New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update algorithm for Verify Proof #64
Conversation
A minor comment, though not strictly to §4.2: do we have to say somewhere what "raise XYZ ERROR" means (e.g., in 2.1), or do we intend to leave it at that and leave it to the implementations? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is an inconsistency in the value references. $4.2/(2) uses "dotted" term references like proof.type, proof.verificationMethod, etc. However, §4.1/(5) uses references to the same terms without the "dotted" formalism. (I did not check all items, there may be such discrepancies elsewhere, too.) Even §4.2 is not fully consistent; shouldn't (5) and (6) say proof.cryptosuite rather than "the cryptosuite specified in proof"?
Technically, it is not clear to me where the parameters like options come from. Or is this the ISSUE right after the algorithm (that only refers to verificationMethod)?
I would reword your original comment slightly, from |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some minor rephrasing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! Approving to keep things moving, but see suggestions (and +1 to @TallTed's suggestions).
index.html
Outdated
`MALFORMED_PROOF_ERROR` MUST be raised. | ||
</li> | ||
<li> | ||
If the cryptographic suite does not support unlinkability and the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe we just want to say "if the cryptographic suite requires proof.created
" rather than make it hinge on the unlinkability property.
index.html
Outdated
<var>proof</var>.<var>created</var> value is not set, a `MALFORMED_PROOF_ERROR` | ||
MUST be raised. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This error description is fine for now -- but we will want to see if we can improve / draw from other specs for better error patterns and error type / code reuse.
index.html
Outdated
<a href="#dfn-transformation">transforming</a> <var>unsecuredDocument</var> | ||
according to a <a>transformation algorithm</a> associated with the | ||
<var>cryptosuite</var> specified in <var>proof</var> and the <var>options</var> | ||
parameters provided as inputs to the algorithm. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we say how the cryptosuite is specified, i.e., via type
(and perhaps other cryptosuite type-specific properties)?
parameters provided as inputs to the algorithm. | |
parameters provided as inputs to the algorithm. Note: The <var>cryptosuite</var> | |
is specified by <var>proof.type</var> and MAY be further described by | |
cryptosuite-specific properties. |
Seeing as the <var>cryptosuite</var> specified in <var>proof</var>
is mentioned in other steps as well -- we might want the above language more generally expressed in an early step.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This presumes the cryptosuite
property is in the proof
, which it isn't for anything other than DataIntegrityProof
... If it is, that'll have to be fixed. I'm also hesitating to clarify this in the body of the algorithm. I'll try to think about the best way to integrate this into this section and agree that we want to say something about cryptosuites being able to define other properties in a proof.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I misunderstood what you were going for the first time I read your comments. I've applied your note and clarified the thing that threw me off the first time in f0732e5.
index.html
Outdated
<li> | ||
If the <var>proof</var>.<var>proofPurpose</var> value does not match | ||
<var>options</var>.<var>proofPurpose</var>, a `MISMATCHED_PROOF_PURPOSE_ERROR` | ||
MUST be raised. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This step should be run before any effort is made to verify the proof, i.e., the expected proof purpose should be checked first to find a matching proof. We might want the options name to be "expectedProofPurpose" as well, for clarity.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, will look into rewriting the algorithm in this way.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed in f3a3d2c.
The issue was discussed in a meeting on 2022-10-19
View the transcript2.3. Update algorithm for Verify Proof (pr vc-data-integrity#64)See github pull request vc-data-integrity#64. Manu Sporny: this is just updating the language. |
Ultimately, it's up to the implementations to expose those errors. Exactly how each one does it is implementation specific at the moment. We might want to do something like what the JSON-LD API did, though some have complained about the use of text strings instead of error codes. We do plan to expose those error types in protocols such as the VC API via a
Yes, thanks for spotting that, it is an oversight and I'll fix that in an upcoming commit. I was going back and forth on the easiest way to mark up these variables.
|
b150567
to
8aeba01
Compare
7c81a0b
to
795a4d9
Compare
Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com>
Co-authored-by: Dave Longley <dlongley@digitalbazaar.com>
795a4d9
to
5d540b0
Compare
@iherman wrote:
Fixed in 520a357. |
Normative, multiple reviews, changes requested and made, no objections. |
This PR updates the algorithm used to verify proofs to align with the language used to generate proofs (now merged into
main
).At present, both the proof generation and proof verification algorithms presume only a single proof. The algorithms will need to be updated to support proof sets and proof chains in a future PR.
Preview | Diff