w3c-ccg / community

COMMUNITY: W3C Credentials Community Group Community Repo
https://w3c-ccg.github.io/community
Other
41 stars 6 forks source link

[PROPOSED WORK ITEM] Eip712Signature2021 #194

Closed awoie closed 3 years ago

awoie commented 3 years ago

New Work Item Proposal

See W3C-CCG New Work Item Process

Include Link to Abstract or Draft

Describes an Ethereum EIP712 Signature Suite created in 2021 for the Linked Data Proof specification. The Signature Suite utilizes EIP712 signatures.

List Owners

Identify 1 lead (person responsible for advancing the work item) and at least 1 other owner. Ideally, include their github usernames

Lead:

Other owners:

Work Item Questions

Answer the following questions in order to document how you are meeting the requirements for a new work item at the W3C Credentials Community Group. Please note if this work item supports the Silicon Valley Innovation program or another government or private sector project.

  1. Explain what you are trying to do using no jargon or acronyms.

General goal is to foster SSI adoption. Ethereum wallets are used by a large community, e.g., >5M MetaMask users. Ethereum wallets are different from SSI wallets, but they can be used for secure key management and expose certain JSON RPC APIs.

A typial flow is, a wallet injects as certain JS object (web3 provider) into the DOM tree, and the website invokes JSON RPC calls on that object. The object can be implemented in various ways without vendor lock-in.

Changing JSON RPC APIs of Ethereum wallets would require a lot of work and is not an option. However, Ethereum wallets implement EIP712 which is a way to sign over human-readable data.

The idea is to use Ethereum wallets for signing LD-Proofs using the signature algorithm that is proposed in EIP712. The signature algorithm is based on Secp256k1 but requires some data transformation. For this reason, exisintg LD-Proof Suites cannot be used. This proposal is about introducing a new LD-Proof Suite that allows Ethereum wallets to sign over human-readable data through EIP712.

Those LD-Proofs can then be used for ZCap-LD, Verifiable Credentials and Presentations. Verifiers won't necessarily need access to Ethereum to verify those signatures.

  1. How is it done today, and what are the limits of the current practice?

Today, SSI wallet implementations require either an internal KMS or an external KMS (hosted as a service). For fully backend-less applications, access to external KMS' might not be an option. Some applications, e.g., decentralized applications with no backend (e.g., in the browser) don't have access to a secure data (key) storage. External KMS' also introduce an adoption barrier in certain communities.

Ethereum Wallets are in production and are available to address those needs for a larger community.

  1. What is new in your approach and why do you think it will be successful?

Ethereum wallets will be able issue and present Verifiable Credentials, create ZCaps or more generally, sign over human-readable data that is compatible with the W3C (CCG) specification stack.

NOTE: for those people who use DIDs, there is no requirement for a certain DID method.

wyc commented 3 years ago

I'd like to sign up as a co-owner of this work item if that's okay @awoie. I will therefore recuse myself of evaluating the merits of this work item and defer to @vsnt. Thanks!

msporny commented 3 years ago

Digital Bazaar is supportive of this work item for at least the following reasons:

In short, it's a model specification that innovates on top of the Linked Data Signature work in interesting ways.

awoie commented 3 years ago

I'd like to sign up as a co-owner of this work item if that's okay @awoie. I will therefore recuse myself of evaluating the merits of this work item and defer to @vsnt. Thanks!

Happy to make you a co-owner @wyc

vsnt commented 3 years ago

Sounds like an interesting project. @wyc can you add it to the CCG agenda for Tuesday for discussion, community feedback and next steps? Thanks.

wyc commented 3 years ago

Sure thing, will do.

wyc commented 3 years ago

@vsnt are we okay to proceed with this work item? Can open an issue to add an informative README to the new repo.

clehner commented 3 years ago

Spruce is implementing this signature suite in Rust: https://github.com/spruceid/ssi/pull/213

vsnt commented 3 years ago

Ok to proceed, please include detailed information in a readme, as requested in the CCG call.

wyc commented 3 years ago

Opened https://github.com/w3c-ccg/ethereum-eip712-signature-2021-spec with related issues including README update, added to registry on the community page via https://github.com/w3c-ccg/community/pull/199.

wyc commented 3 years ago

Reopening to communicate to everyone the series of non-material actions here:

wyc commented 3 years ago

This has been completed.