Open anotherlevel99 opened 2 years ago
@anotherlevel99 Thanks for linking!
I will review and try and propose next steps.
@anotherlevel99 The work looks very related / nearly identical in some cases, for example:
"proof": {
"type": "OpenAttestationMerkleProofSignature2018",
"proofPurpose": "assertionMethod",
"targetHash": "d9336a9ca1ecbc3cd9c7a4245bda9d4994c86cd056a436ef120481eb14a3d101",
"proofs": [
"8b315ff6e14f40022b073d32aff47022d43e3f296b98de0055bd031709c3284b"
],
"merkleRoot": "4f6339d030193e96c724b5f9520c716306ccb675ade5fa2d60ec1a8691687492",
"salts": "W3sidmFsdWUiOiJjMzc2YzE2N2E2Yzk4MGMyMDcyZGFjNDZjY2RjZGZhNWUyMTc5YWVkYTM4ZmM0OWY0MTRiMTNjNGQyMzU3Mzk5IiwicGF0aCI6InZlcnNpb24ifSx7InZhbHVlIjoiYmY2NDUyOWJlMDQ4YjY1ZDVmMGNlY2ZmOTQwOWFjZjk4MmYwMjRmNTcxMjk1ZThmODc2NTdlZGUzZDAzMzlkZCIsInBhdGgiOiJAY29udGV4dFswXSJ9LHsidmFsdWUiOiI4OTAzZTFkYWM0YmMwZjI5MDYzNTk1Y2ZmODFmYjQ5NGVjZGVkYjllNmZmYjAxZTAzYTA2ZThiYWU0ZTc1NzlkIiwicGF0aCI6IkBjb250ZXh0WzFdIn0seyJ2YWx1ZSI6ImQ2YTMwMzIxNWIxNmRmMDA1MzI1OThmNDRkMTExN2QxNjJkMTY4NTMxYzE2OTdlMjU5ZTgxYjRhMWM0OThmMzMiLCJwYXRoIjoiQGNvbnRleHRbMl0ifSx7InZhbHVlIjoiM2Q4ZmFjYTkzMWE3ZTZjYTk2MjRmZjEyYzY2MDAxOWU5OGFjM2E2ZDU0ZmNjZmNhZGUxOTc2OGNiMjdlMTlmNyIsInBhdGgiOiJpZCJ9LHsidmFsdWUiOiJmZjk1ZTQ1NDIzYTRiYjhhNGEyMjg0MTRiMmJlMWMzNWQyYjdjNGFjODRkZGQwZWYzY2FkMDNmNjU3ZWEwODY1IiwicGF0aCI6InR5cGVbMF0ifSx7InZhbHVlIjoiNTEzYTdjMjY0N2ZkZmQ4M2VjNzc5ZjNkYzgyZGI3OWNmM2IyZjkyMzQ1NTQxZWE1OTQ5YThkYTRkMGJlODliOSIsInBhdGgiOiJ0eXBlWzFdIn0seyJ2YWx1ZSI6IjY2ZDgxM2UyMTAwMDU2MGI5NmZmZGMyNGU0MzJjNzRlM2RhNzYwNzY2ZGE2NjVjZWIzMmUyNjA1NjQ4NTRlNmIiLCJwYXRoIjoidHlwZVsyXSJ9LHsidmFsdWUiOiJiYTA1ZmM4OTIzMGI2NjExODhhMDczYTkyNWY2NjY0YTM3OTU1ZjdhNGZjYzA0YjQ1NjZlZGI0YjI1NThiYmFmIiwicGF0aCI6Imlzc3VlciJ9LHsidmFsdWUiOiI1ZTY2MTI0ZDBjNDk1ZWVlZDMyMzVhYmRmMGVkZDEwNmQ3NjQxN2M1ZjljZGRhMzA1MDM4ZDY5YTkzODc1ODRkIiwicGF0aCI6Imlzc3VhbmNlRGF0ZSJ9LHsidmFsdWUiOiJmNDMzMzE4YWU5YTZlZWY2OTc5NmIwZjhlZDRmMTYxYzk0YTM5MzJkN2M0MzEyNmMzZGVmYzNjN2Q0MDYyYzhlIiwicGF0aCI6ImNyZWRlbnRpYWxTdWJqZWN0LmlkIn0seyJ2YWx1ZSI6IjUzYjQwZjc4MjM3OTgzY2QyODg1N2NiMGYzN2EyZDg0YWQ1MzRjMjU5MTMwY2U2YzU0MTQ2ZDc2MTQ3MDhlYWMiLCJwYXRoIjoiY3JlZGVudGlhbFN1YmplY3QuYWx1bW5pT2YifSx7InZhbHVlIjoiNDBlZTQ2ZDBjN2NkYWUyZTE1ZTk2MjZlYzg4ZjZmY2QzZTAwMDNhYmQwMWQ4MDM1YjBhYTVmYTg0ZTY5MzljNSIsInBhdGgiOiJvcGVuQXR0ZXN0YXRpb25NZXRhZGF0YS50ZW1wbGF0ZS5uYW1lIn0seyJ2YWx1ZSI6ImY2OWUyMGI4YWUzNjg5MjY5NjhjNTY2ZjBjOTZmYjM0ZGQ3YzlmMTg3MzY0ZmIwMTg1YTU1Zjc1YmNiZTU4ZTEiLCJwYXRoIjoib3BlbkF0dGVzdGF0aW9uTWV0YWRhdGEudGVtcGxhdGUudHlwZSJ9LHsidmFsdWUiOiI0MGI1YWZjMjg2ODM0MDliMjZjMDBmNzcwYWFkZDBhNmM2MDUzN2Q1NGU2Y2Y2MjMxMTQwN2FmMzEwNDZkYmVkIiwicGF0aCI6Im9wZW5BdHRlc3RhdGlvbk1ldGFkYXRhLnRlbXBsYXRlLnVybCJ9LHsidmFsdWUiOiIwY2IwMTI0MGRlMzIyODBiOGMyOTkwMmFmZmQ0NmJmNzcyNzQ2ZWI3NTBlMjI0YjM3YmY2MzQzODgzZWVhZjNhIiwicGF0aCI6Im9wZW5BdHRlc3RhdGlvbk1ldGFkYXRhLnByb29mLnR5cGUifSx7InZhbHVlIjoiNDE4NTdiMjhkZmM0MTJjMzc2NWM5NGFjYTIzOWRjZTE1MzgxMjVmNDgzNDc0MmU2YzZhODg5MDc5NWMyN2Q1OSIsInBhdGgiOiJvcGVuQXR0ZXN0YXRpb25NZXRhZGF0YS5wcm9vZi5tZXRob2QifSx7InZhbHVlIjoiYTNiMjljMmMzOTkwY2Q5Mzc2MTFmZTU4ZmIyZjAxYmY3NTlhYmQxNjM2ZmJhZmZjOGNiZjRmYTIzOWZiYjlkNCIsInBhdGgiOiJvcGVuQXR0ZXN0YXRpb25NZXRhZGF0YS5wcm9vZi52YWx1ZSJ9LHsidmFsdWUiOiI4Y2I0ZjIzNDI0MzgzOTE1YWNmNjBhZTRlMGNjYTI5MTgzNGNkOWU3NTU0NGJhYjQ4ZDYyYzk3YWZhZjRlN2YxIiwicGF0aCI6Im9wZW5BdHRlc3RhdGlvbk1ldGFkYXRhLmlkZW50aXR5UHJvb2YuaWRlbnRpZmllciJ9LHsidmFsdWUiOiJkMWU2OWFhYWUwZWE0ZTJhNTg2YmYzMDk0MzExZTA1OTlkZjBmMTk0MTA4NDZkZjFmZTA3MjIwNGRmNjI1Njg2IiwicGF0aCI6Im9wZW5BdHRlc3RhdGlvbk1ldGFkYXRhLmlkZW50aXR5UHJvb2YudHlwZSJ9XQ==",
"privacy": {
"obfuscated": []
}
}
I think it would be excellent to collaborate as much as possible.
This work item was created to offer an alternative to BBS+ that did not rely on pairing friendly curves or CL-Signatures.
The goal was to use boing old RFC7515 and merkle proofs to create a selective disclosure scheme that could be a drop in replacement for BBS+ LD proofs seen here: https://github.com/w3c-ccg/ldp-bbs2020
We are not considering CL at this time.
However, we are now focusing on JWP encodings for merkle proofs first, before addressing LD proofs that rely on merkle proofs.
This approach mirrors the successful work with JsonWebSignature2020, which is an LD Proof scheme built on boring old RFC7515.
So in short, merkle-disclosure-2021
is to JWP Merkle Proofs, as json-web-signature-2020
is to JWS.
From what I can see, this would not preclude the approach open attestation is taking, but it would solve a major problem you will face when attempting to rely on "standard serializations of merkle proofs"... there is no such thing, especially in the context of JOSE. Therefore I suggest we collaborate on JWP merkle proofs to solve this jointly, and then iterate on LD proofs based on it, to align them... that second step would involve conversations regarding canonicalization (URDNA2015 vs JSON Pointer, etc).
Does this make sense?
Please share this with anyone you think might have suggestions.
Hi @OR13,
I'm a contributor to https://github.com/Open-Attestation/, and I read your work with interest. At Open Attestation, we've been issuing verifiable credentials for education, health, and trade use cases, with merkle proofs to allow for selective disclosure (e.g. https://www.computerweekly.com/news/252462777/Singapore-rolls-out-blockchain-platform-for-verifying-educational-certificates).
You're right that the lack of a standard serialisations is an issue. Agree that it would be excellent to collaborate to define serialisations of merkle proofs.
What are the blockers to this repo and how can my team contribute?
hey @joelkek
There are 3 issues really.
The crypto works, and there are a few implementations with similar behavior floating around, some have been working happily for years without a standard.
I think the best path forward is to define a binary representation for merkle proofs at IETF.
I implemented a version of this here:
And have a WIP spec here:
Originally I thought I could do the proof definition and the JOSE / COSE alg bit at the same time.... thats still possible, but its a lot more work, and I wonder if we might achieve better velocity splitting these things up.
I am also involved in https://github.com/json-web-proofs/json-web-proofs which is required to solve the JOSE / COSE part... but is not yet an RFC. The meetings for that are at DIF, but it's an IETF standards track document.
TLDR;
^ if you are interested in either, I would very much welcome your help!
Hi,
I was following your post W3C's github discussion and read with interest the technical methods for Merkle Disclosure Proof.
In a related merkle disclosure project we had used Open attestation's with Merkle Disclosure proof based on user credentials. More write up of the method here: https://github.com/Open-Attestation/adr/blob/master/signature-proof-spec/spec.md
Wonder if it will be of value to the W3C community to also integrate the methods in the work item?
Thanks