-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Context about how this differs from 2020-rl #3
Comments
This is the direction I would hope to go - just allow a field like |
@msporny as we begin implementing this in our production stuff, we would really like to see the concept of topic/list-type. This is important because what we really want is to have all the lists be |
Agreed with the points here, especially considering that there is seemingly no material difference between |
Feels reasonable, especially since we don't have a test suite for interop yet... we'd want to get this locked in before one is created. I'm trying to think through how the change might blow up in our faces... I haven't had a chance to think deeply about that so would prefer some implementer feedback before we commit to the new design path. The old design clearly specifies the type in both the VC that points to the status list, and the status list itself (so there can be no confusion on what the list is for). If we were to do this, there would be an extra type check required to make sure the topics line up... if we don't do that, there could be an attack where you swap a suspension list for a revocation list (maybe?!)... I don't know, but someone needs to think about the attacks around this deeply before we implement it. Has anyone thought through how one would attack a topic mismatch? |
@msporny
I had planned on publishing separate Status List VCs, one for Suspension List, one for Revocation List, that's how I interpreted it anyway, and then each VC had a service reference back to its applicable Status List VC target resource. This way a VC could be revocable and/or suspendable in credential definition spec by the issuer.
I had looked at this a bit differently in implementation. Here were the rules intended for issuing parties:
This ruleset implies the need for two separate bitstrings and two separate list types identifying those bitstrings, right?
If type is part of the digest for the Status List VC, then it should be impossible to override the verification of a Revocation List with a verification of the Suspension List, no? |
Yes, exactly. +1 to everything you said above. There are at least two different types of status lists today (revocation and suspension, with dangerous ramifications wrt. mixing up one w/ the other). We could further generalize this like we plan to do in the upcoming Data Integrity work (namely, by reusing something akin to the So, another alternative might be:
... and the list would look like this:
Food for thought... |
Just to throw this out there: our whole desire with Status List was to have
a generic descriptor/model that featured the exact list-typing field you
suggested, not whole separate specs for N-types of lists. I'm not sure why
that wasn't something folks were into previously, but I would certainly be
happy to see it move that direction if it's more palatable now.
…On Tue, Mar 8, 2022, 11:49 AM Manu Sporny ***@***.***> wrote:
If type is part of the digest for the Status List VC, then it should be
impossible to override the verification of a Revocation List with a
verification of the Suspension List, no?
Yes, exactly. +1 to everything you said above. There are at least two
different types of status lists today (revocation and suspension, with
dangerous ramifications wrt. mixing up one w/ the other).
We could further generalize this like we plan to do in the upcoming Data
Integrity work (namely, by reusing something akin to the cryptosuite
property):
https://w3c-ccg.github.io/data-integrity-spec/#example-a-dataintegritysignature-example-using-a-nist-ecdsa-2022-cryptosuite
So, another alternative might be:
"credentialStatus": {
"id": "https://dmv.example.gov/credentials/status/3#94567",
"type": "StatusList",
"statusType": "revocation-2021", <--- this would be a string, not a JSON-LD type
"statusListIndex": "94567",
"statusListCredential": "https://example.com/credentials/status/3"
}
... and the list would look like this:
{
***@***.***": [
"https://www.w3.org/2018/credentials/v1",
"https://w3id.org/vc-status-list-2021/v1"
],
"id": "https://example.com/credentials/status/3",
"type": ["VerifiableCredential", "StatusListCredential"],
"issuer": "did:example:12345",
"issued": "2021-04-05T14:27:40Z",
"credentialSubject": {
"id": "https://example.com/status/3#list",
"type": "StatusList",
"statusType": "revocation-2021", <--- this would be a string, not a JSON-LD type
"encodedList": "H4sIAAAAAAAAA-3BMQEAAADCoPVPbQwfoAAAAAAAAAAAAAAAAAAAAIC3AYbSVKsAQAAA"
},
"proof": { ... }
}
Food for thought...
—
Reply to this email directly, view it on GitHub
<https://github.com/w3c-ccg/vc-status-list-2021/issues/3#issuecomment-1062142602>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AABAFSR6LPB2JI3O4LWQ2BTU66VMVANCNFSM42PHYQMA>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
You are receiving this because you commented.Message ID:
***@***.***>
|
@msporny, +1 very much like the idea for a type to refer to a data integrity signature that itself is verifiable. A challenge presented in our desired implementation: |
Your answer is in the VC Data Model spec, namely, this line: https://www.w3.org/TR/vc-data-model/#syntaxes -- "All other properties, if present, are represented as either a single value or an array of values." So, the value associated with
It's going to end up being some variation of the example above once we get consensus on what the community wants to do here. |
@msporny Ha! Right there under "Syntactic Sugar"
😏 |
I think we can simplify The value space is just a string so we can always, if need be, get more complicated in the future, but let's start with simple values and chances are we won't need a more complicated future. |
@csuwildcat wrote:
Yes, you did... right here: https://github.com/w3c-ccg/vc-status-list-2021/issues/2 I'd like to take this moment to admit that: "On this point, Dan Buchner was totally right, he is a true gentleman and a scholar, and we should've been listening to him all along." /cc @OR13 @kimdhamilton You might also be happy that we're going to probably take the same approach w/ the Data Integrity cryptosuites: https://w3c-ccg.github.io/data-integrity-spec/#example-a-dataintegritysignature-example-using-a-nist-ecdsa-2022-cryptosuite
The thing that changed is that enough developers complained about having to create new JSON-LD Contexts for each cryptosuite, and the code churn that resulted in that, that we've tried to make things easier by eliminating that JSON-LD Context and code churn. If we do this right in the VC 2.0 work, you won't need a cryptosuite JSON-LD Context at all, it'll just be built into the base context for all VCs. |
I'm concerned that a developer might check that field, not read the spec (gasp), or try to understand how any of this works (double gasp), and presume the credential is revoked and/or suspended. :( I'm also uncertain about removing a date stamp entirely from the status suite. Food for thought. |
I think that will be quickly remedied by user complaints. Also, I expect that would be a "fail closed" type of scenario (some privilege not granted, etc.) and until it's remedied, no VC from any user (revoked/suspended or not) would work. So, I don't think it's that much of a concern.
The date stamping is useful for cryptographic suites because cryptography has a shelf life. Many of these "statuses" (at least "revoked" and "suspended" anyway) don't have a shelf-life in terms of their semantics. The "concept" of revocation doesn't expire, but non-quantum-safe cryptosuite XYZ 2021 is expected to. It may still be useful to have a date on the spec itself (Status List 2021) -- because across all status types we're using a particular method to create some level of privacy protection. We may find this doesn't work as well in the future as it did in 2021 -- for some reason -- or that much more privacy preserving and still easily implementable methods are available in 2030. |
@dlongley, (forgive the uninformed inquiry) does json-ld provide no modality for something like a Seems to me, as an implementor anyways, that I'd want to allow a derived status type if required. I'm admittedly still coming up to speed so forgive any sweeping assumptions. |
So, with JSON-LD / RDF, you can make the semantics for a vocabulary term whatever you want in the text that defines it. What we're doing by using Instead, status types can be independently described in specs or along with the definitions provided for particular credential types and / or issuers. The verification software that needs to be able to report whether or not a particular status is set can then be separated from the business rules for evaluating what to do about a particular status in a given context -- which I think fits along with what you'd like to see here as well. |
@dlongley
I've seen some pretty bad design assumptions in my day (heck, I just made one) ... just my thoughts after reading both of your remarks:
|
Yes, exactly this. @dlongley thoughts?
Just "purpose" is a bit challenging because we try to use terms that are difficult to confuse outside of their used context. That is, the word purpose, used in other contexts, can mean different things. For example "proofPurpose", which is a real thing: https://w3c-ccg.github.io/security-vocab/#proofPurpose We /could/ define one generic meaning for "purpose" that is used across all security contexts, but things have usually backfired when we've tried that in the past. That's not a hard and fast rule, though... we do have At present, I think I'm leaning more towards
There are 2 hard problems in computer science: cache invalidation, naming things, and off-by-1 errors. -- Leon Bambrick :P |
Alright, at this point, I think we're coming to consensus around these things:
|
A PR has been raised to address this issue. @sbutterfield check out PR #24. All PRs in this repo (and most W3C repos) come w/ a "Preview" link in the initial PR comment. See this link for latest PR Preview: https://pr-preview.s3.amazonaws.com/w3c-ccg/vc-status-list-2021/pull/24.html |
+1 to |
PR merged. is this ready to be closed? |
The initial request asked to compare/contrast this spec against the Revocation List 2020 spec. Given that we plan to EOL Revocation List 2020 and that most implementers are moving to StatusList2021, I'm going to assert that we just not say anything about the old spec in the new spec, put a "this spec replaced by StatusList2021" on the old spec, and never talk about the old spec again. :) The other part of the initial request was to add I believe this addresses the initial request, so closing this issue. Re-open if you disagree, @swcurran. |
It would be very helpful if the specification referenced the vc-revocation-list-2020 and defined the differences between the two. I've been trying to scan to figure out the differences, and from what I can see a couple of mentions (and an example) of "SuspensionList" is the only change. Is that correct?
A related question is whether the VC for the list have a type that MUST be "RevocationList2021" as stated, or would it also allow "SuspensionList2021" to align with the addition of allowing SuspensionList in the VC given to the holder?
If that is the case, I would add my name to the question in #2 asking why not add a "call it whatever you want"
listtype
field so you aren't limited to revoke and suspend.Thanks!
The text was updated successfully, but these errors were encountered: