You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Verifiable credentials have multiple proof formats: JSON/JSON-LD or JWT.
Because of the lack of canonicalization, the JWT proof format does not allow credentials to be represented in other forms (JSON), as there is some ambiguity about how to re-encode these other forms as JWT such that the resulting signature remains verifiable.
This means that the only real way of dealing with such credentials is to always decode them where they are used.
This is very cumbersome, so to make it easier for developers to understand the contents of a credential, Veramo unpacks these credentials as JSON with a synthetic proof property of the typeJwtProof2020 that contains a jwt property with the original credential. We inherit this functionality from the did-jwt-vc library.
This makes them look like JSON credentials and developers can now work with all credential formats in the same way.
When such credentials are encountered in other protocols (for example during verification, or when packing it into a verifiable presentation), Veramo automatically discards the JSON representation and uses only the JWT string to represent the credential.
This can create some confusion, as the JSON representation seems modifiable without a direct impact on the proof verification (See #1070).
Do you think this type of transformation for convenience is a good idea?
Do you have other ideas about how to achieve the same purpose without the potential confusion?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Verifiable credentials have multiple proof formats: JSON/JSON-LD or JWT.
Because of the lack of canonicalization, the JWT proof format does not allow credentials to be represented in other forms (JSON), as there is some ambiguity about how to re-encode these other forms as JWT such that the resulting signature remains verifiable.
This means that the only real way of dealing with such credentials is to always decode them where they are used.
This is very cumbersome, so to make it easier for developers to understand the contents of a credential, Veramo unpacks these credentials as JSON with a synthetic
proofproperty of thetypeJwtProof2020that contains ajwtproperty with the original credential. We inherit this functionality from thedid-jwt-vclibrary.This makes them look like JSON credentials and developers can now work with all credential formats in the same way.
When such credentials are encountered in other protocols (for example during verification, or when packing it into a verifiable presentation), Veramo automatically discards the JSON representation and uses only the JWT string to represent the credential.
This can create some confusion, as the JSON representation seems modifiable without a direct impact on the proof verification (See #1070).
Do you think this type of transformation for convenience is a good idea?
Do you have other ideas about how to achieve the same purpose without the potential confusion?
6 votes ·
Beta Was this translation helpful? Give feedback.
All reactions