Closed msporny closed 4 months ago
PatStLouis
commented
4 months ago @msporny in accordance with this we should remove the returnCredential/returnPresentation options from the verify credential/presentation endpoints of the vc-api and consider it an implicit MUST all cases.
In the case of a presentation, should the verfiableCredential array be returned with credentials stripped of their proofs as well? Or do we want this to only apply to the presentation layer?
msporny
commented
4 months ago @msporny in accordance with this we should remove the
returnCredential/returnPresentationoptions from the verify credential/presentation endpoints of the vc-api and consider it an implicit MUST all cases.
I'm not sure we should do that yet. There might be use cases where you just want to know that the signature is valid, but want to do "other processing" in your application for efficiency reasons. For example, if the VCs you're dealing with are 1MB or 2MB in size... and you're running a high volume site, maybe it's more efficient for you to just get a "yes/no" answer from the API and then strip the proof off yourself at the application layer. I realize the use case is a bit contrived, but I'm concerned that there are others like this.
In the case of a presentation, should the
verfiableCredentialarray be returned with credentials stripped of their proofs as well? Or do we want this to only apply to the presentation layer?
Yes, I believe so. There is a complexity around what to do with chained proofs vs. set proofs and the verification endpoint in VC API... but that's something we'll handle at that layer of the stack, which is higher up than this layer.
msporny
commented
4 months ago Editorial, multiple reviews, changes requested and made, no objections, merging.
This PR is an attempt to address issue #1517 by clarifying the language around input types to verification algorithms.
/cc @jyasskin @PatStLouis @filip @silverpill @flechtner
Preview | Diff