verifiable presentation/proof request spec

wenjing commented 4 years ago

In "vsw verify" (and corresponding rest api), the client makes an inquiry about a piece of software identified by DID-x (its verifiable credentials). The "vsw verify" command then evaluates the rule expression and returns what conditions are met by DID-x and what may not. The behavior of "vsw verify" should be specified in its manual page. Here we try to specify the language to express those queries.

i.e. a spec about what type of queries are supported and the format of that language. we intend to stay within ACA-py as much as possible but extensions may be needed to express all needed inquiries.

If necessary to break up into more manageable pieces, need to also specify which subset is required for M1, M2, ...

This work has dependency on the schemas #3 , #4, #5 and probably others as well.

As inputs to this work, we need to compile a list of threat models and what inquiries are needed.

wenjing commented 3 years ago

Merging in from #21

wenjing commented 3 years ago

I'm summarizing the conclusions from today's meeting with @fw-brice

We need to support the following types of proof requests in the PoC: (1) vsw verify only ask information contained in 1 credential by the publisher (the software credential) - the verifier checks all are valid and information is present, and display to the user. The vsw verify does not check the info itself - that task is left to the user. (2) vsw verify ask information contained in the software credential and the test credential. Do the same as (1). (3) vsw verify with an option that specify a question, e.g. release date is no older than 1 year from current date. (4) the same as (3) but with a ZKP privacy use case, e.g. software is authored by a developer who has a valid DID with a github ID without disclosing the developer's name (PII) and any other info in the credential. this is to test out CL signature/ZKP. A better example can be constructed with more detailed credentials.

The tasks to complete and close this issue:

Review technically with the ACA-py code
Document API/protocol flows
Revise the above examples as necessary
Spec out the above examples in actual CLI command syntax for testing purposes - the spec needs to precise enough for implementors and test scripts

wenjing commented 3 years ago

https://docs.google.com/document/d/10d4WvaRJjaJkpl4JLyKsbhcADJWzUsZCCtn_xxrM5qY/edit

verifiablesoftware / vsw

verifiable presentation/proof request spec #30