VC "knows" template #12
Comments
|
In addition to "know", there are some other items in the Identity Schema (and as it inherits both thing and Person), so there is also these that might be useful for pseudonymous claims: "group" and "memberOf" of this hackathon or W3C-CCG or RWOT9. "alternateName" for a psuedonym "email" to claim an email address "sameAs" to claim a URL (say to a github account, twitter, handle). "knowsAbout" things like C++, Java, etc. "Description" a english language claim -- Christopher Allen |
|
We also need to add an "evidence" that is Bob's key was verified cryptographically by Alice. See https://www.w3.org/TR/vc-data-model/#example-22-usage-of-the-evidence-property |
|
What I want to represent (in English): Alice knows Bob, that Bob has proven to Alice control over Bob's public key, and how Alice knows that how (the auth ceremony used: a cryptographically verified possession, not F2F). |
|
@dlongley Can you look look at how we refer to public key in the above? Should it refer to a DID#key-1 instead. |
|
I would not use https://w3c.github.io/vc-imp-guide/#creating-new-credential-types (Note that the context URL has a typo in that guide and there's a PR to fix it.) A new WoT context should be published somewhere or hard coded to a URN if need be. For this example, I'll say that the URN Here's a new context and VC template for representing that Alice knows Bob and that Bob has some public key. The context: {
"@context": {
"@version": 1.1,
"id": "@id",
"type": "@type",
"WoTRelationshipCredential": "urn:web-of-trust:vocab:WoTRelationshipCredential",
"knows": {"@id": "urn:web-of-trust:vocab:knows", "@type": "@id"},
"EcdsaSecp256k1VerificationKey2019": "https://w3id.org/security#EcdsaSecp256k1VerificationKey2019",
"publicKey": {"@id": "https://w3id.org/security#publicKey", "@type": "@id"},
"publicKeyBase58": "https://w3id.org/security#publicKeyBase58"
}
}The VC template using it: {
"@context": [
"https://www.w3.org/credentials/v1",
"urn:web-of-trust:context"
],
"id": "<some identifier for the credential like urn:uuid:<uuid> or a URL>",
"type": ["Credential", "WoTRelationshipCredential"],
"issuer": "did:<method>:Alice",
"issuanceDate": "2010-01-01T19:23:24Z",
"credentialSubject": {
"id": "did:<method>:Alice",
// Alice is claiming that she knows Bob
"knows": {
"id": "did:<method>:Bob"
// Alice is claiming that Bob has this public key
"publicKey": {
"id": "did:<method>:Bob#24fd3..332f23f",
"type": "EcdsaSecp256k1VerificationKey2019",
"publicKeyBase58": "zsf3w23f...32f2f23"
}
}
},
"proof": {
"type": "EcdsaSecp256k1Signature2019",
"created": "2019-08-08T15:10:01Z",
"jws": "eyJhbGciOiJFUzI1NksiLCJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdfQ..MEUCIQCGMSkRuXUe-1mgj2WCR_bcfAXeAmb3rGoszNDgqy-ecQIgBdvJaYj4cprhpF892dcZ-7q3J54GrIhWNGin3bIzh18",
"proofPurpose": "assertionMethod",
"verificationMethod": "did::Alice#key-1"
}
}To sign or verify a VC using the above template using something like |
Do you want Alice to just assert that she knows Bob has that public key via some method ... or do you want something stronger like to include, for example, an embedded |
|
ACTION: @ChristopherA gave @mattcollier & @AnthonyRonning the reference private WIF testnet key for sample implicit DID key did:btcr:xyv2-xzpq-q9wa-p7t#satoshi (see #4) so that they can create real BTCR-based VCs in their demo. ACTION: @mattcollier will put a"WoT" context into each VC of this form, community will do URL based ones later. Some items in @dlongley's comment may be redundant. ACTION: Ask @dlongley to look at what it would take to put the simplest possible VP into this WoT credential that verifies that Alice has confirmed that Bob has possession of private key. Simplest nonce confirmation is fine. |
|
Since we are going to be using a custom context, and adding simple DID Auth proof, we don't need to use the word "knows" from the old person schema context. Maybe it should be:
@jandrieu what do you suggest? -- Christopher Allen |
|
I don't really know the use case or any of the details or any potential attack vectors, etc. (I don't really have time to dive into it either at the moment), but here's the most minimal VP (with Bob authenticating to Alice) I could come up with to put into an {
"@context": [
"https://www.w3.org/2018/credentials/v1"
],
"type": "VerifiablePresentation",
"proof": {
"type": "EcdsaSecp256k1Signature2019",
"created": "2019-08-08T15:10:01Z",
"jws": "eyJhbGciOiJFUzI1NksiLCJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdfQ..MEUCIQCGMSkRuXUe-1mgj2WCR_bcfAXeAmb3rGoszNDgqy-ecQIgBdvJaYj4cprhpF892dcZ-7q3J54GrIhWNGin3bIzh18",
"proofPurpose": "authentication",
"verificationMethod": "did:<method>:Bob#24fd3..332f23f",
"challenge": "3786dg3df1d...12d12d12",
"domain": "did:<method>:Alice"
}
} |
@dlongley Do you have any more recent example of how I can include a cryptographic proof of control (or other cryptographic proof) as evidence in a VC? I'm making progress on BTCR-based LESS-less psuedoanonymous VCs, but I still have no idea how to do this. As it is the most fundamental thing that will make BTCR better than GPG, I need it soon. -- Christopher Allen |
|
@ChristopherA we use this approach for linking domains to DIDs... https://identity.foundation/.well-known/resources/did-configuration/#linked-data-proof-format there is a proposal to include a bi-directional component in the service endpoint... but if we had the way this works is that a website admin has to put a credential signed by a did at a specific path... if they can do that... you believe that they are linked / the same. ... this is similar to how lets encrypt handles SSL certificate issuance.... https://www.frederikbanke.com/setting-up-https-on-nginx-using-lets-encrypt-2/ |
One of our goals for this hackathon was to have everyone create a BTCR DID and have simple web of trust "know" claims between all of us (knows being available in https://w3id.org/identity/v1)
@mattcollier could you help us get a valid VC template (for your -cli tool) that expresses a simple knows claim? Maybe a couple of others that use other non-personal data items from https://w3id.org/identity/v1 ?
The best example we have is from @dlongley last year: w3c/vc-data-model#32 (comment) but there is more debate on what these should look like in that issue:
The text was updated successfully, but these errors were encountered: