W3C home > Mailing lists > Public > public-credentials@w3.org > March 2022

Re: DIF VC-JWTs look like Linked Data Proof Verifiable Credentials

From: Orie Steele <orie@transmute.industries>
Date: Thu, 3 Mar 2022 09:16:07 -0600
Message-ID: <CAN8C-_J4wei9D2b5m+qMdCwGZ0EJXy40A8cdXu9PD-oBknuutQ@mail.gmail.com>
To: Kim Hamilton <kimdhamilton@gmail.com>
Cc: Markus Sabadello <markus@danubetech.com>, "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Thank you Kim!

Please complain about every rough edge you hit in the test suite (in github
issues and on this mailing list : )

We need that intel to improve it, and we need to keep up the pressure on
the rough spots (in code and documentation) to make it easier for the
next person.

The good news is that hopefully we will be able to leverage this experience
in improving the VCDM 2.0 test suite as well.

One of the main goals is to show how the same `credential` can become a
VC-DI (the format formerly known as linked data proof) AND VC-JWT.

Having a single test suite that supports all normatively defined formats,
and actually signs and verifies is critical to improving interoperability
in the VCDM 2.0.

I also want to thank Charles (Spruce) and Markus (Danube Tech) for their
help on that test suite... They are the reason we can show language support
for Java and Rust in addition to JavaScript.

I am hopeful to see GoLang support in the future.

Regards,

OS


ᐧ

On Wed, Mar 2, 2022 at 10:28 PM Kim Hamilton <kimdhamilton@gmail.com> wrote:

>
>    - *Correction for Markus*: was not failing -- the test suite is a
>    doozy so it was just noise.
>    - *Conclusion*: did-jwt-vc looks like it works.
>    https://github.com/decentralized-identity/JWS-Test-Suite/pull/44
>    - *Moral of this story*: time(write code) << time(discuss on mailing
>    lists and github issues)
>       - Even though that particular test suite is a bear
>       - But I'm grateful that it exists, so thanks Orie
>
> Sometimes it takes a lady to figure all of this out
>
>
> On Wed, Mar 2, 2022 at 12:57 AM Markus Sabadello <markus@danubetech.com>
> wrote:
>
>> I don't think it's failing..? Do you see a problem anywhere?
>>
>> Markus
>> On 02.03.22 05:05, Kim Hamilton wrote:
>>
>> Btw, is the DanubeTech implementation failing? This may be blocking the
>> ability to submit test reports to that suite
>>
>> On Tue, Mar 1, 2022 at 1:42 PM Kim Hamilton <kimdhamilton@gmail.com>
>> wrote:
>>
>>> That's right; I do think did-jwt-vc can be made conformant, but there
>>> are some repo/work item ownership issues to sort out. Perhaps we (Centre)
>>> can help with that after we figure out who else is interested in actively
>>> contributing to that repo going forward.
>>>
>>> On Mon, Feb 28, 2022 at 10:38 AM Charles E. Lehner <
>>> charles.lehner@spruceid.com> wrote:
>>>
>>>> Hi,
>>>>
>>>> JwtProof2020 is described as "for internal use" in DIF's did-jwt-vc
>>>> library:
>>>> https://github.com/decentralized-identity/did-jwt-vc#notes-on-verification-and-proof-properties
>>>> > The JwtProof2020 is a synthetic proof type, usable for
>>>> differentiating credentials by type. It is not a registered W3C VC Data
>>>> Model algorithm and should not be treated as such.
>>>>
>>>> I saw a VC with this format in a demo recently, which I think suggests
>>>> it may be leaking into non-internal use.
>>>>
>>>> I don't see a specification for it, or an IRI for the proof type. The
>>>> implementation in DIF's did-jwt-vc repository produces it here:
>>>>
>>>> https://github.com/decentralized-identity/did-jwt-vc/blob/94fdd6f280579cc2b0b9a0125855ee13916b6b52/src/converters.ts#L173-L187
>>>>
>>>> https://github.com/decentralized-identity/did-jwt-vc/blob/94fdd6f280579cc2b0b9a0125855ee13916b6b52/src/converters.ts#L417-L431
>>>> There does not seem to be a verifier implemented there, only the
>>>> conversion from JWT-VC into VC with proof object of this type (with
>>>> conversion of some properties).
>>>>
>>>> I think JwtProof2020 looks useful as way to convert a VC-JWT into an
>>>> equivalent VC-with-proof-object. Maybe this could enable using VC-JWTs in
>>>> APIs that require a VC-with-proof-object; then APIs would not need
>>>> polymorphism like was proposed in
>>>> https://github.com/w3c-ccg/vc-api/pull/208 .
>>>> Maybe this format could encapsulate the conversion process between JOSE
>>>> claims and VC fields such as is specified in the VC Data Model:
>>>> https://www.w3.org/TR/vc-data-model/#jwt-encoding
>>>> But it would need to be determined how to verify this proof type,
>>>> including ensuring that the properties outside the JWT correspond to the
>>>> JWT payload.
>>>>
>>>> There is some more discussion here:
>>>>   https://github.com/centrehq/verite/issues/373
>>>>
>>>> Regards,
>>>> Charles Lehner
>>>>
>>>> On Thu, 24 Feb 2022 08:08:19 -0600
>>>> Orie Steele <orie@transmute.industries> <orie@transmute.industries>
>>>> wrote:
>>>>
>>>> > Hey Folks,
>>>> >
>>>> > As we gear up for VCDM2.0 there are a number of VC-JWT
>>>> > implementations that we are tracking and attempting to show
>>>> > interoperability across.
>>>> >
>>>> > One of the oldest VC-JWT implementations is hosted at DIF, but it
>>>> > produces VC-JWTs that are not compact JWTs ... they look more like
>>>> > Linked Data Proof VCs.
>>>> >
>>>> > As far as I know, no other VC-JWT implementation supports this
>>>> > format, aka "JwtProof2020".
>>>> >
>>>> > Here is a link to an issue with an example:
>>>> > https://github.com/centrehq/verite/issues/373#issuecomment-1049888568
>>>> >
>>>> > If you have a few minutes, I would love some review of what the DIF
>>>> > implementation is doing, and how we can either push it all the way
>>>> > into the LD Proof camp, or all the way into the VC-JWT camp.
>>>> >
>>>> > Regards,
>>>> >
>>>> > OS
>>>> >
>>>>
>>>>

-- 
*ORIE STEELE*
Chief Technical Officer
www.transmute.industries

<https://www.transmute.industries>
Received on Thursday, 3 March 2022 15:17:32 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:25:29 UTC