Closed iherman closed 1 year ago
Thank you for filing this. Still digesting it.
Similar to the argument regarding media types, we should avoid creating new RDF classes if we don't need them.
As a personal opinion (i.e., with my staff contact's hat put down) I would be strongly in favour of the first alternative, ie, the subclassing approach. It keeps the vocabulary simple, and it corresponds, ontologically, to the fact that a verifiable credential is a credential...
IFF we introduce the Credential
term, then I agree with Ivan's statement that
VerifiableCredential is a subclass of Credential
That said, my opinion is that we should NOT introduce the term. I'm in favor of only having VerifiableCredential
defined. It simplifies the spec on multiple aspects. I would also be favorable to renaming the VerifiableCredential
term to something else, that doesn't elevate the verification aspect above other normatively required properties.
Let me elaborate on why I think we should only have a single term.
We can informatively refer to something as a Credential
, with the understanding that it's a VerifiableCredential
without proof associated with it. But to refer to it normatively, then I ask myself the following: Which required fields justify having a separate term to describe an object where that field isn't present?
For example, what is a VerifiableCredential
without @context
? Is that a SemanticlessVerifiableCredential
? Would a TypelessVerifiableCredential
make sense? A SubjectlessCredential
? AnonCredential
(perhaps one without an issuer and without a proof)?
The conclusion I arrive to is that there already exists a brand (which is also a normative term) called VerifiableCredential
, and we're giving special treatment to the proof
field only because the brand name is the composition of two words (Verifiable
and Credential
).
I don't know the history as to why that name was chosen, and that's something I'd love to learn. If today we were referring to VCs with the alternative brand names (like w3c-creds
, a made up word like Vecred
, or a completely different term like Ocred
), then it is my belief that it would be clear that a new term is not needed.
Furthermore, I would suggest we replace the use of the term Credential
in the spec (like what's used in the examples), and instead use the term Unsecured VC
.
@msporny @dlongley would love to hear your thoughts on this.
I would prefer not to make implementations more complicated by having to use Credential
in the type
field. I think we can solve this problem by ensuring the vocab says VerifiableCredential
is a subclass of Credential
and then we continue to just use VerifiableCredential
in the type
field.
I would prefer not to make implementations more complicated by having to use
Credential
in thetype
field. I think we can solve this problem by ensuring the vocab saysVerifiableCredential
is a subclass ofCredential
and then we continue to just useVerifiableCredential
in thetype
field.
@dlongley just to understand what you propose:
Credential
class in the vocabulary, as a superclass to VerifiableCredential
, and modify the vocabulary that way (ie, by adjusting the domains and ranges accordinglyI do have a clear opinion on (1) (which is a "yes!") but I do not have a clear opinion on (2), so I let you guys decide on that. I am not a VC implementer, nor am I a familiarity with that community, and I am obviously biased by my background...
@iherman,
Yes, to 1 and 2 -- I'm trying to find a middle ground where we can do the vocabulary properly and keep implementations simple.
I'll be saying similar things to the following in a few threads, I think, as overlapping topics are being covered in multiple issues...
We must remember that classes and subclasses (a/k/a types and subtypes) do not necessarily require differentiation in their Media Types, and in fact, some subtypes SHOULD NOT have a Media sub-Type — such as the EncryptedStrawManDocument
subtype of StrawManDocument
— because the encryption changes the content of an application/encrypted+credential+ld+json
document sufficiently that trying to fall back and handle it as an unencrypted application/credential+ld+json
document will be an utter failure — unless the encrypted payload (which might have any of a number of Media Types (a/k/a formats)) is just one piece of the application/credential+ld+json
.
I am firmly convinced that we need Credential
and VerifiableCredential
types. I am less convinced though leaning toward Presentation
and VerifiablePresentation
types. I am becoming significantly less convinced of the utility — not to mention compliance with Media Type rules — of application/verifiable+presentation+ld+json
vs application/presentation+ld+json
.
This comment does not represent completed thoughts, but I thought it more important to start others thinking about the same things, than to finish the picture myself.
The issue was discussed in a meeting on 2023-02-28
I am opposed to defining RDF that has no impact or use for implementers.
I am opposed to an RDF type called Credential
that would contain proof
just like VerifiableCredential
currently does.
I agree with @OR13 that having an RDF type called Credential
that contains a proof
would be misleading.
@TallTed There is no @context
definition for Credential
...
Your assertion that https://www.w3.org/2018/credentials#Credential
exists and is a subtype is false, that is a proposal (discussed in this issue).
Only https://www.w3.org/2018/credentials#VerifiableCredential
exists.
I assume eventually this issue will become a PR to create the subtype relationship or it will be closed.
That PR would need to modify this vocabulary: https://www.w3.org/2018/credentials/
I am not sure what the controversy is all about, @OR13 @TallTed. This issue asks whether there is a need for a separation between the Credential
and VerifiableCredential
types. I have the feeling that there is a relative consensus that yes, that would be good. If that is correct, I am happy to do a PR that puts that into practice. If it is incorrect, I do not do anything...
If Credential
is like VerifiableCredential
but does not contain proof
, what other use will this Class have?
I am in favor of creating clarity if the classes will have some use to implementers, and if they do not create further semantic confusion.
"Credential": {
"@id": "https://www.w3.org/2018/credentials#Credential",
"@context": {
"@protected": true,
"id": "@id",
"type": "@type",
"credentialSchema": {
"@id": "https://www.w3.org/2018/credentials#credentialSchema",
"@type": "@id"
},
"credentialStatus": {
"@id": "https://www.w3.org/2018/credentials#credentialStatus",
"@type": "@id"
},
"credentialSubject": {
"@id": "https://www.w3.org/2018/credentials#credentialSubject",
"@type": "@id"
},
"description": {
"@id": "https://schema.org/description",
"@type": "http://www.w3.org/2001/XMLSchema#string"
},
"evidence": {
"@id": "https://www.w3.org/2018/credentials#evidence",
"@type": "@id"
},
"holder": {
"@id": "https://www.w3.org/2018/credentials#holder",
"@type": "@id"
},
"issued": {
"@id": "https://www.w3.org/2018/credentials#issued",
"@type": "http://www.w3.org/2001/XMLSchema#dateTime"
},
"issuer": {
"@id": "https://www.w3.org/2018/credentials#issuer",
"@type": "@id"
},
"name": {
"@id": "https://schema.org/description",
"@type": "http://www.w3.org/2001/XMLSchema#string"
},
"proof": { // proof is included here....
"@id": "https://w3id.org/security#proof",
"@type": "@id",
"@container": "@graph"
},
"refreshService": {
"@id": "https://www.w3.org/2018/credentials#refreshService",
"@type": "@id"
},
"termsOfUse": {
"@id": "https://www.w3.org/2018/credentials#termsOfUse",
"@type": "@id"
}
}
},
"Credential": {
"@id": "https://www.w3.org/2018/credentials#Credential",
"@context": {
"@protected": true,
"id": "@id",
"type": "@type",
// proof has been removed here.
"credentialSchema": {
"@id": "https://www.w3.org/2018/credentials#credentialSchema",
"@type": "@id"
},
"credentialStatus": {
"@id": "https://www.w3.org/2018/credentials#credentialStatus",
"@type": "@id"
},
"credentialSubject": {
"@id": "https://www.w3.org/2018/credentials#credentialSubject",
"@type": "@id"
},
"description": {
"@id": "https://schema.org/description",
"@type": "http://www.w3.org/2001/XMLSchema#string"
},
"evidence": {
"@id": "https://www.w3.org/2018/credentials#evidence",
"@type": "@id"
},
"holder": {
"@id": "https://www.w3.org/2018/credentials#holder",
"@type": "@id"
},
"issued": {
"@id": "https://www.w3.org/2018/credentials#issued",
"@type": "http://www.w3.org/2001/XMLSchema#dateTime"
},
"issuer": {
"@id": "https://www.w3.org/2018/credentials#issuer",
"@type": "@id"
},
"name": {
"@id": "https://schema.org/description",
"@type": "http://www.w3.org/2001/XMLSchema#string"
},
"refreshService": {
"@id": "https://www.w3.org/2018/credentials#refreshService",
"@type": "@id"
},
"termsOfUse": {
"@id": "https://www.w3.org/2018/credentials#termsOfUse",
"@type": "@id"
}
}
},
The "controversy" is some working group members appear to want to have the word "credential" and "verifiable credential" apply to the exact same bytes. Other working group members feel this is confusing and undermines the meaning of both terms.
This confusion is playing out in "media types", "spec definitions" and "rdf classes".
@dlongley @msporny Do you think adding option 1 would help clarify your postion that "credential" can have a "proof?... Do you agree we should attempt to define "Credential" in RDF?
I am most inclined to drop VerifiableCredential
(and application/verifiable+credential+ld+json
, application/vc+ld+json
, etc.), and keep Credential
(and application/credential+ld+json
, etc.).
Whether or not it's verifiable is not a question of its structure, which goes to media type, but a question of the bits held in that structure, which goes to business logic.
It may not be worth having a media type for this at all.
@OR13 wrote:
I am opposed to an RDF type called Credential that would contain proof just like VerifiableCredential currently does.
I don't think anyone is saying "would"... folks seem to be saying "could"... because it's an open world model... any subject can be associated with any predicate unless there is a higher level rule that says it shouldn't... but that's not enforced at the RDF or JSON-LD layer... it's enforced at the VC Data Model layer.
So, for example, if we are producing a JSON-LD Context for Credential
, your Option 2 is probably fine as long as we don't prohibit someone from pulling in another JSON-LD Context that allows proof
on Credential
. <-- I believe that's the thing that most of the folks arguing against banning proof
in Credential
are saying... but I cringe saying all of that because I don't think most developers will care that much about Credential
being defined in the JSON-LD Context since they'll largely be working with VerifiableCredential
s... Credential
s by themselves have very limited value in the real world, IMHO. The class /does/ have value in the RDF model, however, because it provides a very clear mapping between the terminology in the spec and the RDF classes in the data model.
IOW, we were explicit in conceptually differentiating a credential
from a verifiable credential
in the v1.0 and v1.1 specification because it was a question that came up repeatedly. The specification makes this distinction one hundred and seventeen (117) times (I just went through and counted). So, and I'm not saying anyone is asserting this, but just to be clear -- I don't think the WG made that distinction on accident. :)
@dlongley @msporny Do you think adding option 1 would help clarify your postion that "credential" can have a "proof?... Do you agree we should attempt to define "Credential" in RDF?
I think we should define Credential
in RDF so the formal data model hangs together, and I think we should not add it to the JSON-LD Context (because I don't expect developers to find it useful in practice). If developers want to use Credential
, they can create their own JSON-LD Context for it.
We should separate at least three of the discussions that are happening here:
Credential
and VerifiableCredential
modeled from an RDF perspective? (this is largely an academic discussion, but an important one to ensure we're going to be logically consistent in how the entire spec is written). At present, we're logically consistent (or very close) w/ the usage of credential
vs. verifiable credential
in the spec today.Credential
(is it necessary to do so)? (this is largely an implementation consideration)Credential
useful to developers? (this is largely an academic consideration)I'll try to provide thoughts on each one separately:
How is
Credential
andVerifiableCredential
modeled from an RDF perspective? (this is largely an academic discussion, but an important one to ensure we're going to be logically consistent in how the entire spec is written).
We make the distinction between credential
and verifiable credential
around 117 times in the spec today. We shouldn't remove the distinction. Since there is a distinction, it makes sense to reflect that in the RDF vocabulary.
How are we going to construct the JSON-LD Context for
Credential
(is it necessary to do so)? (this is largely an implementation consideration)
I don't think we have anyone using Credential
today (because it's not defined), and if we were to define it, I'm struggling to understand what use case it helps developers solve. I'd venture to guess that most developers today care about creating VerifiableCredential
s... not Credential
s. The only use of Credential
that I can think of is to be academically pure in creating something that you send into a piece of software that immediately turns it into a VerifiableCredential
. The benefits of referring to something as a Credential
seem to be slim to none.
As such, I don't see a need to put this in the base JSON-LD Context... but we shouldn't prevent someone from creating their own JSON-LD Context that uses the concept. Perhaps when VC v3.0 rolls around, there'll be a set of use cases that demonstrate why having Credential
in the base context is useful.
Is the data structure for
Credential
useful to developers? (this is largely an academic consideration)
Same argument as above... I expect the answer to be: "It's not useful at this point in time other than to convey the logical data model for the ecosystem".
So, to summarize:
Credential
and VerifiableCredential
in the data model.Credential
in the JSON-LD Context.... with the caveat that I might feel differently about this next week. :P
@TallTed wrote:
I am most inclined to drop
VerifiableCredential
(andapplication/verifiable+credential+ld+json
,application/vc+ld+json
, etc.), and keepCredential
(andapplication/credential+ld+json
, etc.).
I think I'm inclined to go the other way, @TallTed. Let's define application/vc+ld+json
, which MUST/SHOULD contain proof
and drop application/credential+ld+json
... and use the same logic you applied above:
Whether or not it's verifiable is not a question of its structure, which goes to media type, but a question of the bits held in that structure, which goes to business logic.
:)
I'd rather optimize for what developers will be working with most of the time, which is to use and express verifiable credentials... the whole concept of a Credential
is interesting, but largely useless when it comes to what implementations will be dealing with the vast majority of the time.
To answer the question of "Well, then what media type do you send an HTTP endpoint to add a proof to a credential" could be: application/ld+json
... or even application/json
. Thoughts?
@OR13,
You are presenting two JSON-LD @context
files, and that is not relevant here. @context
≠ vocabulary. I am talking about the underlying vocabulary, which is a different thing altogether.
If
Credential
is likeVerifiableCredential
but does not contain proof, what other use will this Class have?
The vocabulary/ontology is there to clarify our thoughts, first of all, and I would not underestimate that. But, from a practical point of view, if the vocabulary is used as an ontology for reasoning in a Linked Data context, an RDFS/OWL reasoner would deduce, when seeing a proof
property on a credential, that it is indeed a verifiable credential. This is how the deduction mechanism works in RDF/RDFS/OWL & Co. Whether this is something useful in the VC case, I cannot judge; whether it is useful if a VC is included in a larger knowledge graph: probably; whether a VC is ever included in a knowledge graph: I have no idea.
@msporny,
I think I'm inclined to go the other way, @TallTed. Let's define application/vc+ld+json, which MUST/SHOULD contain proof and drop application/credential+ld+json...
This ship may have sailed already... but I sympathize with your opinion. The only thing this issue says: if we do make this strong separation between credentials and verifiable credentials conceptually, the vocabulary should reflect that (at least in my view). If we decide that we keep vc+ld+json
only, then this specific issue is moot.
I'd rather optimize for what developers will be working with most of the time, which is to use and express verifiable credentials... the whole concept of a Credential is interesting, but largely useless when it comes to what implementations will be dealing with the vast majority of the time.
I tend to agree with you, but I am not a VC implementer...
@msporny
Let's define
application/vc+ld+json
, which MUST/SHOULD contain proof and dropapplication/credential+ld+json
... and use the same logic you applied above.
I think with a MAY
it aligns exactly with the current RDF definition for VerifiableCredential
.
In the spec with the caveat that the "proof" can be "embedded" or "external" this aligns with the term "verifiable credential".
We need to be careful with proof
since it introduces bias towards "securing formats", since some use "external proofs".
... your Option 2 is probably fine as long as we don't prohibit someone from pulling in another JSON-LD Context that allows proof on Credential.
I think this is where the strongest disagreement exists.
There are 2 considerations:
How does @protected
impact this? similar to https://github.com/w3c/vc-data-model/blob/main/contexts/credentials/v2#L12
Why would an implementer not use type
and multiple inheritance to add proof
.
If proof
is added can it be different than the proof
in VerifiableCredential
.
If answer to 3 is no, what are the actual differences at the information level between Credential
and VerifiableCredential
.
As a general rule, a new RDF type should be used when there is new information to represent.
I still don't understand what "new information" would exist, between "Credential" and "VerifiableCredential"... the current arguments in favor of allowing "proof" in "Credential" make me believe there is no new information, and we should therefore NOT define "Credential".
I think I would be fine with us dropping any formal discussion of "Credential"/"credential" and keeping all of that as informal discussion in the spec.
This would include changing application/credential+ld+json
to application/vc+ld+json
(if we prefer the shortened vc
, but that's bikeshedding) and only using VerifiableCredential
in the data model in the type
field. The new "base media type" would be application/vc+ld+json
(bikeshedding aside), with no other side effects to any other decisions previously made. I think this could simplify things for implementers and perhaps help address some of Orie's concerns. We already know that this is how people have been working with the 1.1 spec with success thus far.
To emphasize, it would be vital that this would not undo other decisions and create more work for the WG -- the idea here is to simplify and reduce work. So if the above would do that and we can get consensus around it, then I'd be for it.
[@msporny] Let's define
application/vc+ld+json
, which MUST/SHOULD containproof
and dropapplication/credential+ld+json
Change that MUST/SHOULD
to MAY
and I'm OK with it. application/vc+ld+json
describes the data structure of a credential, which may (verifiable) or may not (unverifiable) include crypto signature and/or encryption.
I might be OK with SHOULD
, but I'm inclined against it, and I'm definitely not OK with MUST
— unless the value of proof
may be NULL
(or functional equivalent) in both cases.
Just as we don't know every use to which verifiable credentials may be put, I don't believe we know every use to which unverifiable credentials may be put, and I want to preserve sufficient flexibility that another "thing" won't be required to satisfy those unverifiable credential use cases.
[@OR13] We need to be careful with
proof
since it introduces bias towards "securing formats", since some use "external proofs".
I'd be fine with changing most, probably all, instances of proof
to cryptographic signing and/or encryption information
or the like.
In my opinion the confusion between credential and verifiableCredential has led to issues around which metadata was tied to the credential and which was tied to the verifiableCredential. So the validity period of the credential became confused with the validity period of the cryptographic proof, whilst the ID of the credential became confused with the ID of the proof/signature. Clearly Orie's Option 1 above continues this confusion by inserting a proof property into a credential. The credential does not have a proof property. If it does then it is by definition verifiable, so is a verifiableCredential
I have set up a PR (#1057) to focus the discussion. The possible changes (or not) on media types or context files are, though related, separate issues...
[@David-Chadwick] The credential does not have a proof property. If it does then it is by definition verifiable, so is a verifiableCredential
A proof
property does not render the credential verifiable unless it has an appropriate value. An empty proof
property might be included in a non-verifiable credential (or "credential") — or in a verifiable credential for which there is an associated external proof.
The presence of the proof
property in a "credential" of indeterminate verifiability is not enough in itself to "by definition" make that "credential" "verifiable".
The presence of the proof property in a "credential" of indeterminate verifiability is not enough in itself to "by definition" make that "credential" "verifiable".
The spec sorta disagrees with this point, though I admit that I have seen this part of the spec consistently disputed by WG members.
At least one proof mechanism, and the details necessary to evaluate that proof, MUST be expressed for a credential or presentation to be a verifiable credential or verifiable presentation; that is, to be verifiable.
Note the use of the MUST... which is normative, and requires a "test".
Perhaps the spec text is so poor, we must admit that it is never interpreted consistently.
At least one proof mechanism, and the details necessary to evaluate that proof, MUST be expressed for a credential or presentation to be a verifiable credential or verifiable presentation; that is, to be verifiable.
This does not require that such a proof mechanism be expressed via a proof
property within a credential, nor does it say that a proof
property (if present) must be populated with any specific value(s).
Perhaps the spec text is so poor, we must admit that it is never interpreted consistently.
I will concede this possibility, and continue to strive for better text, toward more consistent (though perhaps never perfectly so) interpretation, particularly but not only because we are actively working on a v2 that is generally if not universally expected to improve on v1.
This does not require that such a proof mechanism be expressed via a proof property within a credential, nor does it say that a proof property (if present) must be populated with any specific value(s).
100% agree... I think the problem is that it is not clear to the WG if a "well formed" "proof" property is sufficient to satisfy the MUST.
The problem with this ambiguity is:
...
A proof property does not render the credential verifiable unless it has an appropriate value.
I tend to disagree. Even if a verifiable credential has an appropriate value, the credential could still have been revoked and is therefore not verifiable (for example, an imposter could have stolen the issuer's private key, issued the VC, and then the issuer, upon finding out the theft, revokes all issued VCs).
So I maintain that a credential with a proof property is a verifiable credential. The proof property may be badly formatted, null, or use a weak algorithm with known flaws. Nevertheless it is verifiable, but the result of the verification process will yield the result of positive or negative verification.
p.s. Verifiable does not mean verified
p.s. Verifiable does not mean verified
Yes, I tend to agree with @David-Chadwick here as well.
It seems as if talking about a Credential
being secured or not has turned out to be a dicey proposition.
However, talking about a VerifiableCredential
tagged with a media type of application/vc+*
that MUST be secured IN SOME WAY (as PR #1055 is attempting to do) as a mandatory requirement for it to be considered a "verifiable credential" is probably a conversation that could make some progress. Once we decide that, we could come back to this discussion.
I'm increasingly doubtful that normatively formalizing a Credential
or a Presentation
adds much value. That's not to say it has some value, but the juice doesn't seem to be worth the squeeze.
The issue was discussed in a meeting on 2023-04-12
talking about a
VerifiableCredential
tagged with a media type ofapplication/vc+*
that MUST be secured IN SOME WAY (as PR https://github.com/w3c/vc-data-model/pull/1055 is attempting to do) as a mandatory requirement for it to be considered a "verifiable credential" is probably a conversation that could make some progress.
It's not going to make much progress with me.
A verifiable something is something which can be secured, to the extent that "securing" means "providing means by which to confirm that its content has not been tampered with, and to discover its issuer".
Specific use cases may choose to use weak tools of various kinds, and still work with (weakly) verifiable credentials.
The full structure of a VC can be complied with, and the V can always fail, and the document is still a VC, to my mind. What happens with the business logic thereafter is beyond our remit.
talking about a
VerifiableCredential
tagged with a media type ofapplication/vc+*
that MUST be secured IN SOME WAY (as PR #1055 is attempting to do) as a mandatory requirement for it to be considered a "verifiable credential" is probably a conversation that could make some progress.It's not going to make much progress with me.
:)
A verifiable something is something which can be secured, to the extent that "securing" means "providing means by which to confirm that its content has not been tampered with, and to discover its issuer".
I'm not sure that's a useful definition... anything can be secured, so if that's your definition, it applies to anything, which makes the distinction not worth much.
I'd argue that one of the things that makes the work this group is doing important is the notion that we're not just saying "anything can be secured"... we're saying: "We expect the VCDM to be secured in these normative ways."
Specific use cases may choose to use weak tools of various kinds, and still work with (weakly) verifiable credentials.
Yeah, that's exactly the sort of slippery slope I'd like us to stay away from, because we can already see vendors trying to rebrand their "weakly verifiable credentials" as "verifiable credentials". There's an active dilution in the sort of verifiability and interoperability that we, as a WG, expect... and that's the thing I'm taking issue with.
The full structure of a VC can be complied with, and the V can always fail, and the document is still a VC, to my mind. What happens with the business logic thereafter is beyond our remit.
Slippery slope... I get what you're saying, and don't entirely disagree with it... it's how vendors will twist your intention that worries me.
Can you think of some clauses that would make it harder for vendors to twist your intention?
PS: This is neither here nor there for this particular issue, it's marked pending close and should be closed. @TallTed I'm wondering if we need a new issue for whatever it is that we're discussing here. :)
Much like the DID Rubric, I think there are some number of attributes of VCs which represent tradeoffs relevant to different deployments/use-cases.
It's appropriate for us to make it as easy as possible for end users to evaluate the VCs from various vendors, and determine whether the strength of their signatures, encryption, etc., is sufficient for their comfort. Hopefully, there will be more than one VC implementation vendor vying for each deployment scenario, and the stronger will win out.
Though some additional comments have been made, no objections have been raised since being marked pending close
, closing.
(This discussion may belong to the comment thread of #1014, but it is not commenting on the main line of the discussion. I have therefore decided to create a separate issue.)
As a result of the introduction of
credentials+ld+json
there is now a discrepancy between the media types used in the spec and the vcdm vocabulary. I do not think that is healthy.At present, there is no class for a
Credential
in the vocabulary (although it is there between the lines, i.e., in the term definitions). We only have aVerifiableCredential
term. Now that we have a a separate media type for credentials, i.e., a (non-verifiable) credential is now a separate "thing", we may want to consider introducing a separateCredential
class to the vocabulary.However, if we do this, we have several issues that we have to consider. These issues reflect the discussions we have in #1014. (Note that this is not only boring question of RDF; the vocabulary is a (simple) ontology, i.e., it forces us to pin down the exact relationships of the various terms we are using.)
The fundamental question is: is a
VerifiableCredential
a subclass ofCredential
or not? This is, essentially, the counterpart of the question whether (if we go down that route) we would haveverifiable+credential+ld+json
orverifiable-credential+ld+json
, respectively. The alternatives on the vocabulary are:VerifiableCredential
is a subclass ofCredential
From the vocabulary point of view, this is a relatively simple thing. Most properties (
credentialStatus
,validFrom
, etc.) haveCredential
as a domain; by virtue of subclassing using those terms onVerifiableCredential
instances is perfectly fine. One would be tempted to refer toproof
as the outlier, but the domain of that property, which is defined in the Security Vocabulary is not defined explicitly, probably because the idea is that the termproof
could be used on other concepts than credentials. I.e., even if we introduce a restriction whereby a proof must not be used on aCredential
, that statement may remain "outside" the formal ontology. (Alternatively, there may be some complicated OWL2 statement that would lead to a contradiction if proof was used on aCredential
, but I am not sure it would be worth it; it would probably be of a form that simple OWL2 reasoners could not handle, so would be ignored in practice).VerifiableCredential
is not a subclass ofCredential
From a vocabulary point of view, what it would mean is that all aforementioned properties would have, as domain definition, a disjunction, something akin to "
VerifiableCredential
orCredential
". Which is fine. However, a further question is: areVerifiableCredential
andCredential
disjoint? It certainly feel like this would be the case; luckily, OWL can express that easily, the only practical obstacle is that theyaml2vocab
script we use should be extended to introduce such extra restriction (but that can be solved).Note that the introduction of
Credential
may affect the examples in the spec which, for now are all of the form:which may have to use
Credential
instead. But, I believe, by virtue of havingcredentials+ld+json
separately this makes sense in any case...@dlongley @msporny @OR13 @mprorock @brentzundel