Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Confusing Verification API #89

Open
wip-abramson opened this issue Feb 11, 2021 · 1 comment
Open

Confusing Verification API #89

wip-abramson opened this issue Feb 11, 2021 · 1 comment

Comments

@wip-abramson
Copy link

Hey,

I am hoping someone can help clarify a few things for me.

If the holder a VC, issued by some issuer's keys resolvable using a custom documentLoader. And the holder creates a presentation of this VC and signs it against a challenge provided by the Verifier using the keys associated with the credentialSubject.

How is the Verifier supposed to verify these two different signatures?

The current README is misleading as the proof created by signing the challenge on the credential states the verification method is that of the issuer, which would not be the case in a real situation. See location here.

Currently, the only way I have found that works is running verify twice, once with the subject keys and once with the issuer keys. Which seems weird to me:

   // Verifying the liveness challenge response
    const verifiedVP = await vc.verify({presentation, challenge, suite: subjectSuite, documentLoader, controller: subjectController});
    console.log(verifiedVP)
    
    if(verifiedVP.presentationResult.verified){
        console.log("PRESENTATION RESULTS", verifiedVP.presentationResult.results)
      // console.log('\n\n\nVerified VP:\n Presentation Results:', verifiedVP.presentationResult.results )
      // Verifying the credentials
      const verifyVPIssuer = await vc.verify({presentation, challenge, suite: issuerSuite, documentLoader, controller: issuerController});
        console.log("VP Issuer", verifyVPIssuer)
      console.log('\n\n\nVerified VP :\nCredential Results\n', verifyVPIssuer.credentialResults[0].results )

    }

In addition to this, I am confused why the Verifier is passing in the suite's at all. These appear to provide access to public and private keys unless I am mistaken. Which clearly the verifier would not have.

I would have expected the verifier to resolve the appropriate keys required for this verification process by identifying the relevant ID's in the presentation object and using the documentLoader. Which in my mental model is acting as the resolver.

Am I just missing something?

Note this appears related to issue #78
@dlongley
Copy link
Member

The document loader will be used to resolve the verification methods unless they are given in the suites. Allowing them to be passed via the suites enables them to be retrieved either out-of-band or pinned vs. going through the document loader.

As for why the suites are passed in (whether or not the verification methods are provided in them -- which, again, is optional), is to ensure that the verifier only specifies those suites (cryptographic methods) that they are willing to accept.

It's not surprising that users of this library can be confused by the multiple options and when to use them. The documentation around this should clearly be improved to reduce that confusion and ensure that the most common defaults are given in examples. Similarly, when you may choose to use the more advanced features (and what they do) should be similarly well documented but put under an advanced section of the README.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dlongley @wip-abramson