Require credentialSubject to be non-empty

[clehner]

As seen in decentralized-identity/JWS-Test-Suite#46, VC Data Model appears to require that credentialSubject contains at least one property. Similarly, there must be at least one credential subject. This PR adds checks for these two cases (no empty-object or empty-array credentialSubject values), and updates two examples to use non-empty credentialSubject values. Signed test vectors using empty credentialSubject with RDF-based signatures are updated to use a blank node id as the credential subject id, since this does not require reissuing those credential. One test vector VC (did-pkh/tests/vc-poly-epsig.jsonld) had to be reissued, since it was using an empty credential subject but not an RDF-based signature.

[sbihel]

Why not just remove the Option?

[clehner]

Why not just remove the Option?

Which?

Credential::credential_subject is using OneOrMany, no Option:

ssi/src/vc.rs

Line 51 in d3c0253

pub credential_subject: OneOrMany<CredentialSubject>,

CredentialSubject::id is an Option; this is allowed (id is optional):

ssi/src/vc.rs

Line 111 in d3c0253

pub id: Option<URI>,

CredentialSubject::property_set is an Option; this could be changed I think - using skip_serializing_if = "Map::is_empty"; this occurs in other structs as well.

ssi/src/vc.rs

Line 114 in d3c0253

pub property_set: Option<Map<String, Value>>,

If we want to distinguish CredentialSubject into the id and id-less cases, it could maybe be changed into an untagged enum where one variant has a non-optional id and the other variant is just the property_set map.

[sbihel]

I think I might have been looking at the issuer instead of subject, sorry.

[clehner]

OK, no problem.

The issuer property is optional on the Credential struct only because in a JWT "vc" claim it might be omitted in favor of a JWT "iss" claim.
We could consider making the types more specific by splitting the Credential type into "credential", "verifiable credential", and JWT "vc" claim object.