-
Notifications
You must be signed in to change notification settings - Fork 110
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add mechanism to embed enveloped VCs in VPs. #1358
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2022,11 +2022,11 @@ <h3>Securing Verifiable Credentials</h3> | |
</p> | ||
<p> | ||
This specification recognizes two classes of securing mechanisms: those that use | ||
external proofs and those that use embedded proofs. An | ||
<dfn class="export">external proof</dfn> is one that wraps an expression of | ||
enveloping proofs and those that use watermarking proofs. An | ||
<dfn class="export">enveloping proof</dfn> is one that wraps an expression of | ||
this data model, such as via a JSON Web Token, which is elaborated on in the | ||
<em>Securing Verifiable Credentials using JOSE and COSE</em> [[VC-JOSE-COSE]] specification. | ||
An <dfn class="export">embedded proof</dfn> is a mechanism where the proof is | ||
A <dfn class="export">watermarking proof</dfn> is a mechanism where the proof is | ||
included in the data model, such as a Data Integrity Proof, which is elaborated | ||
on in <em>Verifiable Credential Data Integrity</em> [[VC-DATA-INTEGRITY]]. | ||
</p> | ||
|
@@ -2045,7 +2045,7 @@ <h3>Securing Verifiable Credentials</h3> | |
</p> | ||
<p> | ||
Methods of securing <a>verifiable credentials</a> or <a>verifiable | ||
presentations</a> that use an external proof MAY use the <code>proof</code> | ||
presentations</a> that use an enveloping proof MAY use the <code>proof</code> | ||
<a>property</a>. | ||
</p> | ||
<dl> | ||
|
@@ -2056,7 +2056,7 @@ <h3>Securing Verifiable Credentials</h3> | |
the authorship of a <a>verifiable credential</a> or a <a>verifiable | ||
presentation</a>. Each proof is a separate <a>named graph</a> | ||
(referred to as a <dfn class="export">proof graph</dfn>) containing a single | ||
proof. The specific method used for an <a>embedded proof</a> MUST be identified | ||
proof. The specific method used for a <a>watermarking proof</a> MUST be identified | ||
using the <code>type</code> <a>property</a>. | ||
</p> | ||
<p> | ||
|
@@ -2244,6 +2244,13 @@ <h3>Presentations</h3> | |
verifiable credential graphs</a> in a cryptographically <a>verifiable</a> format. | ||
See Section <a href="#verifiable-credential-graphs"></a> for further details on | ||
this topic. | ||
</dd> | ||
<dt><var id="defn-envelopedVerifiableCredential">envelopedVerifiableCredential</var></dt> | ||
<dd> | ||
The <code>envelopedVerifiableCredential</code> <a>property</a> MAY be present. | ||
The value MUST be an array of one or more <a>URLs</a> using the `data:` URL | ||
scheme where each value contains a <a>verifiable credential</a> that | ||
is secured using an <a>enveloping proof</a>. | ||
Comment on lines
+2247
to
+2253
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. As the discussion with @andresuribe87 shows: this term may not be properly defined. The question is: what is exactly the semantics and the behavior v.a.v. the encoded verifiable credentials? This may become a question if the enclosing VP has to be signed, for example. I can see two alternatives:
I think that to properly specify (1) is problematic, and requires quite a lot of additional specification text. That approach would not really go well with the Linked Data aspect: it looks like having a "plugin" processor put into the JSON-LD processing. Alternative (2) is clean (although with a caveat, see below), but I am not sure whether it is what the expectation is with that property. As for the caveat: the usage of a URL, i.e., a data URL, is questionable in the case of alternative (2). See my separate comment on the relevant issue There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Agreed, and I believe it's aligned w/ the expectation. IMHO, that /is/ a separate graph of information (or rather, should be treated as one) and we can say that in the specification. IOW, it's not presumed that one would take that signed object and merge it into the default graph. There is also an expectation that it contains a conforming document that is secured using the rules for the media type. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
👍
We have to be very cautious then how we formulate that. From a Linked Data perspective and, consequently, from the terminology used in the specification, it is not a separate graph, it is "just" a more-or-less opaque string. The application level, could (should? must?) do additional checks on whether it can be decoded into a graph and whether that graph is conforming to our specification. But that is on a different layer. Very specifically. If I sign, using RCH or via JWS, a VP that uses this term, that signature applies on the encoded string, i.e., the value of the property and not on the decoded graph. This must be clearly specified in the spec, otherwise we run into problems imho.
Ok. I think we are aligned. Now comes the simple task of formalizing that succinctly in the document 😀. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @msporny, you did not react on the exact specification of the term's range, ie, whether we define a new datatype or whether leave it as a URL... There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
The above gives me enough to make an attempt at a PR modification, thank you.
Let's leave it as a URL for now, because it is a URL. You are signing over an opaque URL and it's up to the application to interpret that URL, and we'll provide guidance on exactly how applications should interpret that URL (evaluate the URL, it should result in a separate graph that contains a VC that is secured using some recognized securing mechanism). I'll try to be less hand-wavy in the PR contents. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Ok, let us try to go the simple way and keep it as a URL... Let us see where this goes. |
||
</dd> | ||
<dt><var id="defn-holder">holder</var></dt> | ||
<dd> | ||
|
@@ -2278,7 +2285,8 @@ <h3>Presentations</h3> | |
</dl> | ||
|
||
<p> | ||
The example below shows a <a>verifiable presentation</a>: | ||
The example below shows a <a>verifiable presentation</a> that uses | ||
<a>watermarking proofs</a>: | ||
</p> | ||
|
||
<pre class="example nohighlight" title="Basic structure of a presentation"> | ||
|
@@ -2304,6 +2312,26 @@ <h3>Presentations</h3> | |
[[?VC-JOSE-COSE]] specification. | ||
</p> | ||
|
||
<p> | ||
The example below shows a <a>verifiable presentation</a> that contains | ||
<a>verifiable credentials</a> that are protected using <a>enveloping proofs</a>: | ||
</p> | ||
|
||
<pre class="example nohighlight" title="A presentation that contains verifiable credentials secured using enveloping proofs"> | ||
{ | ||
"@context": [ | ||
"https://www.w3.org/ns/credentials/v2", | ||
"https://www.w3.org/ns/credentials/examples/v2" | ||
], | ||
"id": "urn:uuid:5ec137ea-871e-11ee-a783-ef96a4397a9a", | ||
"type": ["VerifiablePresentation", "ExamplePresentation"], | ||
"envelopedVerifiableCredential": [ | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I take it this is believed to be needed because dynamic RDF Processors struggle with this:
I don't think these changes are helpful. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I do not understand the remark "dynamic RDF Processors struggle with this". Actually, I do not even understand what you mean by "dynamic RDF Processor"... From a pure RDF point of view, there is no struggle. A data URL is a URL, no difference between that one an any other URL. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. If what you mean is that one could use an absolute URL (e.g., a data URL) as a value for the The value of the Looking at your examples
is actually wrong. The proper representation in nquads would be:
It is questionable whether this is what we want, semantically. The usage of a separate property side-steps this issue, which sounds o.k. to me if this is what the WG wants. See also my separate discussion on the feature a few days ago and in what follows. See my comment below: we have to decide whether that feature is really necessary or not. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @OR13 , I just realized that your set of n-quads, i.e.,
were generated by the JSON Playground, and you were misled because there is, in my view, a bug somewhere, see #1373. That being said, there is also a bug in my head, because what I said should be the result, namely:
This is also wrong, insofar as there is no ground for the second triple. From a JSON-LD point of view, I believe the only triple that is generated is
which makes it even more unsuitable for what we need... I cc @BigBlueHat and @dlongley here, because I never feel comfortable with JSON-LD... There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @OR13's example doesn't use the approach proposed here and pulls in the examples context with it's "catch-all" vocab...so it doesn't accurately represent the changes proposed here, but rather shows what's broken without these changes. The context changes that would be made once #1372 is merged would look more like the following--which uses the term proposed here defined as a URL/IRI as expressed in #1372: {
"@context": [
"https://www.w3.org/ns/credentials/v2",
{"envelopedVerifiableCredential": {"@type": "@id"}}
],
"id": "urn:uuid:5ec137ea-871e-11ee-a783-ef96a4397a9a",
"type": ["VerifiablePresentation", "ExamplePresentation"],
"envelopedVerifiableCredential": [
"data:application/jwt;base64,QzVjV...RMjUK==",
"data:application/cwt;base64,ZmlOW...pYzMK="
]
} Resulting quads look like--which reads correctly to me based on this PR and the vocab changes proposed in #1372:
|
||
"data:application/jwt;base64,QzVjV...RMjUK==", | ||
"data:application/cwt;base64,ZmlOW...pYzMK=" | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. A CWT can never be a"verifiable credential"... CWTs secure a CBOR map as a payload. Verifiable Credentials secure a Compact JSON-LD Document as a payload. |
||
] | ||
} | ||
</pre> | ||
|
||
<section> | ||
<h4>Presentations Using Derived Credentials</h4> | ||
|
||
|
@@ -2381,7 +2409,7 @@ <h4>Presentations Including Holder Claims</h4> | |
mechanism as the <a>verifiable presentation</a>. | ||
</p> | ||
|
||
<pre class="example nohighlight" title="A verifiable presentation, secured with an embedded proof, with a self-asserted verifiable credential"> | ||
<pre class="example nohighlight" title="A verifiable presentation, secured with a watermarking proof, with a self-asserted verifiable credential"> | ||
{ | ||
"@context": [ | ||
"https://www.w3.org/ns/credentials/v2", | ||
|
@@ -2408,7 +2436,7 @@ <h4>Presentations Including Holder Claims</h4> | |
<a>verifiable presentation</a>. | ||
</p> | ||
|
||
<pre class="example nohighlight" title="A verifiable presentation, secured with an embedded proof, with a self-asserted verifiable credential about the verifiable presentation"> | ||
<pre class="example nohighlight" title="A verifiable presentation, secured with a watermarking proof, with a self-asserted verifiable credential about the verifiable presentation"> | ||
{ | ||
"@context": [ | ||
"https://www.w3.org/ns/credentials/v2", | ||
|
@@ -6528,7 +6556,7 @@ <h2>application/vc+ld+json</h2> | |
</p> | ||
|
||
<p> | ||
This media type can be used with credentials secured using an <a>external | ||
This media type can be used with credentials secured using an <a>enveloping | ||
proof</a>. | ||
</p> | ||
<p> | ||
|
@@ -6590,7 +6618,7 @@ <h2>application/vp+ld+json</h2> | |
|
||
<p> | ||
This media type can be used with presentations secured using an | ||
<a>external proof</a>. | ||
<a>enveloping proof</a>. | ||
</p> | ||
<p> | ||
A [[JSON-LD]] context is expected to be present in the body of the document, and | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
watermarking typically implies some difficulty in removing the mark... this is not true of embedded proofs.
I think the term embedded proofs was better here...