search

w3c / vc-json-schema

A mechanism to use JSON Schemas with Verifiable Credentials
https://w3c.github.io/vc-json-schema
Other
26 stars 8 forks source link

Language on nesting of credential schemas when using JsonSchemaCredential #159

Closed decentralgabe closed 1 year ago

decentralgabe commented 1 year ago

The spec does not yet provide guidance on nesting, which could pose an issue during validation.

Consider a credential representing a CredentialSchema2023. That credential could have a credentialSchema property where the type is also CredentialSchema2023, and so on, and so on... This could lead to an endless validation loop.

I propose adding language to specify that when using CredentialSchema2023 the associated VC must not have a credentialSchema property.

andresuribe87 commented 1 year ago

What about having a fixed credentialSchema property instead? Something to validate that it's actually jsonschema within the credentialSubject.

Below is an example

{ 
  "credentialSchema": {
    "type": "JsonCredentialSchema2023",
    "id": "https://github.com/w3c/CredentialSchema2023.json"
  }
}

And then the contents of https://github.com/w3c/CredentialSchema2023.json would be like the ones below:

{
  "$schema": "...",
  "type": "object",
  "properties": {
    "credentialSubject": { 
      "$ref": "http://json-schema.org/draft-04/schema"
    },
    "credentialSchema": {
    // ... something to say that it must be fixed
    }
  }
}
decentralgabe commented 1 year ago

The problem with doing that, is the schema it points to would need to be a meta-schema that is a oneOf for the schema versions we support such as

{
  "oneOf": [
     {
       "$ref": "https://json-schema.org/draft/2020-12/schema",
     },
     {
       "$ref": "https://json-schema.org/draft/2019-09/schema",
     },
     {
       "$ref": "https://json-schema.org/draft/7/schema",
     }
  ]
}

and validating this each time would result in a few network requests (sure we can encourage caching) -- and generally more room for error.

I'm not completely opposed to this approach but I think it may be simpler to just say no schema.

andresuribe87 commented 1 year ago

I still side on having it. Since the added but if complexity is actually small, and there is strong intent being communicated when you specify a machine readable schema for the schema credential itself.

I see implementers would appreciate making sure that the schema they are applying is actually valid. Otherwise they are likely to implement this, just outside the spec.

decentralgabe commented 1 year ago

OK, I agree, it seems worth it to define this meta-schema we can point to.

Still, we should add language on limiting nesting.