feature/verify many

README.md

@@ -1,8 +1,18 @@
 ## vc-http-api
 
-We encourage contributions meeting the [Contribution
-Guidelines](CONTRIBUTING.md).  While we prefer the creation of issues
-and Pull Requests in the GitHub repository, discussions often occur
-on the
-[public-credentials](http://lists.w3.org/Archives/Public/public-credentials/)
-mailing list as well.
+The VC HTTP API repository contains a standard API specification for constructing and verifying objects which conform to the [Verifiable Credential Data Model](https://www.w3.org/TR/vc-data-model/) specification, along with documentation, integration and compatability tests, and related assets for the test and integration process.
+
+### Structure
+
+The vc-http-api repository is structured with two main sections:
+
+- [docs](./docs/) which contains the VC HTTP API spec itself in [OpenAPI](https://swagger.io/specification/) (formerly known as Swagger) form as well as related documentation to assist in building and testing a compliant implementation of the API spec
+  * Architecture for the issuer model is discussed in the [architecture document](./docs/architecture.md)
+  * Within docs, the versions of the api are stored in the appropriate folder under [versions](./docs/versions)
+  * The core API itself is detailed in the [spec file](./docs/vc-http-api.yml) and this spec should be used as the master reference for the API 
+- [packages](./packages/) which contains test suites and related utilities for integration testing, test suite results, and related assets.
+
+### Contributing
+
+We encourage contributions meeting the [Contribution Guidelines](CONTRIBUTING.md).  
+While we prefer the creation of issues and Pull Requests in the GitHub repository, discussions often occur on the [public-credentials](http://lists.w3.org/Archives/Public/public-credentials/) mailing list as well.

docs/README.md

@@ -1,12 +1,26 @@
-# [VC HTTP API](https://transmute-industries.github.io/vc-http-api/)
+# [VC HTTP API](https://github.com/w3c-ccg/vc-http-api/) Goals
 
-The following is a set of standard http api definitions for contructing and verifying objects which conform to the [VC Data Model](https://www.w3.org/TR/vc-data-model/).
+The W3C CCG VC HTTP API is a RESTful API definition conforming with the [OpenAPI (formerly known as Swagger) 3.0 Specification](https://swagger.io/specification/) for constructing and verifying objects which conform to the [Verifiable Credential Data Model](https://www.w3.org/TR/vc-data-model/) specification.  This API provides a standard set of interfaces by which interoperability may be tested and verified by various parties who leverage Verifiable Credentials (VCs).
 
-This API is not meant to be exposed directly over http without authorization.
+As some implementations may not support all endpoints defined by this specification, the APIs provide a clean measure by which to identify which methods are or are not implemented when comparing solutions that provide VC support across vendors.
 
-Implementations may not support all endpoints defined by this specification.
+Test procedures and specifications are provided as part of this API definition to allow for repeatable and automated interoperability testing between solutions that interact with VCs.
 
-### Holder APIs are optional, many implementations will not need them.
+## Style, Versioning, and Contribution
+This API is versioned in conformance with the [Semantic Versioning 2.0 specification](https://semver.org/) to prevent breaking changes between minor versions, and to allow for reliable testing and integration of implementations of this API within enterprise environments.
 
-However they are really useful for testing purposes, and cases where you don't have WebKMS.
+API style, endpoint naming, and object definitions within the vc-http-api should be in compliance with the guidelines laid out in the [REST API Tutorial](https://restfulapi.net/).  The VC HTTP API conforms primarily to the [controller](https://restfulapi.net/resource-naming/) model as detailed in the REST documentation.
 
+The actual standard and specification defined by the vc-http-api is provided in [YAML format](./vc-http-api.yml) and should be referenced directly by developers should questions arise, as certain interfaces on top of OpenAPI specifications may differ in their presentation of certain scenarios commonly encountered in API definitions, especially when dealling with `nullable` parameters or properties.
+
+Contributions to this repo should take place via a Pull Request, and should generally reference an issue and related discussion around the topic 
+
+## Best Practices
+
+### Security
+
+Implementations of this API SHOULD NOT be exposed directly over http(s) without authorization.  Best Practices around OAuth and other widely accepted standards for authentication and/or authorization should be followed.
+
+### Holder APIs 
+
+Holder APIs are optional as many implementations will not need them, however they are extremely useful for testing purposes as well as for cases where WebKMS is not present or not an option.

docs/vc-http-api.yml

@@ -93,14 +93,16 @@ paths:
     post:
       tags:
         - Verifier
-      summary: Verifies a verifiablePresentation and returns a verificationResult in the response body.
+      summary: Verifies a Presentation with or without proofs attached and returns a verificationResult in the response body.
       operationId: verifyPresentation
-      description: Verifies a verifiablePresentation and returns a verificationResult in the response body.
+      description: Verifies a verifiablePresentation and returns a verificationResult in the response body.  Given the possibility of denial of service, buffer overflow, or other style attacks, an implementation is permitted to rate limit or restrict requests against this API endpoint to those requests that contain only a single credential with a 413 or 429 error code as appropriate.
       requestBody:
         content:
           application/json:
             schema:
-              $ref: "#/components/schemas/VerifyPresentationRequest"
+              oneOf:
+                - $ref: "#/components/schemas/VerifyPresentationRequest"
+                - $ref: "#/components/schemas/ProoflessVerifyPresentationRequest"
         description: Parameters for verifying a verifiablePresentation.
       responses:
         "200":
@@ -110,9 +112,13 @@ paths:
               schema:
                 $ref: "#/components/schemas/VerifyPresentationResponse"
         "400":
-          description: invalid input!
+          description: Invalid or malformed input 
+        "413":
+          description: Payload too large
+        "429":
+          description: Rate limit exceeded by too many requests. 
         "500":
-          description: error!
+          description: Internal Server Error
 
 components:
   schemas:
@@ -375,7 +381,8 @@ components:
             type: string
         "holder":
           type: object
-          description: The holder
+          description: The holder - will be ignored if no proof is present since there is no proof of authority over the credentials
+          nullable: true
         "verifiableCredential":
           type: array
           description: The Verifiable Credentials
@@ -510,5 +517,10 @@ components:
           $ref: "#/components/schemas/VerifiablePresentation"
         options:
           $ref: "#/components/schemas/VerifyOptions"
+    ProoflessVerifyPresentationRequest:
+      type: object
+      properties:
+        presentation:
+          $ref: "#/components/schemas/Presentation"
     VerifyPresentationResponse:
       $ref: "#/components/schemas/VerificationResult"

packages/vc-http-api-test-server/.gitignore

@@ -1 +1,2 @@
-node_modules/
+node_modules/
+test_results/

packages/vc-http-api-test-server/__fixtures__/credentials/index.js

@@ -1,38 +1,14 @@
-module.exports = [
-    {
-        name: "USCIS Permanent Residency Card",
-        data: require('./case-1.json')
-    },
-    {
-        name: "University Degree",
-        data: require('./case-2.json')
-    },
-    {
-        name: "Alumni",
-        data: require('./case-3.json')
-    },
-    {
-        name: "Forest Transport Guide",
-        data: require('./case-4.json')
-    },
-    {
-        name: "Bill Of Lading",
-        data: require('./case-5.json')
-    },
-    {
-        name: "Crude Inspection",
-        data: require('./case-6.json')
-    },
-    {
-        name: "Crude Product",
-        data: require('./case-7.json')
-    },
-    {
-        name: "QP In Bond",
-        data: require('./case-8.json')
-    },
-    {
-        name: "Certified Mill Test Report",
-        data: require('./case-9.json')
+const fixtures = require('require-all')({
+    dirname: __dirname,
+    filter: /.json$/,
+    map: function (__, path) {
+        return `${path}`;
     }
-]
+})
+
+module.exports = Object.values(fixtures).map(item => {
+    return {
+        name: item.name,
+        data: item
+    };
+});