search

mattrglobal / jsonld-signatures-bbs

A linked data proof suite for BBS+ signatures
Apache License 2.0
138 stars 42 forks source link

BBS deriveProof modifies credentialSubject of the src document #219

Open anvabr opened 1 year ago

anvabr commented 1 year ago

Problem description

Please see the test code here.

It appears that BBS deriveProof changes credentialSubject in the vc-document substituting the source field for their @id from context? The output VC looks like this:

{
    "@context": [
        "https://www.w3.org/2018/credentials/v1",
        "https://w3id.org/security/suites/bls12381-2020/v1"
    ],
    "id": "urn:uuid:d07a261f-1959-44d8-a73f-ad1a743e7794",
    "type": "VerifiableCredential",
    "credentialSubject": {
        "id": "urn:uuid:b68f27f5-e75c-465a-b494-0e049bc91207",
        "type": "https://w3id.org/traceability/#undefinedTerm#c6f68dcd-d02d-4eb4-8787-66a57a4ce00f",
        "https://www.schema.org/text": [
            {
                "type": "http://www.w3.org/2001/XMLSchema#integer",
                "@value": "1"
            },
            {
                "type": "http://www.w3.org/2001/XMLSchema#integer",
                "@value": "2"
            }
        ]
    },
    "issuanceDate": "2023-01-19T10:06:19.367Z",
    "issuer": "did:hedera:testnet:Gc5Vs4eQ8EvdPodjTz64AqoSX2JQcCsgvDntTgrsgZ1f_0.0.49251262",
    "proof": {
        "type": "BbsBlsSignatureProof2020",
        "created": "2023-01-19T10:46:38Z",
        "nonce": "CO+Z6dO6bYpLBArWrli947ZOOpk5O1SZAuFf4CI/nv/MHyIgaw1lc+JUFuEYxUAWzX8=",
        "proofPurpose": "assertionMethod",
        "proofValue": "AAsH/4rrQwwJ4hII9sxhi/kp4KfXQVVuwYdaQZCh4tziAvuleFvku5IZ/6DzZmeakkwT+KKIRFjzE690vMElUVwAQZKZelHvAXp2Yvp4iNeyX6zpPHCJD/GZ92hq+GwsgdmPwoxZFKngoqEei2LFy934r5/MYawp8oTiC/Gxtb1hymnXd0BxuSPazxTibVtDqkcovwAAAHS2Y8MKpnPWNZOpBca+kgnpoYQxx3Yg/W7lV5rSIs6bZT4DX0W9Tm6GiyQnY8TkLQ8AAAACU69uqyKvHb+Vbc1l/nMetJoQvmjR0FSvLRmJ4NeYLlNSKFCmGsaeFKwJnuiapLD+4UKv5IwFiekJ0r0vHNXYmJDagO0gazyXHcKCmzIcSmEEobu+fiWuiAIxlMpy8KXj+ZZ8GwHioRGxh/UgHX/5+QAAAAJWZ3wSliUMiJYQXnsG6IdsGeUubn2mHADTIVeNxYQMwjTRO6cs2Y/CYhZaXhbl3x2ThmiAu8VMrxplw9Ja/86c",
        "verificationMethod": "did:hedera:testnet:Gc5Vs4eQ8EvdPodjTz64AqoSX2JQcCsgvDntTgrsgZ1f_0.0.49251262#did-root-key1"
    }
}

Steps

Please see the test here

tplooker commented 1 year ago

Hi, i'm struggling to follow this test case, it appears the input document you have signed is malformed e.g some of the terms in the document are undefined (no term expansion possible) and there is a @context entry inside the credentialSubject?. The link to the steps appear to just reference this repo also?

anvabr commented 1 year ago

The link to the steps appear to just reference this repo also?

Apologies for this @tplooker, now corrected. There is an end-to-end runnable testcase in this repo that demonstrates the issue. For context, the original set of issues we raised with the transmute libraries team are here:

The test demonstrating these are here. As a point of interest, please see in the comment in the 230 by @ipbyrne referring to https://github.com/w3c-ccg/ldp-bbs2020/issues/62 and stating they are planning to deprecate support for BBS.

there is a @context entry inside the credentialSubject

We have tried various options here, moving context from the credentialSubject in to the VC context resolved the problem with name mapping, but the collision of names still seems to occur because of their '@id' in the '@context'

tplooker commented 1 year ago

@anvabr, looking at your test cases, the field you are checking for in the credentialSubject field1 is not defined in the context for the document OR the reveal document which is why it is not deriving the proof correctly or setting this fields value to NULL.

anvabr commented 1 year ago

@tplooker thank you for your comments, we are experimenting with the formatting and may have found a work around.