Closed kimdhamilton closed 1 year ago
The latest updates on your projects. Learn more about Vercel for Git ↗︎
Name | Status | Preview | Comments | Updated |
---|---|---|---|---|
verity-demo-site | ✅ Ready (Inspect) | Visit Preview | 💬 Add your feedback | Mar 12, 2023 at 8:56PM (UTC) |
verity-docs | ✅ Ready (Inspect) | Visit Preview | 💬 Add your feedback | Mar 12, 2023 at 8:56PM (UTC) |
This all makes sense to me, and nothing better comes to mind for evaluateX = decodeX + validateX
, TBH.
Thoughts:
i.e.
const signedSubmission = await composePresentationSubmission(
signer, // does the crypto signing
presentationDefinition, // provided by verifier -- note that we use this in building the submission for descriptor mapping
signedCredentials // composed from credential payloads matching presentation definition requirements (based on appropriate schemata)
)
const signedCredentials = await composeVerifiableCredentials(
signer, // does the crypto signing
credentialSchema, // validate before signing against the schema of the relevant use case, i.e. Verite schemata
credentials // raw credential payloads
)
As always, all three are just suggestions, feel free to override if there are counterveiling reasons not to do it this way that i'm not seeing ut here, far from the refactoring and sausage-making. Pumped on the general direction, regardless!
@bumblefudge great suggestions, thanks! Updates coming soon
Goals
Status
This is part one of a major refactor to make the libraries more enjoyable to developers, supporting more composable construction and layering. There are a few intermediate patterns to support breaking down the work into slightly more bite-sized chunks, and the need for some will go away.
For the moment, a lot of unification and simplification were achieved by establishing a consistent pattern for creation and consumption of objects. This is an intermediate checkpoint.
Because these are breaking changes, the npm library will be versioned and updated accordingly with the complete batch of changes, ETA later this week
Creation
composeX = buildX + signX
The general contract I'm using is "build" constructs an object that's ready to be handed over to a did-jwt-vc library for signing. These objects include VC spec objects (VCs/VPs) as well as CM/PE objects.
Example:
composePresentationSubmission
is a wrapper / convenience method forbuildPresentationSubmission
andsignPresentationSubmission
So, wallet code could pass the matching credentials to the convenience wrapper as follows:
OR, call them separately like this:
Clarifications:
For us, a Presentation Submission is simply a signed VP, so
signPresentationSubmission
simply passes through to did-jwt-vc signVP. This aliasing may be less or more confusing to people. But note that it also gives type safety and clarity, which is why I opted for it.Also note that sign* libraries for us result in JWT-encoded objects, because we are using did-jwt-vc.
Consumption
This applies to accepting and assessing input from another party; e.g. a verifier receives a Presentation Submission and wants to:
evaluateX = decodeX + validateX
Wait, where did step 2 go? Well, again, with JWTs, 1 & 2 get folded, and so I picked the name that made the most sense when I looked at usage. This came at the expense of "hiding" that verification is also happening.
Example:
Verifier gets a signed/encoded presentation submission and calls:
Or, they can call the wrapped functions. Again, this has the advantage
Notes:
decode
won oververify
because verify (IMO) looks confusing. It's a JWT coming in, so you can't do anything until you decode it. In JWT world, verifying as a side effect of decoding seems more intuitive than decode as a side effect of verifying I guess?The tl;dr is that we're (in theory) making the verite libs more separable from the underlying signing/verifying libs, making it easier for consumers of verite to mix and match verite layers, PE/CM layers, and VP/VC layers. Decisions were made along the way that may be imperfect...
Remaining TODO
Addresses #346