...
Excerpt |
---|
|
Recording of Call: 20230227 AnonCreds Specification Working Group Meeting Call Recording.mp4
Notices:
This specification creating group operates under the Linux Foundation Community Specification License v1.0.
...
- Update on the AnonCreds V2.0 Working Group
- The goal of AnonCreds v2.0 is to retain and extend the privacy-preserving features of AnonCreds v1.0, while improving capabilities, performance, extensibility, and security.
- Next week's meeting: Data Model proposals from Mike Lodder
- AnonCreds on Cardano - Presentation by Rodolfo Miranda
- From Timo Glastra : I was wondering after your last demo. Even if it would support any did as issuerId, I think we should still limit the identifier of the anoncreds object to be specific to the cardano registry. That could for example mean prepending it with `did:cardano` or it could mean prefixing it with something like `anoncreds:cardano:<identifier>`. As otherwise we're going to have conflicts I assume with an anoncreds object having e.g. an `did:example` identifier, which should be reserved for the `did:example` method.
- Links:
- https://wiki.trustoverip.org/display/HOME/DID-Linked+Resources+Specification
- https://github.com/roots-id/cardano-anoncreds/blob/main/cardano-anoncred-methods.md
- https://hyperledger.github.io/anoncreds-methods-registry/#cardano-anoncreds-method
- https://github.com/roots-id/cardano-anoncreds/tree/main/reference-implementations
- From Alex Andrei : I was talking to the side tree guys and they mentioned that using IPNS is also a good use case for anoncreds objects
- Migrating to did:indy – can just happen?
- Credentials issued to old identifiers - proof request has old identifiers, either unqualified or "did:sov" – there is an equivalent "did:indy"
- Add to spec – unqualified and map them to "did:indy" automagically, or require the verifier to ask for both representations explicitly.
- Timo Glastra to do a test to see the effort is supporting all flavours on receipt of a proof request and in verifying. How painful is that to support?
- Link to Indy DID Networks repo: https://github.com/hyperledger/indy-did-networks
- AnonCreds, JSON-LD, W3C Verifiable Credentials Data Model Standard and the VCWG
- On step further in aligning with JSON-LD – signing the hash of the
@context
RDF tuple WITHOUT credential data. Good idea? - The VCWG Miami F2F – the resolution to the "Big Tent" issue.
- On step further in aligning with JSON-LD – signing the hash of the
- PRs for review and merging
- AnonCreds Rust 102 – handling combinations of Revoked/Non-Revoked presentations
- Timestamp
- Handling of both revocable and non-revocable credentials in a single presentation in all cases (bug in older implementation).
- ANDs and ORs in the spec. are wrong – need to update the specification.
- AnonCreds Rust 102 – handling combinations of Revoked/Non-Revoked presentations
- Issues to Discuss – notably, issues that are ready to be closed.
- Checkin: anoncreds-rs implementation progress, requests
- NodeJs wrapper performance issue: https://github.com/hyperledger/aries-askar/issues/76
- Open Discussion:
- Ideas on how to link from the specification to the cryptographic operations?
- Discussion from several weeks ago – having an intermediary collect presentations from holders and then share them with the final verifier.
- Use Case:
- A bus is visiting a secure site for which all visitors must present ID.
- Site sends the bus operator a nonce.
- The bus operator uses the nonce in a presentation request flow with each passenger.
- Bus operator verifies all of the presentations.
- The Bus operator forwards all of the presentations to the site for verification.
- Questions:
- Is there value in the use of the nonce in this way?
- Does this alter the cryptography in any way?
- Terms of use of the data received by the bus operator?
- Discussion to be carried forward to next week.
- Use Case:
- Proposal: Should we move attribute encoding into the specification and out of the hands of the issuer?
- Approach:
- Deprecate the inclusion of encoded values from the "sign credential" process
- If passed, recalculate and error if they don't match the canonicalization algorithm
- If integer or string integer - leave as is
- Else stringify and hash
- In presentation – recalculate on use, as needed.
- Approach:
...