Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[proposal] Support versionTime parameter when issuing a verifiable credential #1201

Closed
jasny opened this issue Jul 20, 2023 · 0 comments · Fixed by #1207
Closed

[proposal] Support versionTime parameter when issuing a verifiable credential #1201

jasny opened this issue Jul 20, 2023 · 0 comments · Fixed by #1207
Labels
enhancement New feature or request

Comments

@jasny
Copy link
Contributor

jasny commented Jul 20, 2023

When verifying a credential, the issuer id is resolved as-is. When the id is a DID did:example:foo, the credential is verified against the current version of the DID document. If a verification method is removed, all credentials signed with that key will become invalid. Depending on the use case, this can be the intended behavior or can be problematic.

The DID standard defines the versionTime parameter which resolves to the version of the DID document that was valid at a certain time. Typically, using versionTime the result is immutable.

While not defined specifically like this in the VC standard, the versionTime parameter can be added to the issuer id to ensure that VCs aren't implicitly revoked when the DID document is modified. This should work with all verifiers, as they'll resolve the identifier as-is and should remove any parameters.

{
  credential: {
    issuer: { id: `${identifier.did}?versionTime=${versionTime}` },
    credentialSubject: {
      id: 'did:web:example.com',
      you: 'Rock',
    },
  },
  proofFormat: 'jwt',
}

In createVerifiableCredential, the issuer is extracted from the verifiable credential and used to look up the identifier from the manager.

https://github.com/uport-project/veramo/blob/6981e6845d6f90d7b0c8dd6e0117b73dfd8edfb9/packages/credential-w3c/src/action-handler.ts#L209-L220

It should remove the DID parameters (or just versionTime) when looking up the identifier.

The alternative would be to always add versionTime when resolving a DID for verifying a credential. However, the standard doesn't indicate that that's the correct behavior.
@jasny jasny added the enhancement New feature or request label Jul 20, 2023
@jasny jasny changed the title Support versionTime parameter when issuing a verifiable credential [proposal] Support versionTime parameter when issuing a verifiable credential Jul 20, 2023
jasny added a commit to ltonetwork/veramo that referenced this issue Jul 28, 2023
@jasny
Allow DID parameters for verifiable credentials and presentations
c4dfb91 
Remove DID parameters in the `issuer` and `holder` properties when looking up the identifier using the DID manager.
The DID manager doesn't handle DID parameters like `versionTime`. When the DID manager is used we should be able
 to savely ignore them. They're only used when resolving the DID.

Added `options` property to `extractIssuer`, with option `removeParameters`.
Added a `removeDIDParameters` function to credential-utils.

Modified `shortDid` to always remove parameters.

Fixes decentralized-identity#1201
@jasny jasny mentioned this issue Jul 28, 2023
Merged
6 tasks
jasny added a commit to ltonetwork/veramo that referenced this issue Jul 28, 2023
@jasny
Allow DID parameters for verifiable credentials and presentations
eec1b7f 
Remove DID parameters in the `issuer` and `holder` properties when looking up the identifier using the DID manager.
The DID manager doesn't handle DID parameters like `versionTime`. When the DID manager is used we should be able
 to savely ignore them. They're only used when resolving the DID.

Added `options` property to `extractIssuer`, with option `removeParameters`.
Added a `removeDIDParameters` function to credential-utils.

Modified `shortDid` to always remove parameters.

Fixes decentralized-identity#1201
mirceanis pushed a commit that referenced this issue Aug 1, 2023
@jasny
feat(credential-w3c): allow issuers with query parameters for credent…
688f59d 
…ials and presentations (#1207)

fixes #1201
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Allow DID parameters for verifiable credentials and presentations ltonetwork/veramo
1 participant
@jasny