Revocation section update #56
Conversation
Update to revocation section
rogulati
requested review from
bumblefudge,
paulgrehan,
ChrisKellyLP,
dtmcg,
quartzjer,
Sakurann and
jischr
as code owners
|
@rogulati Is this ready for review? Most of the json-tagged markdown sections contain invalid JSON yet :) |
|
Most of the included language and steps are also given in the referenced standards. The bits that aren't seem to be included in the examples, which are non-normative. If this was intended to address #22 , we need information about the message type and request headers (which are absent from the id-hub standard, but necessary to resolve revocation) |
| "statusListIndex": "94567", | ||
| "statusListCredential": 'did:ion:123?service=IdentityHub&relativeRef=?messages=[{ type: "CollectionsQuery", statement: { id: "Qmdfr32sdf32546..." }}]' | ||
| "id": " https://example.com/credentials/status/3#234243", | ||
| "type": " RevocationList2021Status", |
There was a problem hiding this comment.
What is RevocationList2021Status? This doesn't appear in the referenced spec: https://w3c-ccg.github.io/vc-status-list-2021/
There was a problem hiding this comment.
Underlying Status List 2021 spec was changed in this commit: w3c-ccg/vc-status-list-2021@a37a833
From RevocationList2021Status to StatusList2021Entry
There was a problem hiding this comment.
this is the commit status list is pinned to: https://github.com/w3c-ccg/vc-status-list-2021/tree/343b8b59cddba4525e1ef355356ae760fc75904e
There was a problem hiding this comment.
reasoning here why RevocationList2021Status: https://github.com/decentralized-identity/jwt-vc-presentation-profile/pull/56/files#r997429907
| ```json | ||
| "credentialStatus": { | ||
| "id": "Qmdfr32sdf32546...", | ||
| "type": "StatusList2021", |
There was a problem hiding this comment.
Shouldn't it be StatusList2021Entry according to https://w3c-ccg.github.io/vc-status-list-2021/#statuslist2021entry ?
There was a problem hiding this comment.
I think we agreed to use this commit ver of StatusList2021 in v0.01 of this profile: https://github.com/w3c-ccg/vc-status-list-2021/tree/343b8b59cddba4525e1ef355356ae760fc75904e
so it should be RevocationList2021Status:
https://github.com/w3c-ccg/vc-status-list-2021/blob/343b8b59cddba4525e1ef355356ae760fc75904e/index.html#L252
when we move to final StatusList2021 in v1 of this profile, it will be StatusList2021Entry
| ```json | ||
| "credentialStatus": { | ||
| "id": "Qmdfr32sdf32546...", | ||
| "type": "StatusList2021", |
There was a problem hiding this comment.
| "type": "StatusList2021", | |
| "type": "RevocationList2021Status", |
| StatusList2021 MUST be used for revocation of VCs, as defined in [[ref: Status List 2021]]. | ||
|
|
||
| #### credentialStatus | ||
| The profile utilizes [[ref: Status List 2021]] specification and outlines the status information of VCs as binary values. |
There was a problem hiding this comment.
| The profile utilizes [[ref: Status List 2021]] specification and outlines the status information of VCs as binary values. | |
| The profile utilizes predraft version 0.0.1 of [[ref: Status List 2021]] specification and outlines the status information of VCs as binary values. |
There was a problem hiding this comment.
@rogulati Throughout the text and in the reference section, can you please update references to Status List 2021 to
[[def: Status List 2021 (0.01 Predraft)]]
~ Status List 2021 0.01 Predraft. Manu Sporny, Dave Longley, Orie Steele, Mike Prorock, Mahmoud Alkhraishi. 2022.01. Status: Draft Community Group Report v0.0.1.
|
|
||
| #### credentialStatus | ||
| The profile utilizes [[ref: Status List 2021]] specification and outlines the status information of VCs as binary values. | ||
| When an issuer desires to enable status information for a verifiable credential, they MAY add a status property that uses the data model described in this specification. Credential status (credentialStatus) property in the Verifiable Credential provides the information on the current status of the credential. The issued VC may include a credentialStatus property, as defined in section 2.1 of [[ref: Status List 2021]]. An Issuer of a VC must use the HTTPS URL Structure or the DID Relative URLs stored in an ID Hub to host the status list as outlined in the specification. The issuer keeps a bitstring list of all verifiable credentials it has issued. Each verifiable credential is associated with a position in the list. If the binary value of the position in the list is 1 (one), the verifiable credential is revoked, if it is 0 (zero) it is not revoked. |
There was a problem hiding this comment.
| When an issuer desires to enable status information for a verifiable credential, they MAY add a status property that uses the data model described in this specification. Credential status (credentialStatus) property in the Verifiable Credential provides the information on the current status of the credential. The issued VC may include a credentialStatus property, as defined in section 2.1 of [[ref: Status List 2021]]. An Issuer of a VC must use the HTTPS URL Structure or the DID Relative URLs stored in an ID Hub to host the status list as outlined in the specification. The issuer keeps a bitstring list of all verifiable credentials it has issued. Each verifiable credential is associated with a position in the list. If the binary value of the position in the list is 1 (one), the verifiable credential is revoked, if it is 0 (zero) it is not revoked. | |
| To provide status information, the Issuer MUST add a status (credentialStatus) property to a W3C Verifiable Credential as defined in section 2.1 of [[ref: Status List 2021]]. An Issuer of a VC MUST use one of the following mechanisms to host the status list: | |
| - the DID Relative URLs stored in an ID Hub | |
| - the HTTPS URL structure | |
| The issuer keeps a bitstring list of all verifiable credentials it has issued. Each verifiable credential is associated with a position in the list. If the binary value of the position in the list is 1 (one), the verifiable credential is revoked, if it is 0 (zero) it is not revoked. |
| The profile utilizes [[ref: Status List 2021]] specification and outlines the status information of VCs as binary values. | ||
| When an issuer desires to enable status information for a verifiable credential, they MAY add a status property that uses the data model described in this specification. Credential status (credentialStatus) property in the Verifiable Credential provides the information on the current status of the credential. The issued VC may include a credentialStatus property, as defined in section 2.1 of [[ref: Status List 2021]]. An Issuer of a VC must use the HTTPS URL Structure or the DID Relative URLs stored in an ID Hub to host the status list as outlined in the specification. The issuer keeps a bitstring list of all verifiable credentials it has issued. Each verifiable credential is associated with a position in the list. If the binary value of the position in the list is 1 (one), the verifiable credential is revoked, if it is 0 (zero) it is not revoked. | ||
|
|
||
| #### DID-Relative URL Structure |
There was a problem hiding this comment.
| #### DID-Relative URL Structure | |
| #### Hosting a Status List in a the DID Relative URLs stored in an ID Hub |
| ``` | ||
|
|
||
| #### HTTPS URL Structure |
There was a problem hiding this comment.
| #### HTTPS URL Structure | |
| #### Hosting a Status List using an HTTPS URL structure |
|
|
||
| #### credentialStatus | ||
| The profile utilizes [[ref: Status List 2021]] specification and outlines the status information of VCs as binary values. | ||
| When an issuer desires to enable status information for a verifiable credential, they MAY add a status property that uses the data model described in this specification. Credential status (credentialStatus) property in the Verifiable Credential provides the information on the current status of the credential. The issued VC may include a credentialStatus property, as defined in section 2.1 of [[ref: Status List 2021]]. An Issuer of a VC must use the HTTPS URL Structure or the DID Relative URLs stored in an ID Hub to host the status list as outlined in the specification. The issuer keeps a bitstring list of all verifiable credentials it has issued. Each verifiable credential is associated with a position in the list. If the binary value of the position in the list is 1 (one), the verifiable credential is revoked, if it is 0 (zero) it is not revoked. |
There was a problem hiding this comment.
what is an HTTPS URL Structure? should it be HTTPS URL?
| The profile utilizes [[ref: Status List 2021]] specification and outlines the status information of VCs as binary values. | ||
| When an issuer desires to enable status information for a verifiable credential, they MAY add a status property that uses the data model described in this specification. Credential status (credentialStatus) property in the Verifiable Credential provides the information on the current status of the credential. The issued VC may include a credentialStatus property, as defined in section 2.1 of [[ref: Status List 2021]]. An Issuer of a VC must use the HTTPS URL Structure or the DID Relative URLs stored in an ID Hub to host the status list as outlined in the specification. The issuer keeps a bitstring list of all verifiable credentials it has issued. Each verifiable credential is associated with a position in the list. If the binary value of the position in the list is 1 (one), the verifiable credential is revoked, if it is 0 (zero) it is not revoked. | ||
|
|
||
| #### DID-Relative URL Structure |
There was a problem hiding this comment.
looking at DID-Core spec, looks like the convention is to say relative DID URL as opposed to DID-Relative URL. suggest to make a replacement throughout the PR text.
|
|
||
| #### DID-Relative URL Structure | ||
| An Issuer of a VC may have an “IdentityHub” node serviceEndpoint in the Issuer's DID Document. Identity Hub nodes are the single endpoint to look up objects associated with a DID, as defined in [[def: Identity Hub (0.0.1 Predraft)]] (Decentralized Web Node v0.0.1 predraft)). | ||
| The following process defines how a DID-Relative URL is composed: |
There was a problem hiding this comment.
Is there a source for this process? if yes, suggest referencing it, if not, this should be super useful.
|
|
||
| #### DID-Relative URL Structure | ||
| An Issuer of a VC may have an “IdentityHub” node serviceEndpoint in the Issuer's DID Document. Identity Hub nodes are the single endpoint to look up objects associated with a DID, as defined in [[def: Identity Hub (0.0.1 Predraft)]] (Decentralized Web Node v0.0.1 predraft)). | ||
| The following process defines how a DID-Relative URL is composed: |
There was a problem hiding this comment.
| The following process defines how a DID-Relative URL is composed: | |
| ##### Constructing a Relative DID URL | |
| The following process defines how a DID-Relative URL is composed: |
| 4. JSON stringify the array of Message Descriptor objects from Step 3, then Base64Url encode the stringified output. | ||
| 5. Append a queries parameter to the DID URL string with the value set to the JSON stringified, Base64Url encoded output of Step 4. | ||
|
|
||
| ##### DID-relative URLs are composed of the following segments |
There was a problem hiding this comment.
| ##### DID-relative URLs are composed of the following segments |
There was a problem hiding this comment.
I think it's pretty natural to show a code to construct a relative DID URL following steps defined above without a new section
| ```json | ||
| did:example:123 + ?service=IdentityHub + &queries= + toBase64Url( JSON.stringify( [{ DESCRIPTOR_1 }, { DESCRIPTOR_N }] ) ) | ||
| did:example:123?service=IdentityHub&queries=W3sgTUVTU0FHRV8xIH0sIHsgTUVTU0FHRV9OIH1d.. | ||
| ``` |
There was a problem hiding this comment.
| ```json | |
| did:example:123 + ?service=IdentityHub + &queries= + toBase64Url( JSON.stringify( [{ DESCRIPTOR_1 }, { DESCRIPTOR_N }] ) ) | |
| did:example:123?service=IdentityHub&queries=W3sgTUVTU0FHRV8xIH0sIHsgTUVTU0FHRV9OIH1d.. | |
| ``` | |
| ```json | |
| did:example:123 + ?service=IdentityHub + &queries= + toBase64Url( JSON.stringify( [{ DESCRIPTOR_1 }, { DESCRIPTOR_N }] ) ) |
Update to revocation section