W3C home > Mailing lists > Public > public-credentials@w3.org > April 2020

Re: integrity-like property

From: Dmitri Zagidulin <dzagidulin@gmail.com>
Date: Fri, 17 Apr 2020 11:04:34 -0400
Message-ID: <CANnQ-L4jYcyTDaSsg-arccGz+o67B4kpBrEeSRR+dYGSoBwrSg@mail.gmail.com>
To: Nikos Fotiou <fotiou@aueb.gr>
Cc: daniel.hardman@evernym.com, Credentials Community Group <public-credentials@w3.org>
Hi Nikos,

Yes, you can use something like Hashlinks (
https://tools.ietf.org/html/draft-sporny-hashlink-04 ) to provide integrity
bindings to external resources references from VCs. Like Daniel mentioned,
the VC itself is protected by digital signatures.

On Fri, Apr 17, 2020 at 10:43 AM Nikos Fotiou <fotiou@aueb.gr> wrote:

> The digital signature covers the VC not the “external” resources (e.g.,
> the schema), i.e., it protects only the uri of the schema and not the
> schema itself. Note that even if this an HTTPs URI still you have the same
> issue.
>
> On 17 Apr 2020, at 5:22 PM, Daniel Hardman <daniel.hardman@evernym.com>
> wrote:
>
> 
> I believe that all approaches to VCs include digital signatures that
> already provide this guarantee. We don't need to add an additional field
> for it.
>
> On Fri, Apr 17, 2020 at 8:14 AM Nikos Fotiou <fotiou@aueb.gr> wrote:
>
>> Hi all,
>> I was reading "Verifiable Credentials Data Model 1.0". The Data schema
>> part (https://www.w3.org/TR/vc-data-model/#data-schemas) specifies two
>> properties: the id, and the type. IMHO it would have been really useful to
>> have a third (optional) property similar to the "sub-resource integrity"
>> tag used in HTML (
>> https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity).
>> What is your opinion? Is there any other way to provide some integrity
>> information about external resources in the VC data model?
>>
>> Best,
>> Nikos
>>
>>
Received on Friday, 17 April 2020 15:05:00 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:24:58 UTC