doma-engineering / do-auth

Fast, lean and reliable authentication server based on verifiable credentials standard

6 stars 2 forks source link

Use "id" in "credentialSubject"s where possible #1

Closed cognivore closed 2 years ago

cognivore commented 3 years ago

Why?

Standard mandates credential subjects to be identified by their DID
It doesn't always make sense, but in vast majority of cases it does

How?

[ ] Change the logic of transact_with_keypair_from_subject_map to force the caller to provide id in the map
[ ] Accept a new misc option, something like subjectless: true to let the caller explicitly state the intent of making a credential without a subject (verifiable statement?)

To consider

Should we extend the standard with credentialStatement to address p.2 in "How"?
- Pro: keep a 100%-standard-compliant subset
- Pro: be explicit about kinds of verifiable claims we operate with
- Con: existing data structure is generic enough
- Con: abstraction strain for the users

cognivore commented 2 years ago

We don't use DIDs anymore, but rather raw PKs.