search

c2pa-org / specifications

The public specifications for the C2PA
Creative Commons Attribution 4.0 International
92 stars 8 forks source link

C2PA W3C Verifiable Credential Example #37

Closed OR13 closed 5 months ago

OR13 commented 1 year ago

Example found here:

https://c2pa.org/specifications/specifications/1.3/specs/C2PA_Specification.html#_w3c_verifiable_credentials

{
  "@context": [
    "https://www.w3.org/2018/credentials/v1",
    "http://schema.org"
  ],
  "type": [
    "VerifiableCredential",
    "NPPACredential"
  ],
  "issuer": "https://nppa.org/",
  "credentialSubject": {
    "id": "did:nppa:eb1bb9934d9896a374c384521410c7f14",
    "name": "John Doe",
    "memberOf": "https://nppa.org/"
  },
  "proof": {
    "type": "RsaSignature2018",
    "created": "2021-06-18T21:19:10Z",
    "proofPurpose": "assertionMethod",
    "verificationMethod": "did:nppa:eb1bb9934d9896a374c384521410c7f14#_Qq0UL2Fq651Q0Fjd6TvnYE-faHiOpRlPVQcY_-tA4A",
    "jws": "eyJhbGciOiJQUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19
      DJBMvvFAIC00nSGB6Tn0XKbbF9XrsaJZREWvR2aONYTQQxnyXirtXnlewJMB
      Bn2h9hfcGZrvnC1b6PgWmukzFJ1IiH1dWgnDIS81BH-IxXnPkbuYDeySorc4
      QU9MJxdVkY5EL4HYbcIfwKj6X4LBQ2_ZHZIu1jdqLcRZqHcsDF5KKylKc1TH
      n5VRWy5WhYg_gBnyWny8E6Qkrze53MR7OuAmmNJ1m1nN8SxDrG6a08L78J0-
      Fbas5OjAQz3c17GY8mVuDPOBIOVjMEghBlgl3nOi1ysxbRGhHLEK4s0KKbeR
      ogZdgt1DkQxDFxxn41QWDw_mmMCjs9qxg0zcZzqEJw"
  }
}

There are a couple issues with this example:

  1. The RsaSignature2018 / proof parts are VCDM v1 and are outdated in v2... From what I gather, c2pa uses COSE Sign1, not DataIntegrityProofs, so the example is misleading.

  2. "did:nppa" is not registered here https://w3c.github.io/did-spec-registries/ ... folks who are interested in it might struggle to learn more.

  3. don't include all of "http://schema.org" is a context... that will cause the JSON-LD processing to become extremely expensive... it would be better to publish a smaller C2PA context with only the terms you use, here is a similar example from physical supply chain use case: https://w3id.org/traceability

I mentioned potentially added better alignment for C2PA to VCDM v2 here: https://github.com/c2pa-org/specifications/issues/36

If there are changes you want to see, please don't hesitate to file issues.

If you have example credentials you want to see added to the v2 test suite, I am also happy to add them there.

lrosenthol commented 9 months ago

@OR13 Thanks for this! Yeah, that example is out of date and needs updating. @scouten-adobe FYI

lrosenthol commented 5 months ago

@OR13 @scouten-adobe I am going to close this one here since you are both working on this in CAWG!