Add DataIntegrityProof to credentials/v2 JSON-LD Context. #943
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
@@ -78,7 +78,7 @@ | |||||||||||
| }, | ||||||||||||
| "proof": { | ||||||||||||
| "@id": "https://w3id.org/security#proof", | ||||||||||||
| "@type": "@id", | ||||||||||||
| "@container": "@graph" | ||||||||||||
| }, | ||||||||||||
| "verifiableCredential": { | ||||||||||||
|
|
@@ -87,6 +87,69 @@ | |||||||||||
| "@container": "@graph" | ||||||||||||
| } | ||||||||||||
| } | ||||||||||||
| }, | ||||||||||||
|
|
||||||||||||
| "DataIntegrityProof": { | ||||||||||||
| "@id": "https://w3id.org/security#DataIntegrityProof", | ||||||||||||
|
There was a problem hiding this comment. Link is dead: https://w3id.org/security#DataIntegrityProof There was a problem hiding this comment. is there a corresponding PR on security context? There was a problem hiding this comment. Not yet, no. I was going to do that if/when the Data Integrity JSON-LD Context was merged in the Data Integrity spec repo. There was a problem hiding this comment. There is now: w3c/vc-data-integrity#65 |
||||||||||||
| "@context": { | ||||||||||||
| "@protected": true, | ||||||||||||
| "id": "@id", | ||||||||||||
| "type": "@type", | ||||||||||||
| "challenge": "https://w3id.org/security#challenge", | ||||||||||||
|
There was a problem hiding this comment. example of a good term definition: https://w3id.org/security#challenge There was a problem hiding this comment. Yes, the security vocab is in serious need of some love right now. I expect we'll clean it up before or shortly after FPWD. We should certainly make sure that all the term entries exist in the security vocab before FPWD. There was a problem hiding this comment. There is a PR to address this now: w3c/vc-data-integrity#65 |
||||||||||||
| "created": { | ||||||||||||
| "@id": "http://purl.org/dc/terms/created", | ||||||||||||
| "@type": "http://www.w3.org/2001/XMLSchema#dateTime" | ||||||||||||
| }, | ||||||||||||
| "domain": "https://w3id.org/security#domain", | ||||||||||||
| "expires": { | ||||||||||||
| "@id": "https://w3id.org/security#expiration", | ||||||||||||
| "@type": "http://www.w3.org/2001/XMLSchema#dateTime" | ||||||||||||
| }, | ||||||||||||
| "nonce": "https://w3id.org/security#nonce", | ||||||||||||
|
There was a problem hiding this comment. why we have this and challenge?... prefer 1. There was a problem hiding this comment. They have different semantics (challenge is never chosen by the signer and nonce usually is). That being said, I prefer just having In other words, The only reason to expose any values via directly accessible There was a problem hiding this comment. Yeah, I almost removed There was a problem hiding this comment. As a developer, I prefer not to start a new software project with a bunch of unused variables. |
||||||||||||
| "proofPurpose": { | ||||||||||||
| "@id": "https://w3id.org/security#proofPurpose", | ||||||||||||
| "@type": "@vocab", | ||||||||||||
| "@context": { | ||||||||||||
| "@protected": true, | ||||||||||||
| "id": "@id", | ||||||||||||
| "type": "@type", | ||||||||||||
| "assertionMethod": { | ||||||||||||
| "@id": "https://w3id.org/security#assertionMethod", | ||||||||||||
|
|
||||||||||||
| "@type": "@id", | ||||||||||||
| "@container": "@set" | ||||||||||||
| }, | ||||||||||||
| "authentication": { | ||||||||||||
| "@id": "https://w3id.org/security#authenticationMethod", | ||||||||||||
|
|
||||||||||||
| "@type": "@id", | ||||||||||||
| "@container": "@set" | ||||||||||||
| }, | ||||||||||||
| "capabilityInvocation": { | ||||||||||||
| "@id": "https://w3id.org/security#capabilityInvocationMethod", | ||||||||||||
| "@type": "@id", | ||||||||||||
| "@container": "@set" | ||||||||||||
| }, | ||||||||||||
| "capabilityDelegation": { | ||||||||||||
|
There was a problem hiding this comment. What does this have to do with credentials ? There was a problem hiding this comment. The term definitions here are identical to the ones used in the data integrity context because they are intentionally There was a problem hiding this comment. To be clear, this has to do with using this context for things that are not verifiable credentials correct? Can we at least provide an informative use case for how this might be related to verifiable credentials? Some thing like, There was a problem hiding this comment. Explanation and plan to move forward is here: #943 (comment) |
||||||||||||
| "@id": "https://w3id.org/security#capabilityDelegationMethod", | ||||||||||||
| "@type": "@id", | ||||||||||||
| "@container": "@set" | ||||||||||||
| }, | ||||||||||||
|
Comment on lines
+131
to
+135
There was a problem hiding this comment.
Suggested change
There was a problem hiding this comment. let's keep this out for now - might make sense, but is a dedicated topic on its own There was a problem hiding this comment. If we remove this, we deviate from what the Data Integrity spec's main context. We should have this discussion over there instead of over here. In the meantime, we might want to think about what it means to not include the non-VC-ecosystem related things in the vc/v2 context. These are values that we expect to exist in There was a problem hiding this comment. Same comment as above, if we keep it in, we need to do a better job of explaining it.... that means adding informative text. There was a problem hiding this comment. Explanation and plan to move forward is here: #943 (comment) |
||||||||||||
| "keyAgreement": { | ||||||||||||
|
There was a problem hiding this comment. Is encryption in scope for VPs? There was a problem hiding this comment. I don't think that's relevant. This PR is about copying a protected term definition from the data integrity context into the credentials context for the convenience of developers. That means copying it so it is exactly the same. What that definition is / should / shouldn't contain is not relevant in this PR. There was a problem hiding this comment. Explanation and plan to move forward is here: #943 (comment) |
||||||||||||
| "@id": "https://w3id.org/security#keyAgreementMethod", | ||||||||||||
| "@type": "@id", | ||||||||||||
| "@container": "@set" | ||||||||||||
| } | ||||||||||||
| } | ||||||||||||
| }, | ||||||||||||
| "cryptosuite": "https://w3id.org/security#cryptosuite", | ||||||||||||
| "proofValue": { | ||||||||||||
| "@id": "https://w3id.org/security#proofValue", | ||||||||||||
| "@type": "https://w3id.org/security#multibase" | ||||||||||||
| }, | ||||||||||||
| "verificationMethod": { | ||||||||||||
| "@id": "https://w3id.org/security#verificationMethod", | ||||||||||||
| "@type": "@id" | ||||||||||||
|
There was a problem hiding this comment. Probably worth several calls on this topic.... what this means is likely not well understood, by the group. There was a problem hiding this comment. +1 - i would like clarity on this There was a problem hiding this comment. It means that the There was a problem hiding this comment. I think we can be clearer... it means the verificationMethod will be an IRI which can be dereferenced... does it mean it's allowed to be relative or absolute? There was a problem hiding this comment. It means it is a URL (relative or absolute). Relative URLs will be resolved relative to the document base, which can be set to any URL via |
||||||||||||
| } | ||||||||||||
| } | ||||||||||||
| } | ||||||||||||
| } | ||||||||||||
| } | ||||||||||||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sigh.... this impacts a lot of how the data will be processed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, it's important to separate the proof metadata from the VC -- putting each in their own isolated graphs does this (and is what
"@container": "@graph"does).