Closed OR13 closed 3 years ago
This is essentially a request to define what the hypothetical verifier will do in our issuer, holder, verifier ed tech web demo...
I suggest to starters, the verifier only accept VPs made by the subject described in the VC, and that they just check that the signatures are valid, and the credential type is expected.
I still think we really need to demonstrate DID Auth, but do we really need DID Auth if we are using verifiable presentations?
Sure I can get a verifiable credential for a given did, but won't the presentation be impossible to create unless I control signing keys linked to the verifiable credential subject/holder?
I think the crux of this issue is that while verifying a JWS or JSON-LD Signature is a clearly defined process. Verifying a VC or VP is defined by:
https://www.w3.org/TR/vc-data-model/#dfn-verify
What does it mean for me to create a VP of a VC membership credential issued to @christianlundkvist to the DIF verification service? Should that service only accept VPs that are signed by the subject of the VC they wrap?
There are 2 signatures here... and they can come from the same or different DIDs...
We need to define what verification means for VPs of the format:
https://jwt.io/#debugger-io?token=eyJhbGciOiJFUzI1NksiLCJ0eXAiOiJKV1QiLCJraWQiOiJkaWQ6ZWxlbTplVVJTRkVFdjZKN3MzVEotamhUX1pTNHVHUnlDRGJ3YzM0N0VXbHFwTmd3I2tleS1IZ0duSFVOVG5JUTdtSWZTbEc0VmhIc0RHTnZwb09DT3JTOWdkZUhFNFVzIn0.eyJqdGkiOiJ1cm46dXVpZDoxZGQ2NGU1OC03OTk0LTRiZjEtOTc0YS03NWNmOTQwMzMzMTEiLCJpc3MiOiJkaWQ6ZWxlbTplVVJTRkVFdjZKN3MzVEotamhUX1pTNHVHUnlDRGJ3YzM0N0VXbHFwTmd3IiwiYXVkIjoiZGlkOmV4YW1wbGU6MTIzIiwiaWF0IjoxNTY3NzkyMzQxLCJuYmYiOjE1Njc3OTIzNDEsImV4cCI6MTkyNzc4ODc0MSwidnAiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiLCJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy9leGFtcGxlcy92MSJdLCJ0eXBlIjpbIlZlcmlmaWFibGVQcmVzZW50YXRpb24iLCJDcmVkZW50aWFsTWFuYWdlclByZXNlbnRhdGlvbiJdLCJ2ZXJpZmlhYmxlQ3JlZGVudGlhbCI6WyJleUpoYkdjaU9pSkZVekkxTmtzaUxDSjBlWEFpT2lKS1YxUWlMQ0pyYVdRaU9pSmthV1E2Wld4bGJUcGxWVkpUUmtWRmRqWktOM016VkVvdGFtaFVYMXBUTkhWSFVubERSR0ozWXpNME4wVlhiSEZ3VG1kM0kydGxlUzFJWjBkdVNGVk9WRzVKVVRkdFNXWlRiRWMwVm1oSWMwUkhUblp3YjA5RFQzSlRPV2RrWlVoRk5GVnpJbjAuZXlKemRXSWlPaUprYVdRNlpYaGhiWEJzWlRveE1qTWlMQ0pxZEdraU9pSjFjbTQ2ZFhWcFpEbzNPRFkxWkRBMFlTMDFabVZsTFRRMFpHUXRZV0U1TlMwME9UZ3dZemd6Wm1JME1qWWlMQ0pwYzNNaU9pSmthV1E2Wld4bGJUcGxWVkpUUmtWRmRqWktOM016VkVvdGFtaFVYMXBUTkhWSFVubERSR0ozWXpNME4wVlhiSEZ3VG1kM0lpd2lhV0YwSWpveE5UWTNOemt5TXpNMExDSnVZbVlpT2pFMU5qYzNPVEl6TXpRc0ltVjRjQ0k2TVRreU56YzRPRGN6TkN3aWRtTWlPbnNpUUdOdmJuUmxlSFFpT2xzaWFIUjBjSE02THk5M2QzY3Vkek11YjNKbkx6SXdNVGd2WTNKbFpHVnVkR2xoYkhNdmRqRWlMQ0pvZEhSd2N6b3ZMM2QzZHk1M015NXZjbWN2TWpBeE9DOWpjbVZrWlc1MGFXRnNjeTlsZUdGdGNHeGxjeTkyTVNKZExDSjBlWEJsSWpwYklsWmxjbWxtYVdGaWJHVkRjbVZrWlc1MGFXRnNJaXdpVlc1cGRtVnljMmwwZVVSbFozSmxaVU55WldSbGJuUnBZV3dpWFN3aVkzSmxaR1Z1ZEdsaGJGTjFZbXBsWTNRaU9uc2laR1ZuY21WbElqcDdJblI1Y0dVaU9pSkNZV05vWld4dmNrUmxaM0psWlNJc0luVnVhWFpsY25OcGRIa2lPaUpOU1ZRaWZYMTlmUS4tV295SGpBNkFGLUZscUpPTXZzMHhoZTBlZ0thMFRjTWllZDJsbEkzVUE1TGhTaWk5RHRiSEdwbkI5ZWNXa3dmYjJUdmdYZVY3dmpMVTl0Mk9OOExKQSJdfX0.asTnrgdyWYOuLxAMYNtKBpEFWjm2Ih0yI7nfxCrM-Sx56-9Xgcge2w-QNzECcijbWbwnPAiycM78W6ODi0lhXg
In particular how are the VC and VP issuer related or not.