Summary
- PRs to the AnonCreds specification – checklist for completion
- Project Update/Discussion: AnonCreds v1.0 in the W3C Verifiable Credentials Data Model Standard format
- Update on AnonCreds v2.0 Work
- Open Discussion
Call Link: https://zoom.us/j/97954159540?pwd=WWk3WmQ3MVh1SXBYZGVreGl0QllGdz09
Recording:
Notices:
This specification creating group operates under the Linux Foundation Community Specification License v1.0.
|
Hyperledger is committed to creating a safe and welcoming community for all. For more information please visit the Hyperledger Code of Conduct. |
|---|
Meeting Attendees
Stephen Curran (BC Gov / Cloud Compass Computing Inc.) <swcurran@cloudcompass.ca>
Steve McCown (Anonyome Labs) <smccown@anonyome.com>
Artem Ivanov (DSR Corporation) <artem.ivanov@dsr-corporation.com>
Related Repositories:
- AnonCreds Specification: https://hyperledger.github.io/anoncreds-spec/
- AnonCreds Methods Registry: https://hyperledger.github.io/anoncreds-methods-registry
- AnonCreds Rust Open Source Code: https://github.com/hyperledger/anoncreds-rs
Meeting Preliminaries:
- Welcome and Introductions
- Announcements:
- anoncreds-clsignatures-rs
- Any updates to the Agenda?
Agenda
Open Issues
- PRs to Review
- Design and planning – AnonCreds v1.0 in the W3C Verifiable Credentials Data Model Standard format
- The BC Gov Code With Us on AnonCreds Rust – https://marketplace.digital.gov.bc.ca/opportunities/code-with-us/d81f1bb4-4abb-4a4c-8b19-92904e0bd6a6
- PR with a starting point for discussing the design: https://github.com/hyperledger/anoncreds-rs/pull/266
- Questions Raised:
- JSON-LD processing on the contexts?
- No
- Identifier within the
CredentialSubject?- No
- Nested JSON and Arrays in AnonCreds credentials.
- Not supported
- Encoding scheme – move into AnonCreds or leave for the issuer?
- Leave
- Time of Day for the `IssuanceDate` field - random? Zeroed?
- Use of the term "Data Integrity Proof" to differentiate AnonCreds and non-AnonCreds Data Integrity Proofs.
- Simple vs. complex/size efficient encoding of the proof data into a single "proof" JSON item?
- TBD – start simple
- "mapping" of source VC attributes/predicates to the presentation request.
- Using other than the AnonCreds presentation request model
- No
- Support in the AnonCreds library for signing W3C VC/VP Format Data Integrity Proofs with other Proof Types.
- No
- There might be some "devil in the details" in this. Do we have to add extra values (notably
issuer) to have a second signature?
- Altering the format/Data Model of the Credential Offer and Request format.
- No
- Proposed AnonCreds library API changes.
- For others to review
- Using AnonCreds W3C format with OpenID4VCs. Can OpenID4VCs support the necessary Offer-Request-Issuer flow?
- TBD
- JSON-LD processing on the contexts?
- Questions Raised:
- Downstream Code With Us opportunities for Aries Cloud Agent Python and Aries Framework JavaScript
- Update on AnonCreds v2.0 Work
- Updated README - PR
- List of "To Do" Issues
- ALLOSAUR
- Question: Can someone that sees the data sent to the Revocation Manager learn anything about the sender? Is the data a correlatable identifier?
- For example, if the holder passes the request to the Revocation Manager for an update uses a proxy?
- Answer: The proxy would not learn anything about the holder – would not get a correlatable (linkable) identifer for the holder.
- Potential Use Case:
- Verifier requests proof from a holder.
- Holder requests revocation updates from the verifier, who proxies the request to a revocation manager.
- Verifier returns the response to the holder.
- Holder uses the response in the presentation generation process to create the non-revocation proof.
- Question: Can someone that sees the data sent to the Revocation Manager learn anything about the sender? Is the data a correlatable identifier?
- Open discussion
Future Calls
To Dos:
- Issue to talking about what AnonCreds verifies and what is left to the issuer to verify.
- Revocation Interval
- Approach to determine if the holder used an acceptable RevRegistry – see this Issue comment
- Who calls the AnonCreds method to get the Revocation Registry from the ledger for verification
- Verifier
or AnonCreds?
- Verifier
- To set "validation" to true/false based on the RevRegEntry timestamp in relation to the revocation interval? Presentation
- Key points:
- 1. an RevRegEntry is “current” from the time it is written, to the time of the next RevRegEntry
- 2. “within the interval” is based on when a RevRegEntry is “current” (see 1.), not its timestamp.
- 3. AnonCreds or the Verifier (calling AnonCreds) should calculate “within interval” (using 2.) and mark verification true if the RevRegEntry used by the Prover is within the interval, else false.
- Dangers:
- False-Negatives: If a strict "timestamp used is between from, to" and not based on when a RevReg is "current" (per 2.), we will get "not verified" incorrectly.
- False-Positives: If we don't do any checking of the timestamp and the interval, the holder could incorrectly use an old RevRegEntry.
- Dangers:
- 4. General point: AnonCreds should return both a summary (true/false) and if false, additional data about why it was false.
- Decision – add an optional `at_from_ts` set of entries, one per NRP, that AnonCreds can use for determining if the holder_ts is within the Presentation Request interval.
Action items
- Adding support for W3C Format AnonCreds to the anoncreds implementation and the spec.
- Links to be referenced in the spec and used where needed: