-
Notifications
You must be signed in to change notification settings - Fork 97
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clarify how issuer validation occurs. #1393
Conversation
42d9db2
to
68f3fa2
Compare
index.html
Outdated
<li> | ||
MUST document normative algorithms that provide content integrity protection | ||
for <a>conforming documents</a>. The algorithms MAY be general in nature and | ||
MAY be used to secure data other than <a>conforming documents</a>. | ||
</li> | ||
<li> | ||
MUST provide a verification mechanism that returns only the information in the | ||
<a>conforming document</a> that has been secured. It MAY provide an | ||
additional mechanism to receive other information that might be helpful | ||
during validation or for debugging purposes. The concrete interface that is | ||
expected to be provided is detailed in the | ||
<a href="#verify-securing-mechanism">securing mechanism verification | ||
algorithm</a> section. | ||
</li> | ||
<li> | ||
MUST document post-processing considerations for data returned from verification | ||
processes. This includes, but is not limited to, what information can and cannot | ||
be used for decision making, for what period of time after verification, when | ||
additional information is required, and when care is necessary even when the | ||
returned data was properly secured. | ||
</li> | ||
<li> | ||
SHOULD provide integrity protection for any information referenced by a URL that | ||
is critical to validation. Mechanisms that can achieve this protection are | ||
discussed in Section <a href="#integrity-of-related-resources"></a> and Section |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The text above hasn't been deleted, but has instead been rewritten below in non-list form.
index.html
Outdated
that might be helpful during validation or for debugging purposes. A securing | ||
mechanism's verification algorithm MUST provide an interface that | ||
receives an sequence of bytes ([=byte sequence=] |inputBytes|) and a media type | ||
([=string=] |inputMediaType|) as inputs and returns a verification result with |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it must be also possible for securing mechanisms to be valid if they accept a JSON document / parsed JSON document (Map/dictionary?) instead of bytes and an input media type. Many implementations will be written that way for embedded securing mechanisms (and already are), based on common software pipeline practices that will have JSON already being parsed into a document / object before it hits this API.
We should allow for either of these approaches to be used, especially if we are requiring these algorithms to be normative in the securing mechanism specifications.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed in 02c3744.
719c826
to
6d6dd20
Compare
index.html
Outdated
Securing mechanism specifications MUST provide a verification mechanism that | ||
returns only the information in the <a>conforming document</a> that has been | ||
secured. It MAY provide an additional mechanism to receive other information |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How does this sentence apply when Data Integrity is used? Does it mean that the "proof" member must not be returned in the secured information? That would be my interpretation but this could be clearer.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All current Data Integrity specifications secure all the information in the proof
value. There is no such thing as "unprotected" in the Data Integrity cryptosuites that exist today.
That said, we defer what to do to the securing mechanism specifications. It is their remit wrt. what is returned. For example, vc-jose-cose might choose to strip out proof
values that were not verified during the securing process (but by doing that, it'll make it impossible for upstream processors to verify those proofs). So, there will need to be work done in vc-jose-cose to determine what to do there.
For Data Integrity, I expect all the current cryptosuites we have to return proof
in the returned data because all information in the proof
values ARE protected and verified as a part of the securing mechanism verification process.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In DI, all verified proofs are secured -- so DI securing mechanisms can return all proofs there were verified using the verifier's accepted cryptosuites from the base verification algorithm.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The plain meaning of the text above implies that proof
is used to secure the secured data and is not in the secured data. Please be clear that proof
, if present, must be removed by this algorithm.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@selfissued fixed in 8c16fec.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I will approve this PR after my suggestion about not returning proof
as part of the secured data is accepted.
The issue was discussed in a meeting on 2023-12-19
View the transcript2.4. Clarify how issuer validation occurs. (pr vc-data-model#1393)See github pull request vc-data-model#1393. Brent Zundel: "Clarify how issuer validation occurs". Manu Sporny: This PR is an attempt at addressing Oliver's concern where Oliver is saying that the spec needs to be clear about how you verify that a VC came from a particular issuer. Brent Zundel: Any comments on this PR? |
index.html
Outdated
Relevant metadata that is related to the <code>issuer</code> <a>property</a> | ||
is available to the <a>verifier</a> through the | ||
<a href="#verify-securing-mechanism">securing mechanism verification | ||
algorithm</a> as defined in Section <a href="#securing-mechanisms"></a>. This | ||
information includes the controller, which is typically the `issuer`, of the | ||
verification method used by the securing mechanism to secure each <a>verifiable | ||
credential</a>. When verifying a <a>verifiable presentation</a>, the controller | ||
of the verification method is typically the `holder`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I hope this edit makes this (single) paragraph somewhat clearer.
I wonder whether the first sentence of this paragraph should discuss metadata related to the `holder` property
in addition to metadata related to the `issuer` property
.
It might be better to cover verifiable credentials (and issuers) in one paragraph, and verifiable presentations (and holders) in another.
Relevant metadata that is related to the <code>issuer</code> <a>property</a> | |
is available to the <a>verifier</a> through the | |
<a href="#verify-securing-mechanism">securing mechanism verification | |
algorithm</a> as defined in Section <a href="#securing-mechanisms"></a>. This | |
information includes the controller, which is typically the `issuer`, of the | |
verification method used by the securing mechanism to secure each <a>verifiable | |
credential</a>. When verifying a <a>verifiable presentation</a>, the controller | |
of the verification method is typically the `holder`. | |
Metadata related to the `issuer` <a>property</a> | |
is available to the <a>verifier</a> through the | |
<a href="#verify-securing-mechanism">verification algorithm of the securing | |
mechanism</a> as defined in Section <a href="#securing-mechanisms"></a>. | |
This metadata includes identification of the controller of the verification | |
method used by the securing mechanism to secure each <a>verifiable credential</a> | |
or <a>verifiable presentation</a>, of which the controller is typically the | |
respective `issuer` or `holder`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Applied in af27128.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I assume the securing mechanism verifies the returned controller is the controller of the securing mechanism?
@awoie, @selfissued, and @TallTed, I have applied each of your requested changes, requesting re-review from each of you. |
4668f2d
to
9561353
Compare
1c3a93c
to
d9b3915
Compare
d9b3915
to
57ce60b
Compare
Co-authored-by: Oliver Terbu <43441584+awoie@users.noreply.github.com>
Co-authored-by: Dave Longley <dlongley@digitalbazaar.com>
57ce60b
to
a59c20b
Compare
Normative, multiple reviews, changes requested and made, no objections, merging. |
This PR is an attempt to address issue #1386 by clarifying how issuer validation could occur. It establishes an interface between the VCDM and securing specifications for the securing mechanism verification algorithms. It also adds more detail to the issuer validation section in the specification.
NOTE: The algorithms haven't been updated to use the new interface (that will be done in a separate PR). What's important in this PR is that the controller and controller document is being returned by the securing mechanism verification algorithm such that a check between the
issuer
property and thecontroller
is possible./cc @jyasskin (this PR starts to define the interface between the Securing Mechanisms and the VCDM)
Preview | Diff