-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove checks option #9
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hrm, I think I disagree with this change as it was meant to be an extension point for sorts of checks that can be performed. Two options being 'proof', 'revocation', and 'custom-check-123' -- or something equivalent. If we remove this, we need to figure out how to instruct the verifier to do the appropriate set of checks, some of which may be extensions, and some of which might be entirely proprietary.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The problem is that the test suite and the API definition currently conflict with each other. The test suite sends the "checks" option, but the API definition doesn't support it.
So either we need to remove it from the test suite (which this PR is doing), or we need to add it to the API. Personally I think either way is okay.
On the 05 Oct 2021 VC API Work Item call people felt that variability of checks is bad (see w3c-ccg/vc-api#74 (comment), w3c-ccg/vc-api#59 (comment), w3c-ccg/vc-api#62 (comment)), therefore I think this PR should go ahead, but I'd also be fine with discussing this topic again...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
checks should be internalized, errors provided by the API should be made more detailed, and used to ensure conformance... it should not be possible to pass the tests by saying "don't check the proof or its status".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Passing a list of checks that the verifier is expected to do only makes sense in the instance where the verifier is an internal only API, in those cases saying please verify X not Y seems pretty important.
The vc api needs to have a firm stance on if these calls are all internal vs external, and until we have that language in the spec, we should not have this test suite do a test the API definition doesn't support.
@msporny can you re-review this, based on above comments? Especially the one about an existing conflict between API spec and test suite regarding the "checks" option. |
I'm fine w/ removing this for now. I think this is going to bite us at some point, but let's wait until it bites us to put it back in. There is nothing preventing people from having their own extensions... which raises the question: How does an organization provide options that they are guaranteed won't conflict with future updates to this spec? Perhaps we need a "vendorOptions" field? Or just call it for what it is "vendorLockinOptions"? :P (kidding about the last part, there) |
That's easy...
|
I feel like I'm being trolled... are you trolling me, Markus? :P |
Multiple reviews, no objections, merging. |
As suggested in #8, remove use of the (unspecified)
checks
verification option.With this change, I think it is expected that implementations check a credential/presentation's proof in all cases (as previously the "proof" check was passed in all cases), and check
credentialStatus
for verifiable credentials when the `credentialStatus property is present (Previously the "credentialStatus" check was passed for verifiable credentials case-14.json and case-15.json).checks
is still expected to be in the responses (VerificationResult
) as before.Related discussion of what should be checked during verification: w3c-ccg/vc-api#59.