Clarify how issuer validation occurs. #1393
Conversation
msporny
force-pushed
the
msporny-issuer-validation
branch
from
42d9db2
to
68f3fa2
Compare
msporny
requested review from
iherman,
selfissued and
decentralgabe
as code owners
index.html
Outdated
| <li> | ||
| MUST document normative algorithms that provide content integrity protection | ||
| for <a>conforming documents</a>. The algorithms MAY be general in nature and | ||
| MAY be used to secure data other than <a>conforming documents</a>. | ||
| </li> | ||
| <li> | ||
| MUST provide a verification mechanism that returns only the information in the | ||
| <a>conforming document</a> that has been secured. It MAY provide an | ||
| additional mechanism to receive other information that might be helpful | ||
| during validation or for debugging purposes. The concrete interface that is | ||
| expected to be provided is detailed in the | ||
| <a href="#verify-securing-mechanism">securing mechanism verification | ||
| algorithm</a> section. | ||
| </li> | ||
| <li> | ||
| MUST document post-processing considerations for data returned from verification | ||
| processes. This includes, but is not limited to, what information can and cannot | ||
| be used for decision making, for what period of time after verification, when | ||
| additional information is required, and when care is necessary even when the | ||
| returned data was properly secured. | ||
| </li> | ||
| <li> | ||
| SHOULD provide integrity protection for any information referenced by a URL that | ||
| is critical to validation. Mechanisms that can achieve this protection are | ||
| discussed in Section <a href="#integrity-of-related-resources"></a> and Section |
There was a problem hiding this comment.
The text above hasn't been deleted, but has instead been rewritten below in non-list form.
index.html
Outdated
| that might be helpful during validation or for debugging purposes. A securing | ||
| mechanism's verification algorithm MUST provide an interface that | ||
| receives an sequence of bytes ([=byte sequence=] |inputBytes|) and a media type | ||
| ([=string=] |inputMediaType|) as inputs and returns a verification result with |
There was a problem hiding this comment.
I think it must be also possible for securing mechanisms to be valid if they accept a JSON document / parsed JSON document (Map/dictionary?) instead of bytes and an input media type. Many implementations will be written that way for embedded securing mechanisms (and already are), based on common software pipeline practices that will have JSON already being parsed into a document / object before it hits this API.
We should allow for either of these approaches to be used, especially if we are requiring these algorithms to be normative in the securing mechanism specifications.
msporny
force-pushed
the
msporny-issuer-validation
branch
from
719c826
to
6d6dd20
Compare
index.html
Outdated
| Securing mechanism specifications MUST provide a verification mechanism that | ||
| returns only the information in the <a>conforming document</a> that has been | ||
| secured. It MAY provide an additional mechanism to receive other information |
There was a problem hiding this comment.
How does this sentence apply when Data Integrity is used? Does it mean that the "proof" member must not be returned in the secured information? That would be my interpretation but this could be clearer.
There was a problem hiding this comment.
All current Data Integrity specifications secure all the information in the proof value. There is no such thing as "unprotected" in the Data Integrity cryptosuites that exist today.
That said, we defer what to do to the securing mechanism specifications. It is their remit wrt. what is returned. For example, vc-jose-cose might choose to strip out proof values that were not verified during the securing process (but by doing that, it'll make it impossible for upstream processors to verify those proofs). So, there will need to be work done in vc-jose-cose to determine what to do there.
For Data Integrity, I expect all the current cryptosuites we have to return proof in the returned data because all information in the proof values ARE protected and verified as a part of the securing mechanism verification process.
There was a problem hiding this comment.
In DI, all verified proofs are secured -- so DI securing mechanisms can return all proofs there were verified using the verifier's accepted cryptosuites from the base verification algorithm.
There was a problem hiding this comment.
The plain meaning of the text above implies that proof is used to secure the secured data and is not in the secured data. Please be clear that proof, if present, must be removed by this algorithm.
There was a problem hiding this comment.
@selfissued fixed in 8c16fec.
|
The issue was discussed in a meeting on 2023-12-19
View the transcript2.4. Clarify how issuer validation occurs. (pr vc-data-model#1393)See github pull request vc-data-model#1393. Brent Zundel: "Clarify how issuer validation occurs". Manu Sporny: This PR is an attempt at addressing Oliver's concern where Oliver is saying that the spec needs to be clear about how you verify that a VC came from a particular issuer. Brent Zundel: Any comments on this PR? |
index.html
Outdated
| Relevant metadata that is related to the <code>issuer</code> <a>property</a> | ||
| is available to the <a>verifier</a> through the | ||
| <a href="#verify-securing-mechanism">securing mechanism verification | ||
| algorithm</a> as defined in Section <a href="#securing-mechanisms"></a>. This | ||
| information includes the controller, which is typically the `issuer`, of the | ||
| verification method used by the securing mechanism to secure each <a>verifiable | ||
| credential</a>. When verifying a <a>verifiable presentation</a>, the controller | ||
| of the verification method is typically the `holder`. |
There was a problem hiding this comment.
I hope this edit makes this (single) paragraph somewhat clearer.
I wonder whether the first sentence of this paragraph should discuss metadata related to the `holder` property in addition to metadata related to the `issuer` property.
It might be better to cover verifiable credentials (and issuers) in one paragraph, and verifiable presentations (and holders) in another.
| Relevant metadata that is related to the <code>issuer</code> <a>property</a> | |
| is available to the <a>verifier</a> through the | |
| <a href="#verify-securing-mechanism">securing mechanism verification | |
| algorithm</a> as defined in Section <a href="#securing-mechanisms"></a>. This | |
| information includes the controller, which is typically the `issuer`, of the | |
| verification method used by the securing mechanism to secure each <a>verifiable | |
| credential</a>. When verifying a <a>verifiable presentation</a>, the controller | |
| of the verification method is typically the `holder`. | |
| Metadata related to the `issuer` <a>property</a> | |
| is available to the <a>verifier</a> through the | |
| <a href="#verify-securing-mechanism">verification algorithm of the securing | |
| mechanism</a> as defined in Section <a href="#securing-mechanisms"></a>. | |
| This metadata includes identification of the controller of the verification | |
| method used by the securing mechanism to secure each <a>verifiable credential</a> | |
| or <a>verifiable presentation</a>, of which the controller is typically the | |
| respective `issuer` or `holder`. |
|
@awoie, @selfissued, and @TallTed, I have applied each of your requested changes, requesting re-review from each of you. |
msporny
force-pushed
the
msporny-safe-processing
branch
from
4668f2d
to
9561353
Compare
msporny
force-pushed
the
msporny-issuer-validation
branch
from
1c3a93c
to
d9b3915
Compare
msporny
force-pushed
the
msporny-issuer-validation
branch
from
d9b3915
to
57ce60b
Compare
Co-authored-by: Oliver Terbu <43441584+awoie@users.noreply.github.com>
Co-authored-by: Dave Longley <dlongley@digitalbazaar.com>
msporny
force-pushed
the
msporny-issuer-validation
branch
from
57ce60b
to
a59c20b
Compare
|
Normative, multiple reviews, changes requested and made, no objections, merging. |
This PR is an attempt to address issue #1386 by clarifying how issuer validation could occur. It establishes an interface between the VCDM and securing specifications for the securing mechanism verification algorithms. It also adds more detail to the issuer validation section in the specification.
NOTE: The algorithms haven't been updated to use the new interface (that will be done in a separate PR). What's important in this PR is that the controller and controller document is being returned by the securing mechanism verification algorithm such that a check between the
issuerproperty and thecontrolleris possible./cc @jyasskin (this PR starts to define the interface between the Securing Mechanisms and the VCDM)
Preview | Diff