Hi Nikos, Yes, you can use something like Hashlinks ( https://tools.ietf.org/html/draft-sporny-hashlink-04 ) to provide integrity bindings to external resources references from VCs. Like Daniel mentioned, the VC itself is protected by digital signatures. On Fri, Apr 17, 2020 at 10:43 AM Nikos Fotiou <fotiou@aueb.gr> wrote: > The digital signature covers the VC not the “external” resources (e.g., > the schema), i.e., it protects only the uri of the schema and not the > schema itself. Note that even if this an HTTPs URI still you have the same > issue. > > On 17 Apr 2020, at 5:22 PM, Daniel Hardman <daniel.hardman@evernym.com> > wrote: > > > I believe that all approaches to VCs include digital signatures that > already provide this guarantee. We don't need to add an additional field > for it. > > On Fri, Apr 17, 2020 at 8:14 AM Nikos Fotiou <fotiou@aueb.gr> wrote: > >> Hi all, >> I was reading "Verifiable Credentials Data Model 1.0". The Data schema >> part (https://www.w3.org/TR/vc-data-model/#data-schemas) specifies two >> properties: the id, and the type. IMHO it would have been really useful to >> have a third (optional) property similar to the "sub-resource integrity" >> tag used in HTML ( >> https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity). >> What is your opinion? Is there any other way to provide some integrity >> information about external resources in the VC data model? >> >> Best, >> Nikos >> >>
Received on Friday, 17 April 2020 15:05:00 UTC