search

w3c / vc-jose-cose

Verifiable Credentials Working Group — VC JSON Web Tokens specification
https://w3c.github.io/vc-jose-cose/
Other
30 stars 9 forks source link

Example 24 is invalid #217

Closed iherman closed 5 months ago

iherman commented 7 months ago

Example 24 uses the verifiableCredential property to refer to several credentials. However, the formal definition of this property says:

The value MUST be one or more verifiable credential and/or enveloped verifiable credential objects (to be clear, the values MUST NOT be non-object values such as numbers, strings, or URLs).

(Emphasis is mine.). In other words, these lines of the example:

    "https://vendor.example/credentials/42", 
    "did:example:123",
    "urn:uuid:01ec9426-c175-4e39-a006-d30050e28214",
    "urn:ietf:params:oauth:jwk-thumbprint:sha-256:_Fpfe27AuGmEljZE9s2lw2UH-qrZLRFNrWbJrWIe4SI",
    "data:application/vc+ld+json+sd-jwt;…"

are all forbidden per the VCDM spec and must be removed. (Or exchanged for a bona fide JSON object for another credential.)

decentralgabe commented 7 months ago

Believe this should be updated to use the enveloped property.

iherman commented 7 months ago

@decentralgabe:

Believe this should be updated to use the enveloped property.

Yes, but only partially. The definition of the Enveloped Verifiable Credential class (not property) stipulates the usage of a data URI. I.e., the last entry in the example can indeed be changed to:

{
    "@context": "https://www.w3.org/ns/credentials/v2",
    "id" : "data:application/vc+ld+json+sd-jwt;…",
    "type": "EnvelopedVerifiableCredential"
}

But I am afraid there is no standard way to express the preceding URLs in the example.

decentralgabe commented 5 months ago

fixed by https://github.com/w3c/vc-jose-cose/pull/241