vc-data-model icon indicating copy to clipboard operation
vc-data-model copied to clipboard

Published 20 hours ago verified publisher icon w3c

Add mechanism to cryptographically secure non-credential VP properties (contexts etc)

Open dmitrizagidulin opened this issue 2 years ago • 9 comments

(Extracting from issue #1265, as requested on the previous call.) Verifiable Presentations need a way to cryptographically secure externally linked resources (such as @contexts) that is similar to the VC relatedResources/digestSRI mechanism.

dmitrizagidulin avatar Nov 23 '23 18:11 dmitrizagidulin

My proposal - we add the relatedResources field to the VP data model. (That is, extend the domain of the relatedResources field to be either VC or VP.)

dmitrizagidulin avatar Nov 23 '23 18:11 dmitrizagidulin

this is not an issue for vc-jose-cose, additional claims can be present, and if not understood they are ignored.

in the context of rdf, they get assigned "issuer dependent terms".

OR13 avatar Nov 28 '23 16:11 OR13

@dmitrizagidulin that functionality is still supported by what I said... and it still needs to be interpreted consistently by issuers and verifiers to be useful.

OR13 avatar Nov 28 '23 16:11 OR13

@OR13 I agree that schema-wise, it's not an issue for jose/cose serializations. However, we should still highlight its use in VPs, so that verifiers interpret it consistently

dmitrizagidulin avatar Nov 28 '23 16:11 dmitrizagidulin

The issue was discussed in a meeting on 2023-11-28

  • no resolutions were taken
View the transcript

1.2. Add mechanism to cryptographically secure non-credential VP properties (contexts etc) (issue vc-data-model#1360)

See github issue vc-data-model#1360.

Dmitri Zagidulin: We want to be able to lock these down cryptographically.
… We have only added this for verifiable credentials.
… But not for related resources.
… We need to do this for VPs.

Brent Zundel: Can the solution be as simple as saying "this section also refers to VPs".

Manu Sporny: Do you mean "related resources"?
… I can volunteer to write a PR for this.

Joe Andrieu: correct. id we need to secure contexts we should do that. arbitrary resources is a layer violation.

Phillip Long: pdl-asu has joined #vcwg-special.

Joe Andrieu: happy to review pr.

iherman avatar Nov 28 '23 17:11 iherman

PR #1370 has been raised to address this issue. This issue will be closed once issue #1370 has been merged.

msporny avatar Dec 03 '23 21:12 msporny

PR #1370 has failed to gain consensus.

msporny avatar Dec 13 '23 16:12 msporny

The issue was discussed in a meeting on 2023-12-13

  • no resolutions were taken
View the transcript

2.3. Add mechanism to cryptographically secure non-credential VP properties (contexts etc) (issue vc-data-model#1360)

See github issue vc-data-model#1360.

Brent Zundel: add mechanism to secure presentation metadata, related to related resource stuff.
… separated from enveloped credentials.
… seems like we tried, and now its time to decide to close the issue... if it stays open, it will be labeled future work.

Dmitri Zagidulin: I recommend we label future work.
… this seems important, but we should leave a roadmarker for the future us.

Brent Zundel: unless there is objection, I will label as future work.
… I will remove the before CR label, and unassign manu.

iherman avatar Dec 13 '23 17:12 iherman

The issue was discussed in a meeting on 2024-04-03

  • no resolutions were taken
View the transcript

2.1. Add mechanism to cryptographically secure non-credential VP properties (contexts etc) (issue vc-data-model#1360)

See github issue vc-data-model#1360.

Manu Sporny: we deferred this to a future WG.

Gabe Cohen: ok. no worries there.
… current issues don't seem pressing. there are two PRs.

Manu Sporny: can we turn to status list issues?

iherman avatar Apr 03 '24 16:04 iherman