W3C home > Mailing lists > Public > public-credentials@w3.org > April 2020

Re: integrity-like property

From: Nikos Fotiou <fotiou@aueb.gr>
Date: Fri, 17 Apr 2020 17:41:45 +0300
Message-Id: <D45732A7-1C07-4846-8C13-C528BC7FE119@aueb.gr>
Cc: Credentials Community Group <public-credentials@w3.org>
To: daniel.hardman@evernym.com
The digital signature covers the VC not the “external” resources (e.g., the schema), i.e., it protects only the uri of the schema and not the schema itself. Note that even if this an HTTPs URI still you have the same issue. 

> On 17 Apr 2020, at 5:22 PM, Daniel Hardman <daniel.hardman@evernym.com> wrote:
> 
> 
> I believe that all approaches to VCs include digital signatures that already provide this guarantee. We don't need to add an additional field for it.
> 
>> On Fri, Apr 17, 2020 at 8:14 AM Nikos Fotiou <fotiou@aueb.gr> wrote:
>> Hi all,
>> I was reading "Verifiable Credentials Data Model 1.0". The Data schema part (https://www.w3.org/TR/vc-data-model/#data-schemas) specifies two properties: the id, and the type. IMHO it would have been really useful to have a third (optional) property similar to the "sub-resource integrity" tag used in HTML (https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity). What is your opinion? Is there any other way to provide some integrity information about external resources in the VC data model?
>> 
>> Best,
>> Nikos
>> 

Received on Friday, 17 April 2020 14:42:03 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:24:58 UTC