Review uses of challenge and domain and ensure those terms are used for VerifiablePresentaitons

w3c-ccg / vc-api

A specification for an HTTP API used to issue and verify Verifiable Credentials.

https://w3c-ccg.github.io/vc-api

Other

123 stars 47 forks source link

Review uses of challenge and domain and ensure those terms are used for VerifiablePresentaitons #402

Open aljones15 opened 2 months ago

aljones15 commented 2 months ago

While the terms challenge and domain can be used on a VC, their intended use is for Verifiable Presentations. The schema for the reponse from credentials/issue still contains a VC with domain and challenge in it. The API in general needs a once over ensuring that challenge and domain are used in the context of VerifiablePresentations.

msporny commented 2 months ago

The group discussed this on the 2024-07-23 telecon:

@dlongley noted that the specification is currently incorrect by allowing domain and challenge to be used on a VC (it should not allow that). domain and challenge must only be used on a presentation.

A PR should be raised to create two JSON schemas for the proof field -- one that is used on VCs and one that is used on VPs. The domain and challenge properties must only be used on proofs that are found on VPs.

TallTed commented 2 months ago

Issue title needs typo correction, from VerifiablePresentaitons to VerifiablePresentations.