-
Notifications
You must be signed in to change notification settings - Fork 47
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Does verifying a presentation include verifying its VCs? #284
Comments
Also, does verifying the VP verify that the subject of the VC is the signer of the VP? I think not. I think that is a validation rule applied by the Verifier App, not a function verified by the Verifier service. However, the application of this rule could be in either function. |
Verifying a VP should verify the VCs within, +1 to update the spec.
No, there are many times a VC is about an org or a person that is not the signer of the VP. |
Previously: #111 |
Thanks, @clehner That is, indeed, essentially the same question and reaches what I think is consensus:
What we don't have right now is an endpoint that adequately responds so callers can understand why the VP failed verification. IMO, an http response code of 200 is insufficient. In fact, it seems that there should be a response that means "input is valid, and verification was successfully performed, and result of verification is that verification failed for reason XYZ." |
OK. What about VP holder ↔ VP proof verification method? (Analogous to VC issuer ↔ VC proof verification method?)
I assumed 400 or something else should be returned rather than 200 on a verification failure. Currently the Lines 52 to 66 in 88a2217
|
You might also want to consider the following: verifying a single presentation or 5 credentials, 2 have holder binding to different keys, 3 have status lists, 2 have multiple statuses 3 have status failures, 1 fails to verify. |
The group discussed this on the 2023-05-23 telecon. @dlongley noted that the default behaviour for the verification endpoint should verify the VP and all of the VPs inside of it by default. We could explore adding an option to skip checking the VCs if there is a use case where that makes sense. Individual implemenations could do that in a proprietary way (if we don't want to standardize that in this revision). @PatStLouis agreed, otherwise there isn't a difference between credentials/verify and presentations/verify. You want to verify what is contained in a presentation, that makes both endpoints different. @jandrieu liked what @dlongley said wrt. default, but could see in debugging (wanting to turn it off)... want to be able to verify presentation feels like useful optionality. @msporny asked what does the error object look like. @dlongley noted that implementations do return error information, but we haven't set how errors should be modelled. In other cases we didn't want to say how errors would work, but this might be a place where we wanted to say which VCs failed, which proofs failed or were not supported, if some proofs pass but others don't, what do you do? VCs could have multiple proofs on them, is subset sufficient, but caller should know what was checked if they want to dive into it, they should be able to dive into it. @jandrieu noted that we need to be concerned about optionality. This is ready for PR, when verifying a presentation verify all of the VCs in the presentation as well. When errors are returned, ensure that it is possible to understand which VCs were checked, which proofs for each VC was checked, factors of verfication were checked (example: validFrom/validUntil -- and return status of all factors), and errors related to each VC/VP are provided. The text should allow implementers to provide options to disable checking VCs and highlight that the API is compositional such that if you didn't check all the VCs, you could check which ones you wanted to check using the |
When educating clients in this work, I've always said that verifying a VP includes verifying the VCs entailed within.
However, Section 3.3.2 https://w3c-ccg.github.io/vc-api/#verify-presentation doesn't state whether that is correct or not.
Whatever the intention, we should clarify it in the text.
For client-side simplicity, I'd recommend a VP endpoint that DOES verify the VCs, but if we do that we need more resilient responses. In particular, we should be able to report independently on each VC.
Further, for some of the use cases under discussion, it would be exceptionally useful to know why a verification failed. Did it fail the signature check? The expiry check? Or the status check?
The text was updated successfully, but these errors were encountered: