Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarify what is and is not verified by AnonCreds and what is the responsibility of the calling framework and application #145

Closed
Tracked by #175
swcurran opened this issue May 8, 2023 · 1 comment
Closed
Tracked by #175

Clarify what is and is not verified by AnonCreds and what is the responsibility of the calling framework and application #145

swcurran opened this issue May 8, 2023 · 1 comment

Comments

@swcurran
Copy link
Member

swcurran commented May 8, 2023

Discussed on the AnonCreds Specification Working Group Call, May 8, 2023.

We need to be clear what is verified by AnonCreds and what is the responsibility of the caller to verify when using AnonCreds. For example, the following needs to be included in the AnonCreds specification.

  • In general, the caller must confirm that the presentation meets the business requirements of the verifier when the cryptographic verification done by AnonCreds is successful (e.g., verified=true may not be sufficient)
  • Encodings of revealed attributes must be checked by the caller.
  • The trustworthiness of credential issuers is the responsibility of the caller.
    • For example, if the restrictions on a referent is by schema, any issuer could issue a credential to the holder.
    • A trust registry may be useful for that purpose.
  • (To be confirmed) It is the responsibility of the verifier to make sure that all referents are included in the presentation.
    • AnonCreds will verify the cryptography of all included referents (presentations derived from source credentials), but not that all referents from the presentation request are included.
    • This can be feature in some cases, such as when the verifier requests multiple referents, but is willing to accept a presentation with only some of the referents. The AnonCreds presentation request format does not have a way for the verifier to convey that information to the holder.
  • The caller must decided if it is acceptable for Holders to leave some requested attributes unrevealed.
  • A caller may decide it is acceptable for a given business purpose for a presentation to be derived from a revoked credential.
    • This can be expressed by a verifier not including a revocation interval in the presentation request.

The business-purpose validity of a presentation MAY be carried out by the library/component invoking AnonCreds. For example, an Aries Framework may add some additional checks not covered by AnonCreds, such as verifying the encodings and ensuring all referents from the presentation request are included. However, there are some checks that are use case specific and can only be done by the calling application.
@swcurran
Copy link
Member Author

This has been clarified in the spec. Adding to the checklist for the final review.

@swcurran swcurran mentioned this issue Dec 21, 2023
Open
17 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@swcurran