[WORK ITEM PROPOSAL] Additional schemes for BBS+ sigs for non-LD data and processors from Tomislav Markovski on 2021-08-20 (public-credentials@w3.org from August 2021)

From: Tomislav Markovski <tomislav@trinsic.id>
Date: Fri, 20 Aug 2021 16:49:05 +0000
To: W3C Credentials CG <public-credentials@w3.org>
Message-ID: <MN2PR17MB36792419238DF277A8A1A432B6C19@MN2PR17MB3679.namprd17.prod.outlook.com>

Hello,

Cross-posting a work item proposal here, as per the instructions. Issue is already open at https://github.com/w3c-ccg/community/issues/204

New Work Item Proposal

We'd like to bring a proposal for extending BBS Signature schemes that explore their usability with non-Linked Data processing systems.

Include Link to Abstract or Draft

Experimental Doc / POC<https://trinsic-id.github.io/json-bbs-signatures/>

This is a working document only. If this item is adopted, we expected the final work to span multiple specs.

List Owners

Tomislav Markovski @tmarkovski<https://github.com/tmarkovski> (Trinsic)
Jakob Povšič @jkbpvsc<https://github.com/jkbpvsc> (GlobaliD)

Work Item Questions

1. Explain what you are trying to do using no jargon or acronyms.

Explore and develop additional schemes for BBS+ signatures that work with any JSON data. We intend this effort to have multiple deliverables in terms of specifications and reference implementations.

1. How is it done today, and what are the limits of the current practice?

BBS+ signatures today are defined as a Linked Data Suite<https://w3c-ccg.github.io/ldp-bbs2020/>. Their generation relies on using JSON-LD processors and works with JSON-LD compliant documents. Few limitations of this approach are:

* Requirement that verifiable data be always described as valid JSON-LD document, adding overhead and friction to systems
* Low availability of LD tools and libraries limit the platform use of BBS sigs
* Challenges to use BBS correctly with JOSE formatted signatures
* Reliance on connectivity for document resolution (limits offline usability)
* Potential data leaks with URDNA2015 algorithm in selective disclosure use cases

1. What is new in your approach and why do you think it will be successful?

The premise in the proposed approach is the use of a normalization algorithm based on JSON Pointer addressing for object normalization. This will allow any JSON data to be used with BBS signatures. This approach uses simple tools and algorithms that do not require LD compliance, although JSON-LD can be used just as easy.

1. How are you involving participants from multiple skill sets and global locations in this work item? (Skill sets: technical, design, product, marketing, anthropological, and UX. Global locations: the Americas, APAC, Europe, Middle East.)

We'd like to invite participants from different backgrounds and skillsets to contribute and ideate on this approach. We believe this community is best suited to expand the use of BBS signatures more broadly in the context of verifiable data.

1. What actions are you taking to make this work item accessible to a non-technical audience?

We've written a draft document that can serve as a starting point to understand the concept for non-technical audience. We'd like this effort to be a point of discussion for the viability of this approach at different levels. The opportunities with using BBS more broadly impact product designs and business decisions more broadly, and we're hoping all of these will be discussed as part of this work item development.

Tomislav Markovski
CTO @ Trinsic
trinsic.id<https://trinsic.id>

Received on Friday, 20 August 2021 16:50:06 UTC