New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
standardize verification processes for a variety of well understood use cases #30
Comments
The issue was discussed in a meeting on 2021-12-08
View the transcript1.5. standardize verification processes for a variety of well understood use cases (issue vc-wg-charter#30)See github issue vc-wg-charter#30. Brent Zundel: This is from Kyle Den Hartog. I don't think we've looked at this yet -- Kyle not on the call too early for his timezone.. Kevin Dean: This is going to be difficult. Verifying the content ... the business process can be radically different from one to the next. He is talking about common validation. Talking about driver's licenses and the like.. Manu Sporny: I agree with what Kevin just said. I am a bit confused because he jumps between verification and validation patterns. He says standardize verification processes but at the very bottom he says he'd like common validation patterns standardized. And verification and validation are not the same.. David Chadwick: I totally agree that we're only talking about verification and not about validation. This has come up in the presentation exchange group -- which is that one of the components is that you can check the policy before checking any proof. I am strongly for always checking a proof before checking any policy..
David Chadwick: Proof checking should be the number 1 to lower the attack surface.. |
Just saw the notes on this and wanted to clarify this would be specifically about common verification patterns. I was not thinking about venturing into common business logic validation which I agree can differ widely based on the use cases. With that in mind, I want to further clarify what I mean here by verification. I do believe it's necessary to state the verification processing logic for more complex verification processes beyond how to verify a single VC that's been wrapped and signed with a VP. |
would this reasonably fall within the scope of VC Data Integrity (#32)? |
Yeah based on our discussion on todays meeting I think this is definitely covered by the multi proof sets of VC data integrity from LDPs draft spec and should be covered with no additional scope needing to be covered in the charter. I think this can be closed. |
The issue was discussed in a meeting on 2021-12-15
View the transcript1.3. standardize verification processes for a variety of well understood use cases (issue vc-wg-charter#30)See github issue vc-wg-charter#30. Kyle Den Hartog: Given the scope of the work, don't know if we want to take this on now. Ok with leaving it undefined, can advocate inside WG for it if we have time for it.. Brent Zundel: Do we have to be specific about this being in scope?. Kyle Den Hartog: We probably walk ourselves into problems if we go to REC... we weren't being explicitly clear... multi-issuance and multi-proofs. Given that you can do multi-proofs in LDI, we could argue that it was a part of it at the out set, might make it unclear where we fell on that sort of stuff.. Manu Sporny: I'm trying to get a link.
Kyle Den Hartog: yes, we did run into this problem, that's exactly what I was thinking about -- not clear, when writing suites, combine them into VP, how you prove that they've been bound to the same identity and both are presenting together vs. two independent subjects generating presentation..
David Chadwick: Just two points, one is the current text is that appendix A refers to validation. Manu Sporny: Yeah to what kdenhartog and what has been said in chat I think we have space to make it clear that we can show how that's done.
Kyle Den Hartog: In that case, I feel like it's justified and in scope based on what we know about LDI and LDP to be able to say there is no necessary updates to the charter in order to close out this issue. This will fall in naturally to talk about these sorts of use cases.. |
Right now we've established a strong data model with a good set of extensibility to meet the needs of a variety of use cases. With each of these use cases we encounter common patterns of verification of both the VC data model and VP data model, but none of these patterns have been standardized in a meaningful way to allow a developer who's utilizing the data model to pick up the libraries and easily utilize the data model in a safe way.
What I'd like to propose as a potential path forward is to standardize common verification patterns such as:
While this does step into the realm of "building protocols" I think we can steer clear of this by focusing only on how to process a VC/VP data model that's been received while clearly leaving the method of which a VC/VP is transferred out of scope.
To put it simply, in Appendix A we say:
Essentially what I'm aiming for is to provider further normative conformance criteria for some of these common validation patterns.
The text was updated successfully, but these errors were encountered: