search

w3c-ccg / vp-request-spec

Specification for a query language to request Verifiable Presentations from wallets etc.
https://w3c-ccg.github.io/vp-request-spec/
Other
9 stars 3 forks source link

Add more detail to DID Authentication section. #18

Closed msporny closed 2 years ago

msporny commented 2 years ago

This PR adds more detail around the DID Authentication section, including adding the didMethod and cryptosuite values.

Preview | Diff

dmitrizagidulin commented 2 years ago

Should we add a (temporary) warning that the VC v2 context doesn't exist yet, and that this is forward-looking?

David-Chadwick commented 2 years ago

Here is how OIDC4VCI provides proof of possession of the DID before issuing the VC to that did. It requires the proof type parameter and optionally the proof parameter. Currently only the jwt proof type is specified, and it must contain the iss, aud, iat and nonce (or possibly jti instead) claims. Here is an example taken from the spec

"proof":"{
  "proof_type": "jwt",
  "jwt": "eyJraWQiOiJkaWQ6ZXhhbXBsZTplYmZlYjFmNzEyZWJjNmYxYzI3NmUxMmVjMjEva2V5cy8
  xIiwiYWxnIjoiRVMyNTYiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJzNkJoZFJrcXQzIiwiYXVkIjoiaHR
  0cHM6Ly9zZXJ2ZXIuZXhhbXBsZS5jb20iLCJpYXQiOiIyMDE4LTA5LTE0VDIxOjE5OjEwWiIsIm5vbm
  NlIjoidFppZ25zbkZicCJ9.ewdkIkPV50iOeBUqMXCC_aZKPxgihac0aW9EkL1nOzM"
}

Where the jwt unencoded and without the signature comprises

{
  "alg": "ES256",
  "typ": "JWT",
  "kid":"did:example:ebfeb1f712ebc6f1c276e12ec21/keys/1"
}.
{
  "iss": "s6BhdRkqt3",
  "aud": "https://server.example.com",
  "iat": 1659145924,
  "nonce": "tZignsnFbp"
}
msporny commented 2 years ago

Multiple reviews, changes requested and made, no objections in 7 days, merging.