-
Notifications
You must be signed in to change notification settings - Fork 110
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Proposal: Chaining VCs via links and digests #952
Comments
Should we include Currently we only have: |
@dmitrizagidulin would it make sense to not reuse the 'digestMultibase' prop name and instead define a new one like 'cid'? Now that you're including a multicodec, I think you're basically just using a CID https://github.com/multiformats/cid#cidv1 |
hmmm I'm not sure. One, |
Lets separate the concept of "linking VCs" from "talking about hashing" |
Same, comment I made here: #1035 (review) I dislike |
The issue was discussed in a meeting on 2022-09-15
View the transcript5.3. Proposal: Chaining VCs via links and digests (issue vc-data-model#952)See github issue vc-data-model#952. Kristina Yasuda: We want to see concrete text to make progress. Dmitri Zagidulin: This is the concrete text. Kristina Yasuda: I'm assigning this to Dmitri.
Brent Zundel: Once it's ready for concrete changes to the spec, raise the PR. Kristina Yasuda: We're getting into feature freeze. If you want this in V2 it needs to happen soon.. |
The issue was discussed in a meeting on 2023-04-11
View the transcript1.7. Proposal: Chaining VCs via links and digests (issue vc-data-model#952)See github issue vc-data-model#952. Kristina Yasuda: "Proposal: Chaining VCs via links and digests" - have discussed, prior issues, don't think we ever saw a PR. Michael Prorock: Let's either close or mark pending close, it's a complicated enough issue that coming in right before feature freeze is problematic..
Kristina Yasuda: any objections to pending close?. Orie Steele: suspects personal hallucination, but thought id was present in proof, and id facilitates possible chaining. Manu Sporny: did add id for proof chaining, but this is chaining VCs, not proofs - not this issue.
Kristina Yasuda: marking pending close lacking objections. |
1 similar comment
The issue was discussed in a meeting on 2023-04-11
View the transcript1.7. Proposal: Chaining VCs via links and digests (issue vc-data-model#952)See github issue vc-data-model#952. Kristina Yasuda: "Proposal: Chaining VCs via links and digests" - have discussed, prior issues, don't think we ever saw a PR. Michael Prorock: Let's either close or mark pending close, it's a complicated enough issue that coming in right before feature freeze is problematic..
Kristina Yasuda: any objections to pending close?. Orie Steele: suspects personal hallucination, but thought id was present in proof, and id facilitates possible chaining. Manu Sporny: did add id for proof chaining, but this is chaining VCs, not proofs - not this issue.
Kristina Yasuda: marking pending close lacking objections. |
No objections since being marked |
(Extracted from issue #831, which proposed two properties,
digestMultibase
andanchoredResource
.)Motivation
Background / Use Cases
There are many use cases that involve binding multiple Verifiable Credentials together. For example, a simple Student ID credential can consist of an overall container credential, which links to several individual credentials (such as a student Photo credential, a proof of enrollment at a particular university, a proof of age, etc).
Note that this is different than binding multiple credentials together in a Verifiable Presentation (and having the presenter sign the VP). In the VP case, the binding just means "this presenter is authenticating the handing over of these unrelated credentials". Whereas in the linked VC case, the credentials are aware of each other, and the peer or hierarchical relationship is built into the VC itself.
Chaining Credentials
For most use cases, chaining VCs together (or chaining a VC and an external resource) requires two things: 1) URIs (which we already have, from
id
s), and 2) a digest hash (to cryptographically bind the destination).In turn, a digest hash of are resource of any kind requires, at minimum:
SHA-256
)Straw Proposals
For example, binding a VC to an external resource (such as an image or a PDF) would involve: (note that these are mock property names, the actual property name is in the proposal in the next section)
The above example cryptographically binds the image URL & contents to the VC and its signature proof.
Actual
digestMultibase
proposalFor space saving reasons, the four digest-related fields (hash alg, char encoding, hash bytes, transform alg) could be all compressed into one field, using Multicodec notation (which is currently being standardized at IETF).
This proposal defines the
digestMultibase
field as:Using this notation, the previous example would look something like:
Validation
A VC validator, when encountering a
digestMultibase
field, must do the following (throwing an error if any of those fail):id
property on the same level as the digest)digestMultibase
field using Multicodec rulesdigestMultibase
Use Cases and Examples
TODO: add these. But see the RWoT11 paper "Composing Credentials via Links and Cryptographic Binding" for examples of using
digestMultibase
for Educational credentials.The text was updated successfully, but these errors were encountered: