2023-02-13 AnonCreds Specification Working Group Meeting

Summary

• PRs, Issues
• Issues to be Closed
• ANDs and ORs
• Progress on the anoncreds_rs implementation
• Open Discussion

Recording of Call: 

Notices: 

This specification creating group operates under the Linux Foundation Community Specification License v1.0.

Meeting Attendees

Stephen Curran (BC Gov / Cloud Compass Computing Inc.) <swcurran@cloudcompass.ca>

Rodolfo Miranda (RootsID)<rodolfo.miranda@rootsid.com>

Related Repositories:

• AnonCreds Specification: https://hyperledger.github.io/anoncreds-spec/
• AnonCreds Methods Registry: https://hyperledger.github.io/anoncreds-methods-registry
• AnonCreds Rust Open Source Code: https://github.com/hyperledger/anoncreds-rs
  • Ledger Agnostic AnonCreds Project Page: https://github.com/orgs/hyperledger/projects/16

Meeting Preliminaries:

• Welcome and Introductions
• Announcements:
• Updates the Agenda

Agenda

Open Issue

• PRs for review and merging
  • AnonCreds Rust 102 – handling combinations of Revoked/Non-Revoked presentations
    • Timestamp
    • Handling of both revocable and non-revocable credentials in a single presentation in all cases (bug in older implementation).
  • ANDs and ORs in the spec. are wrong – need to update the specification.
• Issues to Discuss – notably, issues that are ready to be closed.
• Checkin: anoncreds-rs implementation progress, requests
  • NodeJs wrapper performance issue: https://github.com/hyperledger/aries-askar/issues/76
    • Not happening in react native 
    • Use a patched version of napi-js that solves the problem; use Node.JS 18, drop support for Node.JS 14.
    • Later switch the library - liquify.js
  • Discussion about what to do about wrappers, especially if there is a need to drop the napi-js library to overcome this issue.  Various options were discussed, and links provided:
    • Keep napi-js
  • Current work – testing with AFJ, and now working on integrating the AFJ version into Aries Bifold.
    • main branch of AFJ
    • Lots of work on getting the publishing pipeline ready – done.
    • indy-vdr based version is working – use its implementation as the basis for other ledgers
    • Need a document for how to do that in AFJ
• Discussion from last week – having an intermediary collect presentations from holders and then share them with the final verifier.
  • Use Case:
    • A bus is visiting a secure site for which all visitors must present ID.
    • Site sends the bus operator a nonce.
    • The bus operator uses the nonce in a presentation request flow with each passenger.
    • Bus operator verifies all of the presentations.
    • The Bus operator forwards all of the presentations to the site for verification.
  • Questions:
    • Is there value in the use of the nonce in this way?
    • Does this alter the cryptography in any way?
    • Terms of use of the data received by the bus operator?
  • Discussion to be carried forward to next week.
• Proposal: Should we move attribute encoding into the specification and out of the hands of the issuer?
  • Approach:
    • Deprecate the inclusion of encoded values from the "sign credential" process
    • If passed, recalculate and error if they don't match the canonicalization algorithm
      • If integer or string integer - leave as is
      • Else stringify and hash
    • In presentation – recalculate on use, as needed.

Future Calls

To Dos:

• Discussion: Mike Lodder has proposed that a group start on "Next Gen" AnonCreds based on his this recorded presentation at out 2022-11-28 meeting
  • Stephen Curran to find times that work for Mike and propose times for the group.
• Issue #137 added regarding further investigation into what happens to the issuance data flow nonce(s) by Belsy – definition completed, to be added to the spec. Stephen Curran 
• Issue #140 should WQL be allowed in a Presentation Request?
  • WQL is supported currently in the Indy SDK, but not in the Aries Frameworks
  • Should it be in the specification?
  • If so, in what form. From Sam Curren — don't call it WQL if we do include it – just describe it.
  • Not used and it is not clear there is a good reason to support it.
  • Complicates the specification and the implementation.
  • Decision:
    • Not supported in the specification – let's keep it out in this version
• Revocation Interval
  • Approach to determine if the holder used an acceptable RevRegistry – see this Issue comment
  • Who calls the AnonCreds method to get the Revocation Registry from the ledger for verification
    • Verifier or AnonCreds?
  • To set "validation" to true/false based on the RevRegEntry timestamp in relation to the revocation interval?  Presentation 
  • Key points:
    • 1. an RevRegEntry is “current” from the time it is written, to the time of the next RevRegEntry
    • 2. “within the interval” is based on when a RevRegEntry is “current” (see 1.), not its timestamp.
    • 3. AnonCreds or the Verifier (calling AnonCreds) should calculate “within interval” (using 2.) and mark verification true if the RevRegEntry used by the Prover is within the interval, else false.
      • Dangers:
        • False-Negatives: If a strict "timestamp used is between from, to" and not based on when a RevReg is "current" (per 2.), we will get "not verified" incorrectly.
        • False-Positives: If we don't do any checking of the timestamp and the interval, the holder could incorrectly use an old RevRegEntry.
    • 4. General point: AnonCreds should return both a summary (true/false) and if false, additional data about why it was false.
  • Decision – add an optional `at_from_ts` set of entries, one per NRP, that AnonCreds can use for determining if the holder_ts is within the Presentation Request interval.
• Backwards Compatibility
  • PRs in (#82, #105) that seem to change public data structures – ones that are handled outside of AnonCreds and/or by two or more participants (issuer, holder, verifier)
  • We want to retain compatibility with existing data – credentials that have been issued and the published AnonCreds objects on which they rely.
  • That extends to business logic – e.g. the handling of the objects not just by AnonCreds, AnonCreds Methods and Aries Frameworks, but also by business applications built on Aries.
  • Suggestion:
    • Include in the specification a statement about backward compatibility
      • Perhaps this is what Ankur had planned to do?
    • Formalize what data structures will be expected by AnonCreds
      • This is being done throughout the specification and verified against the current implementation.
    • As needed support sending and receiving data in "old" and "new" formats, but (for now) always sending "old" formats.
      • TBD if there are any such cases.

Action items

• Adding support for W3C Format AnonCreds to the anoncreds implementation and the spec.
• Issue -- should "encoded" generation be handled by the Issuer or within AnonCreds?
  • Formalize the encoding in the specification
  • Transition to "encoding in AnonCreds" ASAP
• Links to be referenced in the spec and used where needed:
  • From Will Abramson : https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.186.5994&rep=rep1&type=pdf
  • From Will Abramson : https://github.com/hyperledger/indy-hipe/blob/c761c583b1e01c1e9d3ceda2b03b35336fdc8cc1/text/anoncreds-protocol/README.md