- From: Nikos Fotiou <fotiou@aueb.gr>
- Date: Fri, 17 Apr 2020 17:41:45 +0300
- To: daniel.hardman@evernym.com
- Cc: Credentials Community Group <public-credentials@w3.org>
Received on Friday, 17 April 2020 14:42:03 UTC
The digital signature covers the VC not the “external” resources (e.g., the schema), i.e., it protects only the uri of the schema and not the schema itself. Note that even if this an HTTPs URI still you have the same issue. > On 17 Apr 2020, at 5:22 PM, Daniel Hardman <daniel.hardman@evernym.com> wrote: > > > I believe that all approaches to VCs include digital signatures that already provide this guarantee. We don't need to add an additional field for it. > >> On Fri, Apr 17, 2020 at 8:14 AM Nikos Fotiou <fotiou@aueb.gr> wrote: >> Hi all, >> I was reading "Verifiable Credentials Data Model 1.0". The Data schema part (https://www.w3.org/TR/vc-data-model/#data-schemas) specifies two properties: the id, and the type. IMHO it would have been really useful to have a third (optional) property similar to the "sub-resource integrity" tag used in HTML (https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity). What is your opinion? Is there any other way to provide some integrity information about external resources in the VC data model? >> >> Best, >> Nikos >>
Received on Friday, 17 April 2020 14:42:03 UTC