the-presentation), across all of the source credentials that proves that the same link secret was used in the issuance of all of the credentials. * encoding the object using `MessagePack` and next encoding the output bytes as `Base64Url` string with no padding. + +### AnonCreds W3C Presentation containing Revocable Credential + +::: example Example AnonCreds W3C Presentation containing Revocable Credential: +```json +[[insert: ./data/W3CPresentationWithRevocation.json ]] +``` +::: + + +### Context + +The AnonCreds context, located at https://raw.githubusercontent.com/hyperledger/anoncreds-spec/main/data/anoncreds-w3c-context.json can be used to implement a local cached copy. +For convenience, the AnonCreds context is also provided in this section. + +::: + +::: example +```json +[[insert: ./data/anoncreds-w3c-context.json ]] +``` + +::: \ No newline at end of file From 95289307f04def26df8093fd71185bf8dfbad75d Mon Sep 17 00:00:00 2001 From: "artem.ivanov" Date: Tue, 5 Dec 2023 10:32:04 +0300 Subject: [PATCH 8/9] Added better clarification for message pack encoding Signed-off-by: artem.ivanov --- data/W3CCredential.json | 2 +- data/W3CCredentialWithRevocation.json | 2 +- data/W3CPresentation.json | 2 +- data/W3CPresentationWithRevocation.json | 4 +- spec/w3c_representation.md | 106 +++++++++++++----------- 5 files changed, 62 insertions(+), 54 deletions(-) diff --git a/data/W3CCredential.json b/data/W3CCredential.json index 96d8162..28ea679 100644 --- a/data/W3CCredential.json +++ b/data/W3CCredential.json @@ -8,7 +8,7 @@ "AnonCredsCredential" ], "issuer": "did:sov:3avoBCqDMFHFaKUHug9s8W", - "issuanceDate": "2023-10-26T01:17:32Z", + "issuanceDate": "2023-11-15T10:00:00.036203Z", "credentialSchema": { "type": "AnonCredsDefinition", "definition": "did:sov:3avoBCqDMFHFaKUHug9s8W:3:CL:13:default", diff --git a/data/W3CCredentialWithRevocation.json b/data/W3CCredentialWithRevocation.json index 0ac94fd..e998adc 100644 --- a/data/W3CCredentialWithRevocation.json +++ b/data/W3CCredentialWithRevocation.json @@ -8,7 +8,7 @@ "AnonCredsCredential" ], "issuer": "did:sov:3avoBCqDMFHFaKUHug9s8W", - "issuanceDate": "2023-10-26T01:17:32Z", + "issuanceDate": "2023-11-15T10:00:00.036203Z", "credentialSchema": { "type": "AnonCredsDefinition", "definition": "did:sov:3avoBCqDMFHFaKUHug9s8W:3:CL:13:default", diff --git a/data/W3CPresentation.json b/data/W3CPresentation.json index 2e92a2e..97e3050 100644 --- a/data/W3CPresentation.json +++ b/data/W3CPresentation.json @@ -34,7 +34,7 @@ ] }, "issuanceDate": "2023-11-15T10:59:48.036203Z", - "issuer": "issuer:id/path=bar", + "issuer": "did:sov:3avoBCqDMFHFaKUHug9s8W", "proof": { "type": "AnonCredsPresentationProof2023", "proofValue": "eyJzdWJfcHJvb2Yi...zMTc1NzU0NDAzNDQ0ODUifX1dfX19" diff --git a/data/W3CPresentationWithRevocation.json b/data/W3CPresentationWithRevocation.json index 71032be..a4b054e 100644 --- a/data/W3CPresentationWithRevocation.json +++ b/data/W3CPresentationWithRevocation.json @@ -37,8 +37,8 @@ } ] }, - "issuanceDate": "2023-11-15T10:59:48.036203Z", - "issuer": "issuer:id/path=bar", + "issuanceDate": "2023-11-15T10:00:00.036203Z", + "issuer": "did:sov:3avoBCqDMFHFaKUHug9s8W", "proof": { "type": "AnonCredsPresentationProof2023", "proofValue": "eyJzdWJfcHJvb2Yi...zMTc1NzU0NDAzNDQ0ODUifX1dfX19" diff --git a/spec/w3c_representation.md b/spec/w3c_representation.md index 02f2e24..8f3e510 100644 --- a/spec/w3c_representation.md +++ b/spec/w3c_representation.md @@ -1,6 +1,6 @@ ## W3C Verifiable Credentials Representation -This section describes how legacy AnonCreds credentials and presentations can be represented in the form of +This section describes how legacy AnonCreds credentials and presentations can be represented in the form of W3C Verifiable Credentials standard. ### Credential @@ -34,7 +34,7 @@ which is required for the resolution of custom structure definitions and looks t ```json { - ... + ... "@context": [ "https://www.w3.org/2018/credentials/v1", "https://raw.githubusercontent.com/hyperledger/anoncreds-spec/main/data/anoncreds-w3c-context.json" @@ -93,7 +93,7 @@ In the case of W3C AnonCreds credentials, the `credentialSubject` attribute look ```json { - ... + ... "credentialSubject": { "firstName": "Alice", "lastName": "Jones", @@ -114,7 +114,7 @@ schema in order to include the information about AnonCreds related definitions t ```json { - ... + ... "credentialSchema": { "type": "AnonCredsDefinition", "definition": "did:sov:3avoBCqDMFHFaKUHug9s8W:3:CL:13:default", @@ -128,9 +128,9 @@ schema in order to include the information about AnonCreds related definitions t **Credential Schema Data**: * `type` - `AnonCredsDefinition` -* `schema` - id of AnonCreds Schema -* `definition` - id of AnonCreds Credential Definition -* `revocation_registry` - (Optional) id of AnonCreds Revocation Registry +* `schema` - id of [[ref: Schema]] +* `definition` - id of [[ref: Credential Definition]] +* `revocation_registry` - (Optional) id of [[ref: Revocation Registry Definition]] * `encoding` - attributes encoding algorithm to apply for generating encoded credential values * encoded credential attribute values (binary representation required for doing CL signatures) are not included neither to `credentialSubject` or `signature` @@ -141,14 +141,14 @@ schema in order to include the information about AnonCreds related definitions t #### Issuer W3C [Issuer](https://www.w3.org/TR/vc-data-model/#issuer) section requires including of `issuer` property to express the -issuer of a verifiable credential. +[[ref: issuer]] of a verifiable credential. In the case of W3C AnonCreds credentials, the `issuer` attribute should be represented as a resolvable [DID URL](https://w3c-ccg.github.io/did-resolution/) and looks the following: ```json { - ... + ... "issuer": "did:sov:3avoBCqDMFHFaKUHug9s8W", ... } @@ -158,7 +158,7 @@ resolvable [DID URL](https://w3c-ccg.github.io/did-resolution/) and looks the fo W3C [Issuance Date](https://www.w3.org/TR/vc-data-model/#issuance-date) section requires including of `issuanceDate` property to express the date and time when a credential becomes valid. -The value of the `issuanceDate` property must be a string value of +The value of the `issuanceDate` property must be a string value of an [XMLSCHEMA11-2](https://www.w3.org/TR/xmlschema11-2/#dateTime) combined date-time. In the case of W3C AnonCreds credentials, the `issuanceDate` attribute should contain the time when a credential was @@ -167,7 +167,7 @@ transformed from legacy form, and looks the following: ```json { - ... + ... "issuanceDate": "2010-01-01T19:23:24Z", ... } @@ -186,18 +186,19 @@ and may contain more [Non-AnonCreds Data Integrity](https://www.w3.org/TR/vc-dat `AnonCreds CL` proof constructed from the `CL` signature of a verifiable credential. -The defined [@context](#context) includes a definition for the `AnonCredsProof2023` type describing the format of the proof +The defined [@context](#context) includes a definition for the `AnonCredsProof2023` type describing the format of the +proof entry: ```json { - ... + ... "proof": [ { "type": "AnonCredsProof2023", "signature": "AAAgf9w5lZg....RYp8Z_x3FqdwRHoWruiF0FlM" } - ] + ] ... } ``` @@ -205,7 +206,7 @@ entry: **Credential Proof Signature Data**: * `type` - `AnonCredsProof2023` -* `signature` - credential signature received by: +* `signature` - CL credential signature as string received by: * building the following object from [cryptographic signature](./data_flow_issuance.md#the-credential-signature): ```json { @@ -226,8 +227,7 @@ entry: when the credential is revocable are in the section [Supporting Revocation in a Credential](./data_flow_issuance.md#supporting-revocation-in-a-credential). - * encoding the object using `MessagePack` and next encoding the output bytes as `Base64Url` string with no - padding. + * encoding the object as described in the [section](#proof-data-encoding) ##### Non-AnonCreds Integrity proof @@ -237,15 +237,15 @@ generated using one of NIST-approved algorithms (RSA, ECDSA, EdDSA). #### Status -W3C [Status](https://www.w3.org/TR/vc-data-model/#status) section defines an optional capability to include -`credentialStatus` property to express credential status information, such as whether it is revoked. +W3C [Status](https://www.w3.org/TR/vc-data-model/#status) section defines an optional capability to include +`credentialStatus` property to express credential status information, such as whether it is revoked. -In the case of W3C AnonCreds credentials, if a credential is revocable, the `type` attribute of `credentialStatus` must -be `AnonCredsCredentialStatusList2023` (defined in the scope of [@context](#context)) pointing that -[AnonCreds Credential Revocation Flow](./data_flow_revocation.md) is used for credential issuance. +In the case of W3C AnonCreds credentials, if a credential is revocable, the `type` attribute of `credentialStatus` must +be `AnonCredsCredentialStatusList2023` (defined in the scope of [@context](#context)) pointing that +[AnonCreds Credential Revocation Flow](./data_flow_revocation.md) is used for credential issuance. The `id` attribute of `credentialStatus` must contain id of revocation registry. -Also, credential revocation data including revocation registry and witness values (`rev_reg` and `witness`) must be +Also, credential revocation data including revocation registry and witness values (`rev_reg` and `witness`) must be included into the credential proof signature as demonstrated above in [AnonCreds CL proof](#anoncreds-cl-proof) section. A description of generation process when the credential is revocable is in the @@ -253,7 +253,7 @@ section [Supporting Revocation in a Credential](./data_flow_issuance.md#supporti ```json { - ... + ... "credentialStatus": { "type": "AnonCredsCredentialStatusList2023", "id": "did:sov:NcYxiDXkpYi6ov5FcYDi1e:4:NcYxiDXkpYi6ov5FcYDi1e:3:CL:NcYxiDXkpYi6ov5FcYDi1e:2:gvt:1.0:tag:CL_ACCUM:TAG_1" @@ -268,12 +268,12 @@ W3C [Expiration](https://www.w3.org/TR/vc-data-model/#expiration) section define credential expiration information. In the case of W3C AnonCreds credentials, instead of including `expirationDate` property there is defined another -[Announced Revocation Data Flow](./data_flow_revocation.md) implementing through +[Announced Revocation Data Flow](./data_flow_revocation.md) implementing through the using if [`credentialStatus`](#status) property. ```json { - ... + ... "credentialStatus": { "type": "AnonCredsCredentialStatusList2023", "id": "did:sov:NcYxiDXkpYi6ov5FcYDi1e:4:NcYxiDXkpYi6ov5FcYDi1e:3:CL:NcYxiDXkpYi6ov5FcYDi1e:2:gvt:1.0:tag:CL_ACCUM:TAG_1" @@ -321,7 +321,7 @@ which is required for the resolution of custom structure definitions and looks t ```json { - ... + ... "@context": [ "https://www.w3.org/2018/credentials/v1", "https://raw.githubusercontent.com/hyperledger/anoncreds-spec/main/data/anoncreds-w3c-context.json" @@ -335,7 +335,7 @@ which is required for the resolution of custom structure definitions and looks t W3C [Types](https://www.w3.org/TR/vc-data-model/#types) section requires including of `type` property to verifiable presentation. The value of the `type` property must be one or more [URI](https://www.w3.org/TR/vc-data-model/#dfn-uri) resolvable -through the defined [@context](#context) to the information required for determining whether a verifiable presentation +through the defined [@context](#context) to the information required for determining whether a verifiable presentation has a valid structure. In the case of W3C AnonCreds presentations, the `type` attribute includes an extra entry `AnonCredsPresentation` @@ -358,17 +358,18 @@ W3C [Verifiable Credential](https://www.w3.org/TR/vc-data-model/#presentations-0 of `verifiableCredential` property to a verifiable presentation constructed from one or more [verifiable credentials](#credential). -The listed [credentials](#credential) must include attributes and predicated requested in -the [presentation request](./data_flow_presentation_create_request.md). +The listed [credentials](#credential) must include attributes and predicated requested in +the [[ref: presentation request]]. -[Verifiable credentials](#credential) mostly looks same as described at the [Credential Structure](#credential) +[Verifiable credentials](#credential) mostly looks same as described at the [Credential Structure](#credential) section but with some differences. ##### Credential Subject In the case of W3C AnonCreds presentations, in contrast to the general verifiable credential structure -(when all attributes represented as key value pairs), the `credentialSubject` attribute values can be represented +(when all attributes represented as key value pairs), the `credentialSubject` attribute values can be represented in two forms: + * string - corresponds to a requested attribute which was revealed in the presentation ```json "credentialSubject":{ @@ -377,8 +378,8 @@ in two forms: ... } ``` -* array of objects - corresponds to a requested predicates resolved by presentation without revealing an exact value - * The value is an array as multiple predicates can be requested over the same attributed +* array of objects - corresponds to a requested predicates resolved by presentation without revealing an exact value + * The value is an array as multiple predicates can be requested over the same attributed ```json "credentialSubject":{ ... @@ -400,7 +401,7 @@ in two forms: ##### Proof (Signature) -In the case of W3C AnonCreds presentations, the `proof` attribute for each verifiable credential must be an object of +In the case of W3C AnonCreds presentations, the `proof` attribute for each verifiable credential must be an object of `AnonCredsPresentationProof2023` type which looks the following: ```json @@ -413,23 +414,20 @@ In the case of W3C AnonCreds presentations, the `proof` attribute for each verif **Verifiable Credential Proof Data** -* `proofValue` - encoded proof generated for each specific credential received by: +* `proofValue` - CL credential proof as string received by: * building the following object from [cryptographic proof](./data_flow_presentation_create_presentation.md) data: ```json { sub_proof: { - "primary_proof": { - "eq_proof": { ... }, - "ge_proofs": [ ... ] - }, + "primary_proof": { ... }, "non_revoc_proof": { ... } } } ``` * `sub_proof` - [cryptographyc proof](./data_flow_presentation_create_presentation.md#generate-the-presentation) generated for each used credential - * encoding the object using `MessagePack` and next encoding the output bytes as `Base64Url` string with no padding. + * encoding the object as described in the [section](#proof-data-encoding) * `timestamp` - (Optional) if revocation supported and requested, time as a total number of seconds from Unix Epoch representing pointing to the specif moment of revocation registry @@ -438,11 +436,11 @@ In the case of W3C AnonCreds presentations, the `proof` attribute for each verif W3C [Proofs (Signatures)](https://www.w3.org/TR/vc-data-model/#proofs-signatures) section requires including of `proof` property to express confirmation of the presentation's validity. -As we described in the above section verifiable credentials can contain two proof entries (CL AnonCreds of Non-AnonCreds +As we described in the above section verifiable credentials can contain two proof entries (CL AnonCreds of Non-AnonCreds Data Integrity). Unlike verifiable credentials, presentations can contain only one proof object. -It is verifier and holder responsibility to negotiate which proof must be used +It is [[ref: verifier]] and [[ref: holder]] responsibility to negotiate which proof must be used (CL AnonCreds of Non-AnonCreds Data Integrity) in the presentation: * Generate an W3C AnonCreds presentation, with all it’s privacy-preserving power and predicates @@ -450,7 +448,7 @@ It is verifier and holder responsibility to negotiate which proof must be used ```json { - ... + ... "proof": { "type": "AnonCredsPresentationProof2023", "challenge": "182453895158932070575246", @@ -462,11 +460,11 @@ It is verifier and holder responsibility to negotiate which proof must be used **Presentation Proof structure** -* `challenge` - nonce taken from the presentation request -* `proofValue` - encoded proof contained aggregated crypto proof data received by +* `challenge` - [[ref: nonce]] taken from the [[ref: presentation request]] +* `proofValue` - aggregated CL proof as string received by: * building the following object from [cryptographic proof](./data_flow_presentation_create_presentation.md) data: - ``` + ```json { aggregated: { "c_hash": "...", @@ -475,9 +473,9 @@ It is verifier and holder responsibility to negotiate which proof must be used } ``` * `aggregated` - [aggregate proof](./data_flow_presentation_create_presentation.md#generate-the-presentation), - across all the source credentials that proves that the same link secret was used in the issuance of all of the + across all the source credentials that proves that the same link secret was used in the issuance of all the credentials. - * encoding the object using `MessagePack` and next encoding the output bytes as `Base64Url` string with no padding. + * encoding the object as described in the [section](#proof-data-encoding) ### AnonCreds W3C Presentation containing Revocable Credential @@ -487,6 +485,16 @@ It is verifier and holder responsibility to negotiate which proof must be used ``` ::: +### Proof data encoding + +1. Almost all properties of AnonCreds [[ref: credential]] signature and [[ref: presentation]] are big numbers. + The traditional JSON serialization os such data is not very compact. + Instead, we use [MessagePack](https://msgpack.org/) binary data serialization format which is faster and produces + smaller value. + You can find more details on how [MessagePack](https://msgpack.org/) works reading + the [specification](https://github.com/msgpack/msgpack/blob/master/spec.md). + +2. Encoding the resulting bytes as [Base64Url](https://tools.ietf.org/html/rfc4648#section-5) string without padding ### Context From 8577296443970c3158564792558394d242418810 Mon Sep 17 00:00:00 2001 From: "artem.ivanov" Date: Wed, 6 Dec 2023 10:02:18 +0300 Subject: [PATCH 9/9] Removed `encoding` property from credential schema Signed-off-by: artem.ivanov --- data/W3CCredential.json | 3 +-- data/W3CCredentialWithRevocation.json | 3 +-- data/W3CPresentation.json | 3 +-- data/W3CPresentationWithRevocation.json | 3 +-- data/anoncreds-w3c-context.json | 9 --------- spec/w3c_representation.md | 13 +++---------- 6 files changed, 7 insertions(+), 27 deletions(-) diff --git a/data/W3CCredential.json b/data/W3CCredential.json index 28ea679..4d521d8 100644 --- a/data/W3CCredential.json +++ b/data/W3CCredential.json @@ -12,8 +12,7 @@ "credentialSchema": { "type": "AnonCredsDefinition", "definition": "did:sov:3avoBCqDMFHFaKUHug9s8W:3:CL:13:default", - "schema": "did:sov:3avoBCqDMFHFaKUHug9s8W:2:basic_person:0.1.0", - "encoding": "auto" + "schema": "did:sov:3avoBCqDMFHFaKUHug9s8W:2:basic_person:0.1.0" }, "credentialSubject": { "firstName": "Alice", diff --git a/data/W3CCredentialWithRevocation.json b/data/W3CCredentialWithRevocation.json index e998adc..baae1b9 100644 --- a/data/W3CCredentialWithRevocation.json +++ b/data/W3CCredentialWithRevocation.json @@ -12,8 +12,7 @@ "credentialSchema": { "type": "AnonCredsDefinition", "definition": "did:sov:3avoBCqDMFHFaKUHug9s8W:3:CL:13:default", - "schema": "did:sov:3avoBCqDMFHFaKUHug9s8W:2:basic_person:0.1.0", - "encoding": "auto" + "schema": "did:sov:3avoBCqDMFHFaKUHug9s8W:2:basic_person:0.1.0" }, "credentialStatus":{ "type":"AnonCredsCredentialStatusList2023", diff --git a/data/W3CPresentation.json b/data/W3CPresentation.json index 97e3050..97a4ed9 100644 --- a/data/W3CPresentation.json +++ b/data/W3CPresentation.json @@ -20,8 +20,7 @@ "credentialSchema": { "type": "AnonCredsDefinition", "definition": "did:sov:3avoBCqDMFHFaKUHug9s8W:3:CL:13:default", - "schema": "did:sov:3avoBCqDMFHFaKUHug9s8W:2:basic_person:0.1.0", - "encoding": "auto" + "schema": "did:sov:3avoBCqDMFHFaKUHug9s8W:2:basic_person:0.1.0" }, "credentialSubject": { "firstName": "Alice", diff --git a/data/W3CPresentationWithRevocation.json b/data/W3CPresentationWithRevocation.json index a4b054e..6b0a4d4 100644 --- a/data/W3CPresentationWithRevocation.json +++ b/data/W3CPresentationWithRevocation.json @@ -20,8 +20,7 @@ "credentialSchema": { "type": "AnonCredsDefinition", "definition": "did:sov:3avoBCqDMFHFaKUHug9s8W:3:CL:13:default", - "schema": "did:sov:3avoBCqDMFHFaKUHug9s8W:2:basic_person:0.1.0", - "encoding": "auto" + "schema": "did:sov:3avoBCqDMFHFaKUHug9s8W:2:basic_person:0.1.0" }, "credentialStatus":{ "type":"AnonCredsCredentialStatusList2023", diff --git a/data/anoncreds-w3c-context.json b/data/anoncreds-w3c-context.json index 905fdcc..e9f603b 100644 --- a/data/anoncreds-w3c-context.json +++ b/data/anoncreds-w3c-context.json @@ -19,15 +19,6 @@ "schema": { "@id": "ac:schema", "@type": "@id" - }, - "encoding": { - "@id": "ac:encoding", - "@type": "@vocab", - "@context": { - "@version": 1.1, - "@protected": true, - "auto": "ac:autoEncoding" - } } } }, diff --git a/spec/w3c_representation.md b/spec/w3c_representation.md index 8f3e510..8fde186 100644 --- a/spec/w3c_representation.md +++ b/spec/w3c_representation.md @@ -87,7 +87,8 @@ In the context of W3C AnonCreds credentials, credential subject property is comp - So that `credentialSubject` property is always represented as an object entry, but not an array. - Credentials claims are always represented as key value pairs, where `value` is the `raw` value of CL credential attributes. - - encoded CL credential values are not included in the credential subject + - Encoded credential values are not included in the credential subject. Libraries implementing specification must use [the algorithm](https://github.com/hyperledger/aries-rfcs/tree/main/features/0592-indy-attachments#encoding-claims) + to generate encoded values during the signature generation and proof verification. In the case of W3C AnonCreds credentials, the `credentialSubject` attribute looks the following: @@ -118,8 +119,7 @@ schema in order to include the information about AnonCreds related definitions t "credentialSchema": { "type": "AnonCredsDefinition", "definition": "did:sov:3avoBCqDMFHFaKUHug9s8W:3:CL:13:default", - "schema": "did:sov:3avoBCqDMFHFaKUHug9s8W:2:fabername:0.1.0", - "encoding": "auto" + "schema": "did:sov:3avoBCqDMFHFaKUHug9s8W:2:fabername:0.1.0" }, ... } @@ -130,13 +130,6 @@ schema in order to include the information about AnonCreds related definitions t * `type` - `AnonCredsDefinition` * `schema` - id of [[ref: Schema]] * `definition` - id of [[ref: Credential Definition]] -* `revocation_registry` - (Optional) id of [[ref: Revocation Registry Definition]] -* `encoding` - attributes encoding algorithm to apply for generating encoded credential values - * encoded credential attribute values (binary representation required for doing CL signatures) are not included - neither to `credentialSubject` or `signature` - * `encoding: auto` implies using the algorithm defined - at [Aries RFC 0592 Indy Attachments section](https://github.com/hyperledger/aries-rfcs/tree/main/features/0592-indy-attachments#encoding-claims) - to generate encoded values under the hood during the signature generation and proof verification. #### Issuer