Clarify what is and is not verified by AnonCreds and what is the responsibility of the calling framework and application

[swcurran]

Discussed on the AnonCreds Specification Working Group Call, May 8, 2023.

We need to be clear what is verified by AnonCreds and what is the responsibility of the caller to verify when using AnonCreds. For example, the following needs to be included in the AnonCreds specification.

• In general, the caller must confirm that the presentation meets the business requirements of the verifier when the cryptographic verification done by AnonCreds is successful (e.g., verified=true may not be sufficient)
• Encodings of revealed attributes must be checked by the caller.
• The trustworthiness of credential issuers is the responsibility of the caller.
  • For example, if the restrictions on a referent is by schema, any issuer could issue a credential to the holder.
  • A trust registry may be useful for that purpose.
• (To be confirmed) It is the responsibility of the verifier to make sure that all referents are included in the presentation.
  • AnonCreds will verify the cryptography of all included referents (presentations derived from source credentials), but not that all referents from the presentation request are included.
  • This can be feature in some cases, such as when the verifier requests multiple referents, but is willing to accept a presentation with only some of the referents. The AnonCreds presentation request format does not have a way for the verifier to convey that information to the holder.
• The caller must decided if it is acceptable for Holders to leave some requested attributes unrevealed.
• A caller may decide it is acceptable for a given business purpose for a presentation to be derived from a revoked credential.
  • This can be expressed by a verifier not including a revocation interval in the presentation request.

The business-purpose validity of a presentation MAY be carried out by the library/component invoking AnonCreds. For example, an Aries Framework may add some additional checks not covered by AnonCreds, such as verifying the encodings and ensuring all referents from the presentation request are included. However, there are some checks that are use case specific and can only be done by the calling application.

[swcurran]

This has been clarified in the spec. Adding to the checklist for the final review.