Re: CHAPI Playground's Latest Update - Verification Workflows from Oliver Terbu on 2023-03-14 (public-credentials@w3.org from March 2023)

From: Oliver Terbu <oliver.terbu@spruceid.com>
Date: Tue, 14 Mar 2023 19:47:15 +0100
To: Orie Steele <orie@transmute.industries>
Cc: Ganesh Annan <gannan@digitalbazaar.com>, W3C Credentials CG <public-credentials@w3.org>
Message-ID: <CAP7TzjC3CGb=iruMbr=8Fv22o57YVRxsCZX4C-_PcmMVBFb4Kw@mail.gmail.com>
I know that @id can be a DID. I was just wondering about the assumption
CHAPI makes on DID auth. There is no rule that DID auth is always done
using the DID in the @id. I’m not saying it’s wrong I’m just saying there
is normative guidance needed and that is good to hear. Seems we are on the
right track in the W3C VC WG.

Thanks,
Oliver

On Tue 14. Mar 2023 at 19:35, Orie Steele <orie@transmute.industries> wrote:

> In general, the VC Data Model requires certain fields to be "@id"...
>
> -
> https://github.com/w3c/vc-data-model/blob/main/contexts/credentials/v1#L6
> -
> https://github.com/w3c/vc-data-model/blob/main/contexts/credentials/v2#L6
>
> In general, this means, when you see an "id" you know if could be a "DID".
>
> DIDs are not required in ANY part of the VC Data Model.
>
> There are also cases, where you won't see an `id`, but you will be allowed
> to use DID or any other URL.
>
> For example:
>
> "issuer":
>
> -
> https://github.com/w3c/vc-data-model/blob/main/contexts/credentials/v1#L43
> -
> https://github.com/w3c/vc-data-model/blob/main/contexts/credentials/v2#L51
>
> "holder":
>
> -
> https://github.com/w3c/vc-data-model/blob/main/contexts/credentials/v1#L79
> -
> https://github.com/w3c/vc-data-model/blob/main/contexts/credentials/v2#L82
>
> See also:
>
> - https://www.w3.org/TR/json-ld11/#node-identifiers
> - https://www.w3.org/TR/vc-data-model/#identifiers
>
> TLDR - DIDs are valid where `@id` is valid.
>
> Regards,
>
> OS
>
> On Tue, Mar 14, 2023 at 1:30 PM Oliver Terbu <oliver.terbu@spruceid.com>
> wrote:
>
>> Thank you. I’m also interested in where DID has to be located in VC? Is
>> the assumption that the DID is the credentialSubject.id?
>>
>> Thanks,
>> Oliver
>>
>> On Tue 14. Mar 2023 at 17:30, Ganesh Annan <gannan@digitalbazaar.com>
>> wrote:
>>
>>> The authentication process is defined as the holder demonstrating
>>> control over a DID by generating a digital signature using an
>>> authentication key found in its DID Document over a challenge provided by
>>> the Verifier Application.
>>>
>>> It follows the same pattern found: here
>>> <https://w3c-ccg.github.io/vp-request-spec/#did-authentication>
>>>
>>> On Mon, Mar 13, 2023 at 8:19 AM Oliver Terbu <oliver.terbu@spruceid.com>
>>> wrote:
>>>
>>>> Can you also speak to the authentication process, ie, what is being
>>>> authenticated and how?
>>>>
>>>> Asking because I’m interested in Holder Credential Binding.
>>>>
>>>> Thanks,
>>>> Oliver
>>>>
>>>> On Fri 10. Mar 2023 at 22:55, Brian Richter <brian@aviary.tech> wrote:
>>>>
>>>>> Yes, every presentation on the verifier workflow is a
>>>>> "VerifiablePresentation" with an authentication proof (including challenge)
>>>>> coming from the wallet.
>>>>>
>>>>> Brian
>>>>>
>>>>> On Fri, Mar 10, 2023 at 1:16 PM Orie Steele <orie@transmute.industries>
>>>>> wrote:
>>>>>
>>>>>> Can you talk about how the vc-api is useful or not useful, for
>>>>>> implementers wishing to support these CHAPI flows?
>>>>>>
>>>>>> Specifically interested in the presentation to a verifier side.
>>>>>>
>>>>>> https://w3c-ccg.github.io/vc-api/#presenting
>>>>>>
>>>>>> Are any of the presentations in the CHAPI examples "authenticated" ?
>>>>>>
>>>>>> Or are they all "VerifiablePresentations" but without a "proof" ?
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> OS
>>>>>>
>>>>>>
>>>>>> On Fri, Mar 10, 2023 at 11:57 AM Ganesh Annan <
>>>>>> gannan@digitalbazaar.com> wrote:
>>>>>>
>>>>>>> Announcement to the Community -- We're excited to announce the
>>>>>>> latest update to the CHAPI Playground, which includes a new feature -
>>>>>>> Verification Workflows You can now verify credentials presented from
>>>>>>> CHAPI-enabled wallets.
>>>>>>>
>>>>>>> https://playground.chapi.io/verifier
>>>>>>>
>>>>>>> This feature is designed to help you test a complete lifecycle of a
>>>>>>> Verifiable Credential.
>>>>>>>
>>>>>>> This is one of many updates that we're rolling out for the community
>>>>>>> in the next few months. We will be adding support to the CHAPI Playground
>>>>>>> to make it easy for others to add their verifier implementations – just
>>>>>>> like the playground supports various issuer implementations today. We will
>>>>>>> continue to add new Verifiable Credentials and make it easy for anyone to
>>>>>>> contribute their own VC examples to be displayed on the site. Shortly, we
>>>>>>> are planning to experiment with multiple types of protocols over CHAPI.
>>>>>>> Stay tuned.
>>>>>>>
>>>>>>> If you have feature requests, please feel free to discuss them on
>>>>>>> this mailing
>>>>>>>
>>>>>>> list or add them to:
>>>>>>>
>>>>>>> https://github.com/credential-handler/chapi.io/issues
>>>>>>>
>>>>>>> The team that put the CHAPI playground together is on the CCG and VC
>>>>>>> EDU
>>>>>>>
>>>>>>> mailing lists and are happy to answer any questions about current or
>>>>>>> future
>>>>>>>
>>>>>>> functionality planned for the CHAPI Playground.
>>>>>>>
>>>>>>>
>>>>>>> Instructions on using the new Verifier functionality is shown below
>>>>>>> for those of you that would like to try it out:
>>>>>>>
>>>>>>> To start verifying VCs on the playground, please use the following
>>>>>>> instructions:
>>>>>>>
>>>>>>> Wallet Sign Up
>>>>>>>
>>>>>>> 1. Sign up for any CHAPI-enabled digital wallet.
>>>>>>>
>>>>>>> For example, you could go to https://demo.vereswallet.dev/ and sign
>>>>>>> up:
>>>>>>>
>>>>>>> 2. Click "Get a Wallet".
>>>>>>>
>>>>>>> 3. Use an email address that you have access to. You can modify the
>>>>>>> email address to create multiple accounts if you'd like:
>>>>>>> myname+chapi@example.com (note the "+chapi" addition could have
>>>>>>> also been "+2", "+3", and so on).
>>>>>>>
>>>>>>> 4. Make sure to "Allow" the wallet to handle credentials on your
>>>>>>> behalf.
>>>>>>>
>>>>>>> VC Issuance
>>>>>>>
>>>>>>> 1. Visit the playground by going to:
>>>>>>>
>>>>>>> https://playground.chapi.io/issuer
>>>>>>>
>>>>>>> 2. Click "Alumni" to load the alumni Verifiable Credential example
>>>>>>> into the playground.
>>>>>>>
>>>>>>> 3. Click "Issue Verifiable Credential" and complete the issuance
>>>>>>> steps.
>>>>>>>
>>>>>>> VC Verification
>>>>>>>
>>>>>>> 1. Visit the playground's verifier:
>>>>>>>
>>>>>>> https://playground.chapi.io/verifier
>>>>>>>
>>>>>>> 2. Click "Alumni" to load the alumni credential request into the
>>>>>>> playground.
>>>>>>>
>>>>>>> 3. Click "Request Verifiable Presentation" and complete the
>>>>>>> verification steps.
>>>>>>>
>>>>>>>
>>>>>>> Kind regards,
>>>>>>>
>>>>>>> Ganesh
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> *ORIE STEELE*
>>>>>> Chief Technical Officer
>>>>>> www.transmute.industries
>>>>>>
>>>>>> <https://www.transmute.industries>
>>>>>>
>>>>>
>
> --
> *ORIE STEELE*
> Chief Technical Officer
> www.transmute.industries
>
> <https://www.transmute.industries>
>
Received on Tuesday, 14 March 2023 18:47:40 UTC