Re: Proposal: Anchored Resources and Hashlinks for VCs from Dmitri Zagidulin on 2021-11-03 (public-credentials@w3.org from November 2021)

From: Dmitri Zagidulin <dzagidulin@gmail.com>
Date: Wed, 3 Nov 2021 13:59:38 -0400
To: Oliver Terbu <oliver.terbu@mesh.xyz>
Cc: Credentials Community Group <public-credentials@w3.org>, public-vc-edu@w3.org
Message-ID: <CANnQ-L4D5Pgi-mfOOeREBaOejTDnW=DnSumX+UAL5Lg1SstB4w@mail.gmail.com>
Oliver,
Great question. Some thoughts on that over here:
https://github.com/w3c/vc-data-model/issues/831#issuecomment-959772827

On Wed, Nov 3, 2021 at 6:48 AM Oliver Terbu <oliver.terbu@mesh.xyz> wrote:

> This sounds interesting.
>
> @Dmitri Zagidulin <dzagidulin@gmail.com> would it be possible to link two
> DIDs through one VC together with this approach?
>
> Oliver
>
> On Wed, Nov 3, 2021 at 2:57 AM Dmitri Zagidulin <dzagidulin@gmail.com>
> wrote:
>
>> I've been hearing the subject of cryptographically binding links between
>> VCs and other VCs (or other external resources like PDFs) come up more and
>> more lately (it's especially been prevalent in the VC Edu community). I'd
>> like to put forth a proposal that hopefully addresses the use case, or at
>> very least starts a conversation. Motivation
>>
>>    1. Provide a mechanism with which to link multiple VCs together (as
>>    peers or as parent/child relationships).
>>    2. Provide examples of a general purpose hashlink
>>    <https://datatracker.ietf.org/doc/html/draft-sporny-hashlink> mechanism
>>    (useful for linking VCs, but also for linking to external images, PDFs, and
>>    other files).
>>
>> Background / Use Cases
>>
>> There are many use cases that involve binding multiple Verifiable
>> Credentials together. For example, a simple Student ID credential can
>> consist of an overall container credential, which links to several
>> individual credentials (such as a student Photo credential, a proof of
>> enrollment at a particular university, a proof of age, etc).
>>
>> Note that this is different than binding multiple credentials together in
>> a Verifiable Presentation (and having the presenter sign the VP). In the VP
>> case, the binding just means "this presenter is authenticating the handing
>> over of these unrelated credentials". Whereas in the linked VC case, the
>> credentials are aware of each other, and the peer or hierarchical
>> relationship is built into the VC itself.
>> Proposal
>>
>> This proposal introduces two new related properties: anchoredResource
>>  and contentHash.
>> Anchored Resource
>>
>> An anchored resource points to one or more linked or bound resources. It
>> can appear in the credentialSubject section (which implies that the
>> resource is linked to the subject), or in the top level credential (same
>> level as issuer, issuanceDate, etc), which implies that the resource is
>> linked to the credential itself.
>> Content Hash
>>
>> A contentHash property provides a way to refer to an external resource
>> via a Hashlink.
>> Example
>>
>> Here's what this would look like, using a mock Student ID credential.
>>
>> {
>>   "@context": [
>>     "https://www.w3.org/2018/credentials/v1",
>>     "https://w3id.org/security/suites/ed25519-2020/v1"
>>   ],
>>
>>   "id": "urn:uuid:123445",
>>   "type": ["VerifiableCredential", "StudentIdCredential"],
>>   "issuer": {
>>     "id": "did:key:....",
>>     "image": {
>>        "id": "https://example-university.edu/logo.png",
>>        "contentHash": "hl:<hashlink to the logo url above>"
>>     },
>>     "name": "Example University"
>>   },
>>   "issuanceDate": "2020-04-03T00:00:00.000Z",
>>   "expirationDate": "2020-12-15T00:00:00.000Z",
>>   "name": "Student Identification Document",
>>   "anchoredResource": [{
>>      "id": "urn:uuid:<URN of the related photo id credential>",
>>      "contentHash": "hl:<hashlink to the related photo id credential>"
>>    }],
>>    "proof": {
>>       // ed25519 signature proof goes here
>>    }}
>>
>> Note the two usages of contentHash in the example. In the issuer, the
>> hashlink <https://datatracker.ietf.org/doc/html/draft-sporny-hashlink> is
>> to a resolvable resource (a regular .png hosted somewhere), and its only
>> purpose is to cryptographically bind the exact version of the logo. (The
>> alternative way to do that is to embed the full image in a
>> data:image/png;base64,iVBORw0KGgoAA... url. Except those tend to make
>> the VC too large for some use cases, such as fitting onto a QR Code.)
>>
>> Whereas in the anchoredResource, the hashlink is to a non-resolvable
>> urn:uuid: type URN, which only makes sense if both the student id and
>> the photo credential were presented to the verifier.
>>
>>
>> Let's continue the conversation over at
>> https://github.com/w3c/vc-data-model/issues/831 !
>>
>
Received on Wednesday, 3 November 2021 18:00:10 UTC