From cc1c84e070f8b23045eee91be4894c0ab73276d3 Mon Sep 17 00:00:00 2001 From: "Charles E. Lehner" Date: Fri, 8 Apr 2022 09:05:29 -0400 Subject: [PATCH] Re-indent --- index.html | 858 +++++++++++++++++++++++++++++------------------------ 1 file changed, 467 insertions(+), 391 deletions(-) diff --git a/index.html b/index.html index 7d4c1ac..47aa821 100644 --- a/index.html +++ b/index.html @@ -1,106 +1,113 @@ - CACAO-ZCAP - - - - + + + -
-
- -
-
- -
-
- -
-

Context

-

JSON-LD Context file: https://demo.didkit.dev/2022/cacao-zcap/context/v1.json

-

This context file is expected to be used in @context following the [[SECURITY-VOCABULARY]] context (https://w3id.org/security/v2). i.e.:

- 
+  

+  

+
+  

+  

+
+  

+  

+
+  

+    
Context

+    

+JSON-LD Context file: https://demo.didkit.dev/2022/cacao-zcap/context/v1.json
+    

+    

+This context file is expected to be used in @context following the
+[[SECURITY-VOCABULARY]] context
+(https://w3id.org/security/v2). i.e.:
+    

+    
 {
   "@context": [
     "https://w3id.org/security/v2",
@@ -108,301 +115,370 @@ 
Context

   ],
   ...
 }
-	

-	

-
-	

-	
CACAO-ZCAP Mapping

-	
-		
-			
-				
-				
-				
-				
-			
-		
-		
-			
-				
-				
-				
-				
-			
-
-			
-				
-				
-				
-				
-			
-
-			
-				
-				
-				
-				
-			
-
-			
-				
-				
-				
-				
-			
-
-			
-				
-				
-				
-				
-			
-
-			
-				
-				
-				
-				
-			
-
-			
-				
-				
-				
-				
-			
-
-			
-				
-				
-				
-				
-			
-
-			
-				
-				
-				
-				
-			
-
-			
-				
-				
-				
-				
-			
-
-			
-				
-				
-				
-				
-			
-
-			
-				
-				
-				
-				
-			
-
-			
-				
-				
-				
-				
-			
-
-			
-				
-				
-				
-				
-			
-
-			
-				
-				
-				
-				
-			
-
-			
-				
-				
-				
-				
-			
-
-			
-				
-				
-				
-				
-			
-
-			
-				
-				
-				
-				
-			
-
-			
-				
-				
-				
-				
-			
-
-			
-				
-				
-				
-				
-			
-
-			
-				
-				
-				
-				
-			
-
-		
-	
CACAO propertyRelationship/ValueZCAP propertyRequired?
h.t=cacaoPayloadTypeyes
p.domain=proof.domainyes
p.issDID ↔ DID URLproof.verificationMethodyes
p.aud=invokeryes
p.version"1"yes
[...]@contextyes
"CacaoZcap2022"typeyes
"CacaoZcapProof2022"proof.typeyes
p.nonce=proof.nonceyes
p.iat=proof.createdyes
p.nbf=proof.validFromno
p.exp=expiresno
p.statement=cacaoStatementno
p.requestId=requestIdno
.CID →idno
p.resources[0]=invocationTargetyes
p.resources[0]URL ↔ ZCAP Root URNproof.capabilityChain[0]no
p.resources[1..n-2]=proof.capabilityChain[1..n-2]no
p.resources[n-1]Object ↔ Data URIproof.capabilityChain[n-1]no
s.t=proof.cacaoSignatureTypeyes
s.sbytes ↔ multibaseproof.proofValueno

-
-	

-	
id CID UUID mapping

-	
The CACAO is serialized using [[DAG-CBOR]].
-	A SHA-256 hash is computed over this serialization.
-	The last 16 bytes of the hash (dropping the initial 16)
-	is used as "pseudo-random" input to a [[RFC4122]] v4 UUID.
-	This UUID is represented as a URN by prefixing it with "urn:uuid:".
-	This URN is used as the id of the delegation object.

-	

-
-	

-	
issuer-verificationMethod mapping

-	
The CACAO payload issuer property (p.iss) is defined by [[CACAO]] to be a [[DID-PKH]] DID. The proof verificationMethod property is expected to be a DID URL resolving to a verification method.
-	CACAO-ZCAP converts between these two fields by assuming that the issuer DID has a default verification method, that the CACAO signature is created using the verification material of that default verification method, and that the default verification method allows creating a proof of type CacaoZcapProof2022.

-	

-
-	

-	
Root ZCAP mapping

-	
The first value of the CACAO payload resources array is used as the invocation target URI, that is the value of the zcap delegation's invocationTarget property. The invocation target URI is encoded into a root zcap URN to become the root capability id. The root zcap URN is constructed as the concatenation of "urn:zcap:root:" with encodeURIComponent(invocationTarget). To transform the root zcap URN to the invocation target URI, the prefix "urn:zcap:root:" is removed and the remaining value is URL-decoded to return the invocation target id.

-	

-
-	

-	
Intermediate ZCAP mapping

-	
If the proof capabilityChain array / CACAO resources array (p.resources) contain more than two elements,
-	the intermediate elements are passed through as URIs.

-	

-
-	

-	
Previous ZCAP mapping

-	
The last value of the proof capabilityChain array / CACAO resources array (p.resources) represents the previous delegation. If the previous delegation is the root delegation, the capabilityChain array contains only the root delegation id, as a single value. If the previous delegation is a non-root delegation, the last value of the proof capabilityChain array is the previous delegation embedded as an object. The embedded previous delegation is represented in the last value of the CACAO resources array (p.resources) as a [[RFC2397]] Data URI containing the Base64-encoded JSON object serialized with [[RFC8785]] JSON Canonicalization Scheme (JCS).

-	

-
-	

-	
signature-proofValue mapping

-	
In CACAO, the signature is represented with an IPLD bytes type. In ZCAP and data integrity proofs, the signature is typically represented in a string in the proofValue property of the proof object. CACAO-ZCAP encodes the signature in the proofValue property using [[MULTIBASE]].

-	

-
-	

-
-	

-	
Terms

-	
This document defines the following terms, in the namespace https://demo.didkit.dev/2022/cacao-zcap/#.

-
-	

-	
CacaoZcap2022

-	
A CACAO interpreted as an authorization capability delegation.

-	
The proof property should be an object of type CacaoZcapProof2022. The invocationTarget property should be the URL to which an entity is being authorized access.

-        

-		
Status

-		
unstable

-		
Expected properties

-		

-			type,
-			parentCapability,
-			invocationTarget,
-			expires,
-			cacaoStatement,
-			cacaoRequestId,
-			proof
-		

-        

-	

-
-	

-	
CacaoZcapProof2022

-	
A data integrity proof over an authorization capability delegation document (CacaoZcap2022), together representing a CACAO.

-        

-		
Status

-		
unstable

-		
Expected properties

-		

-			type,
-			created,
-			verificationMethod,
-			proofPurpose,
-			proofValue,
-			domain,
-			nonce,
-			capabilityChain,
-			cacaoPayloadType,
-			cacaoSignatureType
-		

-        

-	

-
-	

-	
cacaoPayloadType

-	
CACAO payload format type (CACAO header "t" value). e.g. "eip4361".

-        

-		
Status

-		
unstable

-		
Expected type

-		
xsd:string

-	

-	

-
-	

-	
cacaoSignatureType

-	
CACAO signature type (CACAO signature "t" value). e.g. "eip191" or "eip1271".

-        

-		
Status

-		
unstable

-		
Expected type

-		
xsd:string

-	

-	

-
-	

-	
cacaoStatement

-	
CACAO statement (CACAO payload "statement" value).

-        

-		
Status

-		
unstable

-		
Expected type

-		
xsd:string

-	

-	

-
-	

-	
cacaoRequestId

-	
CACAO request ID (CACAO payload "requestId" value).

-        

-		
Status

-		
unstable

-		
Expected type

-		
xsd:string

-	

-	

-
-	

+
+
+ +
+

CACAO-ZCAP Mapping

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
CACAO propertyRelationship/ValueZCAP propertyRequired?
h.t=cacaoPayloadTypeyes
p.domain=proof.domainyes
p.issDID ↔ DID URLproof.verificationMethodyes
p.aud=invokeryes
p.version"1"yes
[...]@contextyes
"CacaoZcap2022"typeyes
"CacaoZcapProof2022"proof.typeyes
p.nonce=proof.nonceyes
p.iat=proof.createdyes
p.nbf=proof.validFromno
p.exp=expiresno
p.statement=cacaoStatementno
p.requestId=requestIdno
.CID →idno
p.resources[0]=invocationTargetyes
p.resources[0]URL ↔ ZCAP Root URNproof.capabilityChain[0]no
p.resources[1..n-2]=proof.capabilityChain[1..n-2]no
p.resources[n-1]Object ↔ Data URIproof.capabilityChain[n-1]no
s.t=proof.cacaoSignatureTypeyes
s.sbytes ↔ multibaseproof.proofValueno
+ +
+

id CID UUID mapping

+

+The CACAO is serialized using [[DAG-CBOR]]. A SHA-256 hash is computed over +this serialization. The last 16 bytes of the hash (dropping the initial 16) is +used as "pseudo-random" input to a [[RFC4122]] v4 UUID. This UUID is +represented as a URN by prefixing it with "urn:uuid:". This URN is used as the +id of the delegation object. +

+
+ +
+

issuer-verificationMethod mapping

+

+The CACAO payload issuer property (p.iss) is defined by [[CACAO]] +to be a [[DID-PKH]] DID. The proof +verificationMethod +property is expected to be a +DID URL resolving to +a verification method. +CACAO-ZCAP converts between these two fields by assuming that the issuer DID +has a default verification method, that the CACAO signature is created +using the +verification material +of that default verification method, and that the +default verification method allows creating a proof of type +CacaoZcapProof2022. +

+
+ +
+

Root ZCAP mapping

+

+The first value of the CACAO payload resources array is used as the invocation +target URI, that is the value of the zcap delegation's +invocationTarget property. The invocation target URI is encoded +into a root zcap URN to become the root capability id. The root zcap URN is +constructed as the concatenation of "urn:zcap:root:" with +encodeURIComponent(invocationTarget). To transform the root zcap +URN to the invocation target URI, the prefix "urn:zcap:root:" is +removed and the remaining value is URL-decoded to return the invocation target +id. +

+
+ +
+

Intermediate ZCAP mapping

+

+If the proof capabilityChain array / CACAO resources array +(p.resources) contain more than two elements, the intermediate +elements are passed through as URIs. +

+
+ +
+

Previous ZCAP mapping

+

+The last value of the proof capabilityChain array / CACAO +resources array (p.resources) represents the previous delegation. +If the previous delegation is the root delegation, the +capabilityChain array contains only the root delegation id, as a +single value. If the previous delegation is a non-root delegation, the last +value of the proof capabilityChain array is the previous +delegation embedded as an object. The embedded previous delegation is +represented in the last value of the CACAO resources array +(p.resources) as a [[RFC2397]] Data URI containing the +Base64-encoded JSON object serialized with [[RFC8785]] JSON Canonicalization +Scheme (JCS). +

+
+ +
+

signature-proofValue mapping

+

+In CACAO, the signature is represented with an +IPLD +bytes type. In ZCAP and data integrity proofs, the signature is +typically represented in a string in the +proofValue +property of the proof object. CACAO-ZCAP encodes the signature in the +proofValue property using [[MULTIBASE]]. +

+
+ +
+ +
+

Terms

+

+This document defines the following terms, in the namespace +https://demo.didkit.dev/2022/cacao-zcap/#. +

+ +
+

CacaoZcap2022

+

+A CACAO interpreted as an authorization capability delegation. +

+

+The proof property should be an object of type +CacaoZcapProof2022. +The invocationTarget property should be the URL to which an entity +is being authorized access. +

+
+
Status
+
unstable
+
Expected properties
+
+ type, + parentCapability, + invocationTarget, + expires, + cacaoStatement, + cacaoRequestId, + proof +
+
+
+ +
+

CacaoZcapProof2022

+

+A data +integrity proof over an authorization capability delegation document +(CacaoZcap2022), together representing a CACAO. +

+
+
Status
+
unstable
+
Expected properties
+
+ type, + created, + verificationMethod, + proofPurpose, + proofValue, + domain, + nonce, + capabilityChain, + cacaoPayloadType, + cacaoSignatureType +
+
+
+ +
+

cacaoPayloadType

+

+CACAO payload format type (CACAO header "t" value). e.g. "eip4361". +

+
+
Status
+
unstable
+
Expected type
+
xsd:string
+
+
+ +
+

cacaoSignatureType

+

+CACAO signature type (CACAO signature "t" value). e.g. "eip191" or "eip1271". +

+
+
Status
+
unstable
+
Expected type
+
xsd:string
+
+
+ +
+

cacaoStatement

+

+CACAO statement (CACAO payload "statement" value). +

+
+
Status
+
unstable
+
Expected type
+
xsd:string
+
+
+ +
+

cacaoRequestId

+

+CACAO request ID (CACAO payload "requestId" value). +

+
+
Status
+
unstable
+
Expected type
+
xsd:string
+
+
+ +