Open KDean-GS1 opened 2 years ago
We can add an informative appendix that instructs a user how to compute the SAID before computing the proof.
Unfortunately, the w3c VC specification us of JSON and JSON-LD does not attach proofs either as a true attachment or by wrapping the VC and the proof in an outer envelope but puts the proof as a top-level field in the VC block itself.
So as you suggest, this means that the proof must be calculated on the VC without the proof and then inserted. But because the SAID is also calculated on the VC it must be calculated after the proof is removed but before the proof is calculated.
This is primarily to do with Verifiable Credentials, but it applies equally to XML Digital Signature, JSON Web Signature, and other forms of digital proof.
If I were to incorporate SAIDs into VCs, I am now dealing with two parts of the document that are affected by the replacement of a string of '#' characters with the SAID.
In order to maintain compatibility with other forms digital proof, the way I would see it working would be to generate the SAID first and then generate the proof. Standard VC validation would neither know nor care that the document ID is a SAID and would happily validate against the proof but SAID validation would have to be VC-aware and remove the proof before verifying the SAID.