diff --git a/.gitignore b/.gitignore index 17be60e94..c02751408 100644 --- a/.gitignore +++ b/.gitignore @@ -8,8 +8,9 @@ .vscode .idea .gitignore +*.bkp **/node_modules **/.DS_Store **/.vscode -**/package-lock.json \ No newline at end of file +**/package-lock.json diff --git a/README.md b/README.md index 9fadf7fba..f9da9e85a 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,6 @@ mailing list. * Charter: [https://www.w3.org/2022/06/verifiable-credentials-wg-charter.html](https://www.w3.org/2022/06/verifiable-credentials-wg-charter.html) * Chairs * Brent Zundel - @brentzundel - * Kristina Yasuda - @Sakurann ### Verifiable Credentials github repos * [Use Cases](https://github.com/w3c/vc-use-cases) diff --git a/common.js b/common.js index b90283a0a..d1b009a65 100644 --- a/common.js +++ b/common.js @@ -5,15 +5,6 @@ var vcwg = { // Add as the respecConfig localBiblio variable // Extend or override global respec references localBiblio: { - "REST": { - title: "Architectural Styles and the Design of Network-based Software Architectures", - date: "2000", - href: "http://www.ics.uci.edu/~fielding/pubs/dissertation/", - authors: [ - "Fielding, Roy Thomas" - ], - publisher: "University of California, Irvine." - }, "VC-SPECS": { title: "Verifiable Credential Specifications Directory", href: "https://w3c.github.io/vc-specs-dir/", @@ -44,48 +35,6 @@ var vcwg = { status: "WD", publisher: "Verifiable Credentials Working Group" }, - "LDP-REGISTRY": { - title: "Linked Data Cryptographic Suite Registry", - href: "https://w3c-ccg.github.io/ld-cryptosuite-registry/", - authors: [ - "Manu Sporny", - "Drummond Reed", - "Orie Steele" - ], - status: "CG-DRAFT", - publisher: "Credentials Community Group" - }, - "CL-SIGNATURES": { - title: "A Signature Scheme with Efficient Protocols", - href: "https://www.researchgate.net/publication/220922101_A_Signature_Scheme_with_Efficient_Protocols", - authors: [ - "Jan Camenisch", - "Anna Lysyanskaya" - ], - status: "Peer Reviewed Paper", - publisher: "IBM Research" - }, - // aliases to known references - "HTTP-SIGNATURES": { - aliasOf: "http-signatures" - }, - "MACAROONS": { - title: 'Macaroons', - // TODO: create spec - href: 'http://macaroons.io/', - authors: ['Arnar Birgisson', 'Joe Gibbs Politz', 'Úlfar Erlingsson', - 'Ankur Taly', 'Michael Vrable', 'Mark Lentczner'], - status: 'unofficial', - publisher: 'Credentials Community Group' - }, - 'OPEN-BADGES': { - title: 'Open Badges', - href: 'https://github.com/openbadges/openbadges-specification', - authors: ['Brian Brennan', 'Mike Larsson', 'Chris McAvoy', - 'Nate Otto', 'Kerri Lemoie'], - status: 'BA-DRAFT', - publisher: 'Badge Alliance Standard Working Group' - }, 'RDF-NORMALIZATION': { title: 'RDF Dataset Normalization', href: 'http://json-ld.github.io/normalization/spec/', @@ -106,20 +55,8 @@ var vcwg = { status: 'ED', publisher: 'Credentials Community Group' }, - 'HASHLINK': { - title: 'Cryptographic Hyperlinks', - href: 'https://datatracker.ietf.org/doc/draft-sporny-hashlink/', - authors: ['Manu Sporny'], - status: 'Internet-Draft', - publisher: 'Internet Engineering Task Force (IETF)' - }, - 'IPFS': { - title: 'InterPlanetary File System (IPFS)', - href: 'https://en.wikipedia.org/wiki/InterPlanetary_File_System', - publisher: 'Wikipedia' - }, - 'VC-JSON-SCHEMA-2023': { - title: 'Verifiable Credentials JSON Schema 2023', + 'VC-JSON-SCHEMA': { + title: 'Verifiable Credentials JSON Schema Specification', href: 'https://www.w3.org/TR/vc-json-schema/', authors: ['Gabe Cohen', 'Orie Steele'], status: 'FPWD', @@ -132,13 +69,6 @@ var vcwg = { status: 'WD', publisher: 'W3C JSON-LD 1.1 Working Group' }, - 'VC-JWT': { - title: 'Securing Verifiable Credentials using JSON Web Tokens', - href: 'https://w3c.github.io/vc-jwt/', - authors: ['Orie Steele', 'Michael Jones'], - status: 'ED', - publisher: 'W3C Verifiable Credentials Working Group' - }, 'VC-SPECS': { title: 'Verifiable Credentials Specifications Directory', href: 'https://w3c.github.io/vc-specs-dir/', @@ -152,6 +82,13 @@ var vcwg = { authors: ['Daniel Buchner', 'Brent Zundel', 'Martin Riedel', 'Kim Hamilton Duffy'], status: 'DIF Ratified Specification', publisher: 'Decentralized Identity Foundation' + }, + 'OHTTP': { + title: 'Oblivious HTTP ', + href: 'https://datatracker.ietf.org/doc/html/draft-ietf-ohai-ohttp', + authors: ['Martin Thomson', 'Christopher A. Wood'], + status: 'Working Group Draft', + publisher: 'IETF Oblivious HTTP Application Intermediation' } } }; diff --git a/contexts/credentials/v2 b/contexts/credentials/v2 index db71e8ca7..7564e7ab8 100644 --- a/contexts/credentials/v2 +++ b/contexts/credentials/v2 @@ -66,6 +66,14 @@ "@id": "https://www.iana.org/assignments/jwt#..." }, + "digestSRI": { + "@id": "https://www.w3.org/2018/credentials#digestSRI", + "@type": "https://www.w3.org/2018/credentials#sriString" + }, + "mediaType": { + "@id": "https://schema.org/encodingFormat" + }, + "VerifiableCredential": { "@id": "https://www.w3.org/2018/credentials#VerifiableCredential", "@context": { @@ -149,6 +157,10 @@ "confidenceMethod": { "@id": "https://www.w3.org/2018/credentials#confidenceMethod", "@type": "@id" + }, + "relatedResource": { + "@id": "https://www.w3.org/2018/credentials#relatedResource", + "@type": "@id" } } }, diff --git a/index.html b/index.html index ecb166a07..fcc65d325 100644 --- a/index.html +++ b/index.html @@ -305,10 +305,7 @@

What is a Verifiable Credential?

refers to the characteristic of a credential or presentation as being able to be verified by a verifier, as defined in this document. Verifiability of a credential does not imply -that the truth of claims encoded therein can be evaluated; however, -the issuer can include values in the evidence property to help the verifier -apply their business logic to determine whether the claims have sufficient -veracity for their needs. +that truth of claims encoded therein. Rather, once the authenticity and currency of a verifiable credential or verifiable presentation are established, a verifier validates the included claims using their own business rules before relying on them. Such reliance only occurs after evaluating the issuer, the proof, the subject, and the claims, against one or more verifier policies.

@@ -598,9 +595,6 @@

Use Cases and Requirements

  • Securing Verifiable Credentials using Data Integrity Proofs [[VC-DATA-INTEGRITY]].
    • -
  • -Camenisch-Lysyanskaya Zero-Knowledge Proofs [[?CL-SIGNATURES]]. -

    • @@ -915,6 +909,9 @@

    Concrete Lifecycle Example

    Verification of the verifiable presentation by the verifier. +
  • + Validation by the verifier of relevant claims contained in the verifiable presentation. +

    • @@ -924,7 +921,7 @@

    Concrete Lifecycle Example

    verifiable credential in a digital wallet.

    - 
    +        
     {
   // set the context, which establishes the special terms we will be using
   // such as 'issuer' and 'alumniOf'.
@@ -951,22 +948,6 @@ 
    Concrete Lifecycle Example
    
       // name of the university
       "name": "Example University"
     }
-  },
-  // digital proof that makes the credential tamper-evident
-  // see the NOTE at end of this section for more detail
-  "proof": {
-    // the type of embedded proof securing the verifiable credential
-    "type": "DataIntegrityProof",
-    // the name of the cryptographic signature suite
-    "cryptosuite": "eddsa-2022",
-    // the date the signature was created
-    "created": "2023-06-18T21:19:10Z",
-    // purpose of this proof
-    "proofPurpose": "assertionMethod",
-    // the identifier of the public key that can verify the signature
-    "verificationMethod": "https://university.example/issuers/565049#key-123",
-    // the digital signature value
-    "proofValue": "zQeVbY4oey5q2M3XKaxup3tmzN4DRFTLVqpLMweBrSxMY2xHX5XTYV8nQApmEcqaqA3Q1gVHMrXFkXJeV6doDwLWx"
   }
 }
         
    
@@ -981,8 +962,19 @@ 
    Concrete Lifecycle Example
    
 verifiable credential. Pat selects the alumni
 verifiable credential, which is then composed into a
 verifiable presentation. The verifiable presentation is sent to
-the verifier and verified.
-        
    
+the verifier and verified. 
+
    
+
    Once verified as authentic and current, the seller of the season ticket
+   then validates that the issuer of the verifiable credential is 
+   recognized for the claim of alumni status—it is, as it is issued
+   by Example University—and that today's date lies within the
+   validity period defined by the values of the validFrom and validUntil
+   properties. Since the holder is expected to be the subject of the 
+   verifiable credential, the verifier also confirms that 
+   the id for the alumni claim matches the id of the creator of the 
+   verifiable presentation.
+
    
+
    Having verified the credential and the presentation, and validated the relevant claims, the ticket seller safely enables the alumni discount for Pat, confident that Pat is legitimately entitled to it.
    
         
     {
   "@context": [
@@ -1006,39 +998,17 @@ 
    Concrete Lifecycle Example
    
         "id": "did:example:c276e12ec21ebfeb1f712ebc6f1",
         "name": "Example University"
       }
-    },
-    "proof": {
-      "type": "DataIntegrityProof",
-      "cryptosuite": "eddsa-2022",
-      "created": "2023-06-18T21:19:10Z",
-      "proofPurpose": "assertionMethod",
-      "verificationMethod": "https://university.example/issuers/565049#key-1",
-      "proofValue": "zQeVbY4oey5q2M3XKaxup3tmzN4DRFTLVqpLMweBrSxMY2xHX5XTYV8nQA
-        pmEcqaqA3Q1gVHMrXFkXJeV6doDwLWx"
     }
-  }],
-  // digital signature by Pat on the presentation
-  // protects against replay attacks
-  "proof": {
-    "type": "DataIntegrityProof",
-    "cryptosuite": "eddsa-2022",
-    "created": "2018-09-14T21:19:10Z",
-    "proofPurpose": "authentication",
-    "verificationMethod": "did:example:ebfeb1f712ebc6f1c276e12ec21#keys-1",
-    // 'challenge' and 'domain' protect against replay attacks
-    "challenge": "1f44d55f-f161-4938-a659-f8026467f126",
-    "domain": "4jt78h47fh47",
-    "proofValue": "zqpLMweBrSxMY2xHX5XTYV8nQAJeV6doDwLWxQeVbY4oey5q2pmEcqaqA3Q1
-      gVHMrXFkXM3XKaxup3tmzN4DRFTLV"
-  }
+  }]
 }
         
    
 
         
    
-Implementers that are interested in understanding more about the
-proof mechanism used above can learn more in Section  and by reading the following specifications:
-Data Integrity [[VC-DATA-INTEGRITY]] and the "Proofs" section of the Verifiable
+The examples above are unsecured.
+Implementers that are interested in understanding more about
+securing Verifiable Credentials can see the specifications
+Securing Verifiable Credentials using JOSE and COSE [[VC-JOSE-COSE]] and
+Verifiable Credential Data Integrity [[VC-DATA-INTEGRITY]] and the "Proofs" section of the Verifiable
 Credential Specifications Directory [[VC-SPECS]].
         
    
       
@@ -2411,7 +2381,7 @@ 
    Data Schemas