search

w3c / vc-data-model-2.0-test-suite

W3C Verifiable Credentials v2.0 test suite
https://w3c.github.io/vc-data-model-2.0-test-suite/
Other
9 stars 10 forks source link

Prevent `@vocab` catch-all for types as URL test. #66

Closed BigBlueHat closed 1 month ago

BigBlueHat commented 2 months ago

The @vocab catch-all would mean that any compliant processor would always only ever create URLs...even it invalid. Setting @vocab to null should prevent that...which should cause a rejection.

BigBlueHat commented 1 month ago

just to make sure, by setting @vocab: null that means no vocab is allowed which means a json-ld processor can't just invent a vocab term for something? My apologies if my language is not clear here.

@aljones15 term definitions are still possible, this just avoids the "catch-all" situation provided by some contexts. The danger being that those contexts allow any data to blindly be added into the graph sticking all of it under whatever they set for @vocab. That may be fine in a less secure scenario, but it's not fine when you want to deliberately constrain what data/graph/properties may be used. Happy to chat about it if that's still unclear.