Concept of schematic checks for hierarchical VC's from Sebastian Dechant on 2020-03-10 (public-credentials@w3.org from March 2020)

From: Sebastian Dechant <sebastian.dechant@evan.team>
Date: Tue, 10 Mar 2020 12:51:06 +0000
To: "public-credentials@w3.org" <public-credentials@w3.org>
Message-ID: <3161B025-316B-42CC-A914-712E01BBF5E2@evan.team>

Hi all,

we’re facing the challenge that we want to verifiy not 1 to 1 vc’s, instead we want to check against a hierarchy of vc’s that have to be presented to the proofer of a vc.

Lets take a example:

Mr. Random wants to pass a gate to a factory with his car. The security officer in front of the gate now issues a vc for mr. randoms did for passing the gate.
The VC also contains a "credentialSchema" field to check the data format of the issued vc.
When Mr. Random no presents the vc to the gate, the gate has to check different things.
1. The gate checks the proof property of the presented VC
When this check is successful, the basic cryptographic proof matches and the vc data is valid
2. After the proof check, the gate must check if the format defined in credentialSchema is valid
When this check is successful, the data integrity of the vc is valid and well-formed
3. After the schema check, the gate must check if the security officer is allowed to issue this kind of vc
In this enterprise scenario the gate also wants to check if the issuer of the vc to open the gate, has the permissions to issue this kind of vc and the gate opens or not.

The third points belongs to my question. Is there any formal definition (like JSON) of checking against a whole hierarchical set of vcs? Our approach would be:

The gate in the example above has the did id from the employer of the security officer hard coded in his source code for checking the validity of vcs. Now when the security officer creates a vc for the driver, he also attaches an “evidence” vc or vp of his employer.

With this VC the gate can now check and prove the hierarchy "gateOpenVC" ----issuedBy----> "securityOfficerGateVC" ----issuedBy----> employerDid. And because the securityOfficerGateVC is valid and not revoked, the gate will open because the issuer did matches the one which has been hardcoded in the sourcecode of the gate.

And in general is this approach acceptable to the concept of vcs? We’re also looking at https://github.com/hyperledger/aries-rfcs/tree/master/concepts/0250-rich-schemas but this also looks only like a schema for only one VC.

Thanks in advance!
Sebastian

Received on Tuesday, 10 March 2020 12:51:45 UTC