-
Notifications
You must be signed in to change notification settings - Fork 46
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Verifier API should return verified VCs #207
Comments
I agree that having one expected output format from the API would be a very good idea. Is this ready for PR? |
The group discussed this on 2023-01-24. @PatStLouis asked if the array would be the whole credential or just credential subject. Both @msporny and @dlongley thought it was the whole credential. @dlongley noted that stripping the proofs might not be a good idea, there might be other proofs that are not assertion proofs that you'd want to do something with. @jandrieu noted that this might be most valuable for JWTs and it makes sense to hand entire JWT to verifier, if they check/make it works, give JSON back. Idea of stripping off proofs for Data Integrity Proofs, seems odd. Perhaps this can be type-specific. @msporny noted that JWT input/output isn't defined in the OAS files today and that's work that still need to be done. @PatStLouis noted that JWT input/output goes along w/ multi credential support, is a JWT considered a VC or it's own credential? @jandrieu noted that we should support minimum communication possible or we might undermine edge device scenarios where every byte matters. @PatStLouis doesn't really see the point of returning the whole VC, if you sent it as an input, it tells you whether or not its verified, if it returns what you input, what's the point? @msporny noted that there might not be a use case anymore for VC 2.0. @dlongley the v1.1 work doesn't get into how data integrity proofs work and generally speaking, modern data integrity libraries will throw errors when things are dropped. Other point, main use case for this feature is for JWTs, unless verifier returns back decoded data, you can't use it because that's how JWTs work -- they don't have the option of functioning in the way data integrity proof VCs do. @ottonomy noted how open badges validator ended up being built -- as a client, had use cases where output of validator was would be "The trusted version" -- a lot of other work was done in the call/process, returned a lot of other stuff, totally different scope here, but as a client, one way of valuing is "this is the trusted version, canonical form". The group came to consensus on the following: The Verifier API can return a canonical form after verification, it is an option that is off by default, but can be turned on. The option is valid with all types verifiable credentials that are secured in different ways. |
Discussion about "canonical form" on the 2024-02-20 weekly call (approximately minute 10 of the recording):
|
Although #366 is merged, I believe another PR should be made to add this feature to the Verify Presentation endpoint before closing this issue |
PR #380 has been merged, closing. |
@David-Chadwick wrote:
The text was updated successfully, but these errors were encountered: