diff --git a/.gitignore b/.gitignore index 17be60e94..c02751408 100644 --- a/.gitignore +++ b/.gitignore @@ -8,8 +8,9 @@ .vscode .idea .gitignore +*.bkp **/node_modules **/.DS_Store **/.vscode -**/package-lock.json \ No newline at end of file +**/package-lock.json diff --git a/README.md b/README.md index 9fadf7fba..f9da9e85a 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,6 @@ mailing list. * Charter: [https://www.w3.org/2022/06/verifiable-credentials-wg-charter.html](https://www.w3.org/2022/06/verifiable-credentials-wg-charter.html) * Chairs * Brent Zundel - @brentzundel - * Kristina Yasuda - @Sakurann ### Verifiable Credentials github repos * [Use Cases](https://github.com/w3c/vc-use-cases) diff --git a/common.js b/common.js index b90283a0a..d1b009a65 100644 --- a/common.js +++ b/common.js @@ -5,15 +5,6 @@ var vcwg = { // Add as the respecConfig localBiblio variable // Extend or override global respec references localBiblio: { - "REST": { - title: "Architectural Styles and the Design of Network-based Software Architectures", - date: "2000", - href: "http://www.ics.uci.edu/~fielding/pubs/dissertation/", - authors: [ - "Fielding, Roy Thomas" - ], - publisher: "University of California, Irvine." - }, "VC-SPECS": { title: "Verifiable Credential Specifications Directory", href: "https://w3c.github.io/vc-specs-dir/", @@ -44,48 +35,6 @@ var vcwg = { status: "WD", publisher: "Verifiable Credentials Working Group" }, - "LDP-REGISTRY": { - title: "Linked Data Cryptographic Suite Registry", - href: "https://w3c-ccg.github.io/ld-cryptosuite-registry/", - authors: [ - "Manu Sporny", - "Drummond Reed", - "Orie Steele" - ], - status: "CG-DRAFT", - publisher: "Credentials Community Group" - }, - "CL-SIGNATURES": { - title: "A Signature Scheme with Efficient Protocols", - href: "https://www.researchgate.net/publication/220922101_A_Signature_Scheme_with_Efficient_Protocols", - authors: [ - "Jan Camenisch", - "Anna Lysyanskaya" - ], - status: "Peer Reviewed Paper", - publisher: "IBM Research" - }, - // aliases to known references - "HTTP-SIGNATURES": { - aliasOf: "http-signatures" - }, - "MACAROONS": { - title: 'Macaroons', - // TODO: create spec - href: 'http://macaroons.io/', - authors: ['Arnar Birgisson', 'Joe Gibbs Politz', 'Úlfar Erlingsson', - 'Ankur Taly', 'Michael Vrable', 'Mark Lentczner'], - status: 'unofficial', - publisher: 'Credentials Community Group' - }, - 'OPEN-BADGES': { - title: 'Open Badges', - href: 'https://github.com/openbadges/openbadges-specification', - authors: ['Brian Brennan', 'Mike Larsson', 'Chris McAvoy', - 'Nate Otto', 'Kerri Lemoie'], - status: 'BA-DRAFT', - publisher: 'Badge Alliance Standard Working Group' - }, 'RDF-NORMALIZATION': { title: 'RDF Dataset Normalization', href: 'http://json-ld.github.io/normalization/spec/', @@ -106,20 +55,8 @@ var vcwg = { status: 'ED', publisher: 'Credentials Community Group' }, - 'HASHLINK': { - title: 'Cryptographic Hyperlinks', - href: 'https://datatracker.ietf.org/doc/draft-sporny-hashlink/', - authors: ['Manu Sporny'], - status: 'Internet-Draft', - publisher: 'Internet Engineering Task Force (IETF)' - }, - 'IPFS': { - title: 'InterPlanetary File System (IPFS)', - href: 'https://en.wikipedia.org/wiki/InterPlanetary_File_System', - publisher: 'Wikipedia' - }, - 'VC-JSON-SCHEMA-2023': { - title: 'Verifiable Credentials JSON Schema 2023', + 'VC-JSON-SCHEMA': { + title: 'Verifiable Credentials JSON Schema Specification', href: 'https://www.w3.org/TR/vc-json-schema/', authors: ['Gabe Cohen', 'Orie Steele'], status: 'FPWD', @@ -132,13 +69,6 @@ var vcwg = { status: 'WD', publisher: 'W3C JSON-LD 1.1 Working Group' }, - 'VC-JWT': { - title: 'Securing Verifiable Credentials using JSON Web Tokens', - href: 'https://w3c.github.io/vc-jwt/', - authors: ['Orie Steele', 'Michael Jones'], - status: 'ED', - publisher: 'W3C Verifiable Credentials Working Group' - }, 'VC-SPECS': { title: 'Verifiable Credentials Specifications Directory', href: 'https://w3c.github.io/vc-specs-dir/', @@ -152,6 +82,13 @@ var vcwg = { authors: ['Daniel Buchner', 'Brent Zundel', 'Martin Riedel', 'Kim Hamilton Duffy'], status: 'DIF Ratified Specification', publisher: 'Decentralized Identity Foundation' + }, + 'OHTTP': { + title: 'Oblivious HTTP ', + href: 'https://datatracker.ietf.org/doc/html/draft-ietf-ohai-ohttp', + authors: ['Martin Thomson', 'Christopher A. Wood'], + status: 'Working Group Draft', + publisher: 'IETF Oblivious HTTP Application Intermediation' } } }; diff --git a/contexts/credentials/v2 b/contexts/credentials/v2 index db71e8ca7..7564e7ab8 100644 --- a/contexts/credentials/v2 +++ b/contexts/credentials/v2 @@ -66,6 +66,14 @@ "@id": "https://www.iana.org/assignments/jwt#..." }, + "digestSRI": { + "@id": "https://www.w3.org/2018/credentials#digestSRI", + "@type": "https://www.w3.org/2018/credentials#sriString" + }, + "mediaType": { + "@id": "https://schema.org/encodingFormat" + }, + "VerifiableCredential": { "@id": "https://www.w3.org/2018/credentials#VerifiableCredential", "@context": { @@ -149,6 +157,10 @@ "confidenceMethod": { "@id": "https://www.w3.org/2018/credentials#confidenceMethod", "@type": "@id" + }, + "relatedResource": { + "@id": "https://www.w3.org/2018/credentials#relatedResource", + "@type": "@id" } } }, diff --git a/index.html b/index.html index ecb166a07..fcc65d325 100644 --- a/index.html +++ b/index.html @@ -305,10 +305,7 @@
@@ -915,6 +909,9 @@
@@ -924,7 +921,7 @@
+{ // set the context, which establishes the special terms we will be using // such as 'issuer' and 'alumniOf'. @@ -951,22 +948,6 @@@@ -981,8 +962,19 @@Concrete Lifecycle Example
// name of the university "name": "Example University" } - }, - // digital proof that makes the credential tamper-evident - // see the NOTE at end of this section for more detail - "proof": { - // the type of embedded proof securing the verifiable credential - "type": "DataIntegrityProof", - // the name of the cryptographic signature suite - "cryptosuite": "eddsa-2022", - // the date the signature was created - "created": "2023-06-18T21:19:10Z", - // purpose of this proof - "proofPurpose": "assertionMethod", - // the identifier of the public key that can verify the signature - "verificationMethod": "https://university.example/issuers/565049#key-123", - // the digital signature value - "proofValue": "zQeVbY4oey5q2M3XKaxup3tmzN4DRFTLVqpLMweBrSxMY2xHX5XTYV8nQApmEcqaqA3Q1gVHMrXFkXJeV6doDwLWx" } } Concrete Lifecycle Example
verifiable credential. Pat selects the alumni verifiable credential, which is then composed into a verifiable presentation. The verifiable presentation is sent to -the verifier and verified. - +the verifier and verified. + +Once verified as authentic and current, the seller of the season ticket + then validates that the issuer of the verifiable credential is + recognized for the claim of alumni status—it is, as it is issued + by Example University—and that today's date lies within the + validity period defined by the values of the validFrom and validUntil + properties. Since the holder is expected to be the subject of the + verifiable credential, the verifier also confirms that + the id for the alumni claim matches the id of the creator of the + verifiable presentation. +
+Having verified the credential and the presentation, and validated the relevant claims, the ticket seller safely enables the alumni discount for Pat, confident that Pat is legitimately entitled to it.
{ "@context": [ @@ -1006,39 +998,17 @@Concrete Lifecycle Example
"id": "did:example:c276e12ec21ebfeb1f712ebc6f1", "name": "Example University" } - }, - "proof": { - "type": "DataIntegrityProof", - "cryptosuite": "eddsa-2022", - "created": "2023-06-18T21:19:10Z", - "proofPurpose": "assertionMethod", - "verificationMethod": "https://university.example/issuers/565049#key-1", - "proofValue": "zQeVbY4oey5q2M3XKaxup3tmzN4DRFTLVqpLMweBrSxMY2xHX5XTYV8nQA - pmEcqaqA3Q1gVHMrXFkXJeV6doDwLWx" } - }], - // digital signature by Pat on the presentation - // protects against replay attacks - "proof": { - "type": "DataIntegrityProof", - "cryptosuite": "eddsa-2022", - "created": "2018-09-14T21:19:10Z", - "proofPurpose": "authentication", - "verificationMethod": "did:example:ebfeb1f712ebc6f1c276e12ec21#keys-1", - // 'challenge' and 'domain' protect against replay attacks - "challenge": "1f44d55f-f161-4938-a659-f8026467f126", - "domain": "4jt78h47fh47", - "proofValue": "zqpLMweBrSxMY2xHX5XTYV8nQAJeV6doDwLWxQeVbY4oey5q2pmEcqaqA3Q1 - gVHMrXFkXM3XKaxup3tmzN4DRFTLV" - } + }] }-Implementers that are interested in understanding more about the -
@@ -2411,7 +2381,7 @@proof
mechanism used above can learn more in Section and by reading the following specifications: -Data Integrity [[VC-DATA-INTEGRITY]] and the "Proofs" section of the Verifiable +The examples above are unsecured. +Implementers that are interested in understanding more about +securing Verifiable Credentials can see the specifications +Securing Verifiable Credentials using JOSE and COSE [[VC-JOSE-COSE]] and +Verifiable Credential Data Integrity [[VC-DATA-INTEGRITY]] and the "Proofs" section of the Verifiable Credential Specifications Directory [[VC-SPECS]].Data Schemas
credentialSchema
property also makes it possible to perform syntactic checking on the
credential and to use verification mechanisms such as JSON Schema
-[[?VC-JSON-SCHEMA-2023]] validation.
+[[?VC-JSON-SCHEMA]] validation.
Data SchemasIn the example above, the issuer is specifying a -
credentialSchema
, which points to a [[?VC-JSON-SCHEMA-2023]] file that +credentialSchema
, which points to a [[?VC-JSON-SCHEMA]] file that can be used by a verifier to determine if the -verifiable credential is well formed. +verifiable credential is well-formed.For information about linkages to JSON Schema [[?VC-JSON-SCHEMA-2023]] or other -optional verification mechanisms, see the Verifiable Credentials +optional schema validation mechanisms, see the Verifiable Credentials Implementation Guidelines [[VC-IMP-GUIDE]] document.
@@ -2546,7 +2516,7 @@Data Schemas
In the example above, the issuer is specifying acredentialSchema
pointing to a means of transforming the input data into a format which can then be used by a verifier to determine if -the proof provided with the verifiable credential is valid. +the proof provided with the verifiable credential is well-formed. @@ -2581,6 +2551,9 @@Lifecycle Details
verifiable data registry">The roles and information flows for this specification. + @@ -2607,10 +2580,12 @@+ Validation needs to be added to image +
Lifecycle Details
@@ -2651,13 +2632,15 @@
-This specification also does not define an authorization framework nor the -decisions that a verifier might make after verifying a -verifiable credential or verifiable presentation, -taking into account the holder, the issuers of the -verifiable credentials, the contents of the -verifiable credentials, and its own policies. -
+This specification neither defines an authorization framework nor +does it restrict the business decisions that a verifier might make +after verifying a verifiable credential or verifiable + presentation. However, verifiers + apply their own business rules before treating any claims as valid, + taking into account the holder, the issuers of the + verifiable credentials, the claims of the + verifiable credentials, and its own policies. +In particular, Sections and @@ -2972,7 +2955,7 @@
To validate that a resource referenced by a verifiable credential is the
same at verification time as it is at issuing time, an implementer MAY include a
-property named relatedResource
that stores an array of objects that
+property named relatedResource
that stores an array of objects that
describe additional integrity metadata about each resource referenced by the
verifiable credential. If relatedResource
is present, there
MUST be an object in the array for each remote resource for each context used in
@@ -2986,7 +2969,7 @@
Each object in the relatedResource
array MUST contain the
following: the [[URL]] to the resource named id
and the
-digestSRI
information for the resource constructed using the method
+digestSRI
information for the resource constructed using the method
specified in Subresource
Integrity.
+
This feature is at risk and will be removed from the specification if at least two independent, interoperable implementations are not demonstrated for a single extension type by the end of the Candidate Recommendation Phase. If @@ -3546,66 +3529,9 @@
-The provided examples will either be significantly re-written to demonstrate how -to secure a verifiable credential using a normatively defined method that -enable zero knowledge proofs, or they will be removed. -
--The following example shows one method of using verifiable credentials in -zero-knowledge. It makes use of a Camenisch-Lysyanskaya Signature -[[?CL-SIGNATURES]], which allows the presentation of the verifiable -credential in a way that supports the privacy of the -holder and subject through the use of selective disclosure of the -verifiable credential values. Some other cryptographic systems which rely -upon zero-knowledge proofs to selectively disclose attributes can be found in the -Verifiable Credential Specifications Directory [[?VC-SPECS]] as well. -
- --{ - "@context": [ - "https://www.w3.org/ns/credentials/v2", - "https://www.w3.org/ns/credentials/examples/v2" - ], - "type": ["VerifiableCredential", "ExampleDegreeCredential"], - "credentialSchema": { - "id": "did:example:cdf:35LB7w9ueWbagPL94T9bMLtyXDj9pX5o", - "type": "did:example:schema:22KpkXgecryx9k7N6XN1QoN3gXwBkSU8SfyyYQG" - }, - "issuer": "did:example:Wz4eUg7SetGfaUVCn8U9d62oDYrUJLuUtcy619", - "credentialSubject": { - "givenName": "Jane", - "familyName": "Doe", - "degree": { - "type": "ExampleBachelorDegree", - "name": "Bachelor of Science and Arts", - "college": "College of Engineering" - } - }, - "proof": { - "type": "CLSignature2019", - "issuerData": "5NQ4TgzNfSQxoLzf2d5AV3JNiCdMaTgm...BXiX5UggB381QU7ZCgqWivUmy4D", - "attributes": "pPYmqDvwwWBDPNykXVrBtKdsJDeZUGFA...tTERiLqsZ5oxCoCSodPQaggkDJy", - "signature": "8eGWSiTiWtEA8WnBwX4T259STpxpRKuk...kpFnikqqSP3GMW7mVxC4chxFhVs", - "signatureCorrectnessProof": "SNQbW3u1QV5q89qhxA1xyVqFa6jCrKwv...dsRypyuGGK3RhhBUvH1tPEL8orH" - } -} --
-The example above provides the verifiable credential definition by using
-the credentialSchema
property and a specific proof that is
-usable in the Camenisch-Lysyanskaya Zero-Knowledge Proof system.
-
-The next example utilizes the verifiable credential above to generate a -new derived verifiable credential with a privacy-preserving proof. The -derived verifiable credential is then placed in a -verifiable presentation, so that the verifiable credential -discloses only the claims and additional credential metadata that the -holder intended. To do this, all of the following requirements are -expected to be met: +
+Examples of leveraging vc-di-bbs, +will be added here in the future, or this section will be removed.
-{ - "@context": [ - "https://www.w3.org/ns/credentials/v2", - "https://www.w3.org/ns/credentials/examples/v2" - ], - "type": "VerifiablePresentation", - "verifiableCredential": [ - { - "@context": [ - "https://www.w3.org/ns/credentials/v2", - "https://www.w3.org/ns/credentials/examples/v2" - ], - "type": ["VerifiableCredential", "ExampleDegreeCredential"], - "credentialSchema": { - "id": "did:example:cdf:35LB7w9ueWbagPL94T9bMLtyXDj9pX5o", - "type": "did:example:schema:22KpkXgecryx9k7N6XN1QoN3gXwBkSU8SfyyYQG" - }, - "issuer": "did:example:Wz4eUg7SetGfaUVCn8U9d62oDYrUJLuUtcy619", - "credentialSubject": { - "degreeType": "ExampleBachelorDegree", - "degreeSchool": "College of Engineering" - }, - "proof": { - "type": "AnonCredDerivedCredentialv1", - "primaryProof": "cg7wLNSi48K5qNyAVMwdYqVHSMv1Ur8i...Fg2ZvWF6zGvcSAsym2sgSk737", - "nonRevocationProof": "mu6fg24MfJPU1HvSXsf3ybzKARib4WxG...RSce53M6UwQCxYshCuS3d2h" - } - }], - "proof": { - "type": "AnonCredPresentationProofv1", - "proofValue": "DgYdYMUYHURJLD7xdnWRinqWCEY5u5fK...j915Lt3hMzLHoPiPQ9sSVfRrs1D" - } -} -