- From: Greg Bernstein <gregb@grotto-networking.com>
- Date: Thu, 15 Jun 2023 16:26:54 -0700
- To: public-credentials@w3.org
- Message-ID: <f138102b-a3c2-eee3-d530-a86e4adbb62f@grotto-networking.com>
Hi Dave, Markus, Luca and all. I think the worry comes with nested
properties and how the processing algorithms use tie things together.
Consider an inventory of windsurfing (sailing gear) where the date/age
of the gear is important (the gear has a hard life):
|{ "sails": [ { "size": 6.1, "year": 2023}, { "size": 7.0, "year": 2020}
], "boards": [ { "name": "CompFoil170", "year": 2022}, { "name": "Tillo
Custom", "year": 2019} ] } |
How we process such a file for selective disclosure can prevent things
being taken out of context. In the “Open Attestation” (a Merkel Tree
approach) then use a library like flat
<https://www.npmjs.com/package/flat> to produce a set of statements:
|{ "sails.0.size": 6.1, "sails.0.year": 2023, "sails.1.size": 7,
"sails.1.year": 2020, "boards.0.name": "CompFoil170", "boards.0.year":
2022, "boards.1.name": "Tillo Custom", "boards.1.year": 2019 } |
Each of these statements trace the full nesting and hence one wouldn’t
be able to swap the |year| attribute of the various pieces of equipment.
Dave (Longley) do you have an example of how the JSON-LD
canonicalization prevents this (via the node ids and such)?
Cheers Greg B.
On 6/10/2023 10:51 AM, Dave Longley wrote:
> On Fri, Jun 9, 2023 at 3:25 PM Markus Sabadello<markus@danubetech.com> wrote:
>> Maybe Manu or Dave can clarify, but my understanding is that DB's "Selective Disclosure Data Integrity Cryptosuite" has bindings between all the claims and the credential, and would therefore NOT allow the re-composition of claims from different credentials as described in Luca's car mileage example.
> Yes, that's right, Markus. Also of relevance is that claims in the VC
> data model are "subject property value" statements (or "triples") that
> therefore bind properties and values to particular subjects. The
> selective disclosure scheme we described signs these statements
> directly (i.e., it does not break these statements up into their
> constituent parts), so you cannot erroneously recombine
> property-values with different subjects.
>
Attachments
- application/pgp-keys attachment: OpenPGP public key
Received on Thursday, 15 June 2023 23:27:03 UTC