Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

verification algorithms #261

Merged
merged 16 commits into from
Apr 3, 2024
Merged

verification algorithms #261

merged 16 commits into from
Apr 3, 2024

Conversation

brentzundel
Copy link
Member

@brentzundel brentzundel commented Mar 28, 2024
edited by pr-preview bot
Loading

The PR adds verification algorithms for each of the securing mechanisms defined in the spec according to the guidance in the VC Data Model

Preview | Diff

@brentzundel
verification algorithm for SD-JWT
e85b734 
Signed-off-by: Brent Zundel <brent.zundel@gmail.com>
decentralgabe
decentralgabe approved these changes Mar 28, 2024
View reviewed changes
Copy link
Collaborator

@decentralgabe decentralgabe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

much better!

selfissued
selfissued reviewed Mar 29, 2024
View reviewed changes
index.html Outdated Show resolved Hide resolved
selfissued
selfissued reviewed Mar 29, 2024
View reviewed changes
Copy link
Collaborator

@selfissued selfissued left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The "Verification Algorithms" section now contains the subsection

Algorithm for verifying a credential or presentation secured with SD-JWT

But I would have expected it to also contain the corresponding subsections

Algorithm for verifying a credential or presentation secured with JOSE
Algorithm for verifying a credential or presentation secured with COSE

I would suggest placing them in the order JOSE, SD-JWT, and COSE, as is done in https://w3c.github.io/vc-jose-cose/#securing-the-vc-data-model .

@brentzundel @selfissued
Update index.html
758d70b 
Co-authored-by: Michael B. Jones <michael_b_jones@hotmail.com>
@brentzundel
change nesting for SD-JWT algorithm
15607c4 
Signed-off-by: Brent Zundel <brent.zundel@gmail.com>
TallTed
TallTed requested changes Mar 29, 2024
View reviewed changes
Copy link
Member

@TallTed TallTed left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Small tweaks

index.html Outdated Show resolved Hide resolved
index.html Outdated Show resolved Hide resolved
index.html Outdated Show resolved Hide resolved
brentzundel and others added 8 commits March 29, 2024 10:32
@brentzundel @TallTed
Update index.html
9482d52 
Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com>
@brentzundel @TallTed
Apply suggestions from code review
0c4ce26 
Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com>
@brentzundel
change order of SD-JWT algorithm, add COSE section header
6abcf59 
Signed-off-by: Brent Zundel <brent.zundel@gmail.com>
@brentzundel
Move JOSE and COSE header parameter sections to be nested inside of t…
8c1200b 
…he respective JSOE and COSE sections

Signed-off-by: Brent Zundel <brent.zundel@gmail.com>
@brentzundel
JOSE algorithm
63270f1 
Signed-off-by: Brent Zundel <brent.zundel@gmail.com>
@brentzundel
COSE algorithm
fd78e93 
Signed-off-by: Brent Zundel <brent.zundel@gmail.com>
@brentzundel
cleanup validation section
d8823b0 
Signed-off-by: Brent Zundel <brent.zundel@gmail.com>
@brentzundel
minor cleanup
0b2a812 
Signed-off-by: Brent Zundel <brent.zundel@gmail.com>
brentzundel
brentzundel commented Mar 29, 2024
View reviewed changes
index.html Outdated Show resolved Hide resolved
@brentzundel brentzundel marked this pull request as ready for review March 29, 2024 16:42
@brentzundel brentzundel mentioned this pull request Mar 29, 2024
Closed
TallTed
TallTed reviewed Mar 29, 2024
View reviewed changes
index.html Outdated Show resolved Hide resolved
TallTed
TallTed reviewed Mar 29, 2024
View reviewed changes
index.html Outdated
Comment on lines 2563 to 2564
Convert the SD-JWT payload back into the JSON claim set by reversing the process
described in [[[SD-JWT]]] [[SD-JWT]]. Set <code>document</code> to the JSON claim set.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I cannot figure out what section of [[SD-JWT]] describes the process that is supposed to be reversed. I think this reference should converted be a section-specific data-cite.

Copy link
Member

@TallTed TallTed Mar 29, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(Moved to a top-level comment on the PR)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The process for moving from a JSON claim set to an SD-JWT payload is a description spread across a large swath of the SD-JWT document, rather than nicely contained in a single section. I have added a link to the appendix of examples in 3ff1693, which I hope is sufficient.

TallTed
TallTed reviewed Mar 29, 2024
View reviewed changes
index.html Outdated Show resolved Hide resolved
TallTed
TallTed reviewed Mar 29, 2024
View reviewed changes
index.html Outdated Show resolved Hide resolved
TallTed
TallTed reviewed Mar 29, 2024
View reviewed changes
index.html Outdated Show resolved Hide resolved
TallTed
TallTed reviewed Mar 29, 2024
View reviewed changes
index.html Outdated
this media type. The unsecured [=verifiable credential=] is the input JSON
claim set. The Issuer then converts the input JSON claim set (i.e., the
unsecured [=verifiable credential=]) into an SD-JWT payload according to
[[[SD-JWT]]] [[SD-JWT]].
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Line 424 should probably be changed from [[[SD-JWT]]] to a data-cite targeting the specific section.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

adjusted in 8c3772b

TallTed
TallTed reviewed Mar 29, 2024
View reviewed changes
index.html Outdated Show resolved Hide resolved
TallTed
TallTed reviewed Mar 29, 2024
View reviewed changes
index.html Outdated Show resolved Hide resolved
TallTed
TallTed reviewed Mar 29, 2024
View reviewed changes
index.html Outdated Show resolved Hide resolved
TallTed
TallTed reviewed Mar 29, 2024
View reviewed changes
index.html Outdated Show resolved Hide resolved
TallTed
TallTed reviewed Mar 29, 2024
View reviewed changes
index.html Outdated Show resolved Hide resolved
selfissued
selfissued reviewed Mar 29, 2024
View reviewed changes
index.html Outdated Show resolved Hide resolved
selfissued
selfissued reviewed Mar 29, 2024
View reviewed changes
index.html Outdated Show resolved Hide resolved
selfissued
selfissued reviewed Mar 29, 2024
View reviewed changes
index.html Outdated Show resolved Hide resolved
selfissued
selfissued reviewed Mar 29, 2024
View reviewed changes
index.html Outdated Show resolved Hide resolved
brentzundel and others added 4 commits March 29, 2024 13:19
@brentzundel @TallTed @selfissued
Apply suggestions from code review
599710a 
Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com>
Co-authored-by: Michael B. Jones <michael_b_jones@hotmail.com>
@brentzundel
add specific section for SD-JWT
8c3772b 
Signed-off-by: Brent Zundel <brent.zundel@gmail.com>
@brentzundel
remove extraneous COSE paragraph
157b19c 
Signed-off-by: Brent Zundel <brent.zundel@gmail.com>
@brentzundel
add link to SD-JWT claimset to payload examples
3ff1693 
Signed-off-by: Brent Zundel <brent.zundel@gmail.com>
@TallTed
Copy link
Member

TallTed commented Mar 29, 2024

Answering a question which has now been deleted, because others may share it.

Triple brackets show the full title of the referenced document, and link directly there; e.g., ReSpec turns
[[[SD-JWT]]]
into
[Selective Disclosure for JWTs (SD-JWT)](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-selective-disclosure-jwt)
, which renders as
Selective Disclosure for JWTs (SD-JWT).

Double brackets put a simple [cite] in the document body, which links to its citation in the references appendix, e.g., ReSpec turns
[[SD-JWT]]
in the PR-Preview of this PR turns into
[[SD-JWT](https://pr-preview.s3.amazonaws.com/brentzundel/vc-jose-cose/pull/261.html#bib-sd-jwt)]
, which renders as
[SD-JWT].

When put together,
[[[SD-JWT]]] [[SD-JWT]]
, renders as
Selective Disclosure for JWTs (SD-JWT) [SD-JWT].

Generally speaking, in [[cite]] reads very badly in the body text, and just links to the appendix, while in [[[cite]]] [[cite]] produces a far better result in the text.

(There are many other instances of title [[cite]] in the existing document which I think would be better changed to [[[cite]]] [[cite]].)

@selfissued selfissued merged commit 8673f36 into w3c:main Apr 3, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@iherman iherman iherman left review comments

@TallTed TallTed TallTed requested changes

@selfissued selfissued selfissued left review comments

@decentralgabe decentralgabe decentralgabe approved these changes

Assignees
No one assigned
Labels
before-CR
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@brentzundel @TallTed @iherman @decentralgabe @selfissued