spruceid / ssi

Core library for decentralized identity.
https://spruceid.dev
Apache License 2.0
196 stars 61 forks source link

Support Timestamping for Signing Operations and Delegated Keys #382

Open wyc opened 2 years ago

wyc commented 2 years ago

Problem:

Use case example:

  1. As a decentralized social media user, I want to issue W3C Verifiable Credentials that indicate that I have followed someone on the platform or have 'liked' a post using my session key that was created via SIWE delegation.
  2. When I issue the VC, the verifier needs to know that my session key was used correctly to issue the VC, that is, within its validity period.
  3. By being able to demonstrate that the session key operation was bounded between two blockhashes, the verifier can be convinced that the time parameters on the SIWE request were respected, and they are not witnessing a VC created by a stolen session key in the future.

Approach:

Implementation:

wyc commented 2 years ago

Bonus: if there is a revocation strategy enabled for these signing actions.