From 31051475939b42d2cb2e93611f6030d15522e7b8 Mon Sep 17 00:00:00 2001 From: F-Node-Karlsruhe Date: Mon, 4 Sep 2023 10:17:42 +0200 Subject: [PATCH 01/21] mv PR from bitbucket Signed-off-by: F-Node-Karlsruhe --- examples/credential_request_ldp_vc_vp.json | 42 +++++++ ...id-4-verifiable-credential-issuance-1_0.md | 110 ++++++++++++++++++ 2 files changed, 152 insertions(+) create mode 100644 examples/credential_request_ldp_vc_vp.json diff --git a/examples/credential_request_ldp_vc_vp.json b/examples/credential_request_ldp_vc_vp.json new file mode 100644 index 00000000..df8f86cf --- /dev/null +++ b/examples/credential_request_ldp_vc_vp.json @@ -0,0 +1,42 @@ +{ + "format": "ldp_vc", + "credential_definition": { + "@context": [ + "https://www.w3.org/2018/credentials/v1", + "https://www.w3.org/2018/credentials/examples/v1" + ], + "type": [ + "VerifiableCredential", + "UniversityDegreeCredential" + ], + "credentialSubject": { + "degree": { + "type": {} + } + } + }, + "proof": { + "proof_type": "ldp_vp_2.0", + "ldp_vp": { + "@context": [ + "https://www.w3.org/2018/credentials/v1" + ], + "type": [ + "VerifiablePresentation" + ], + "holder": "did:key:z6MkvrFpBNCoYewiaeBLgjUDvLxUtnK5R6mqh5XPvLsrPsro", + "proof": [ + { + "type": "DataIntegrityProof", + "cryptosuite": "eddsa-2022", + "proofPurpose": "authentication", + "verificationMethod": "did:key:z6MkvrFpBNCoYewiaeBLgjUDvLxUtnK5R6mqh5XPvLsrPsro#z6MkvrFpBNCoYewiaeBLgjUDvLxUtnK5R6mqh5XPvLsrPsro", + "created": "2023-03-01T14:56:29.280619Z", + "challenge": "82d4cb36-11f6-4273-b9c6-df1ac0ff17e9", + "domain": "did:web:audience.company.com", + "proofValue": "z5hrbHzZiqXHNpLq6i7zePEUcUzEbZKmWfNQzXcUXUrqF7bykQ7ACiWFyZdT2HcptF1zd1t7NhfQSdqrbPEjZceg7" + } + ] + } + } +} \ No newline at end of file diff --git a/openid-4-verifiable-credential-issuance-1_0.md b/openid-4-verifiable-credential-issuance-1_0.md index d428c962..cca0fd6d 100644 --- a/openid-4-verifiable-credential-issuance-1_0.md +++ b/openid-4-verifiable-credential-issuance-1_0.md @@ -735,6 +735,7 @@ This specification defines the following values for the `proof_type` property: * `jwt`: A JWT [@!RFC7519] is used as proof of possession. When `proof_type` is `jwt`, a `proof` object MUST include a `jwt` claim containing a JWT defined in (#jwt-proof-type). * `cwt`: A CWT [@!RFC8392] is used as proof of possession. When `proof_type` is `cwt`, a `proof` object MUST include a `cwt` claim containing a CWT defined in (#cwt-proof-type). +* `ldp_vp_2.0`: A verifiable presentation signed using data integrity proof as defined in [@VC_DATA_2.0] and [@DI] specs must be used as a proof of possession. When `proof_type` is `ldp_vp_2.0`, a `proof` object MUST include a `ldp_vp` claim containing a [verifiable presentation](https://www.w3.org/TR/vc-data-model-2.0/#presentations-0) defined in (#ldp_vp-proof-type). #### `jwt` Key Proof Type {#jwt-proof-type} @@ -798,6 +799,49 @@ Here is another example JWT not only proving possession of a private key but als } ``` +#### `ldp_vp_2.0` Key Proof Type {#ldp_vp-proof-type} + +The verifiable presentation MUST contain the following elements: + + * in the presentation itself, + * `holder`: OPTIONAL. MUST be equivalent to the DID in the `proof.verificationMethod` property. + + * in the proof body, + * `domain`: REQUIRED (string). The value of this claim MUST be the Credential Issuer Identifier. + * `challenge`: REQUIRED (string). The value type of this claim MUST be a string, where the value is a server-provided `c_nonce`. MUST be present when the Wallet received server-provided `c_nonce`. + +The Credential Issuer MUST validate that the `proof` is actually signed by a key of the holder. + +Below is a non-normative example of a `proof` parameter: + +```json +{ + "proof_type": "ldp_vp_2.0", + "ldp_vp": { + "@context": [ + "https://www.w3.org/2018/credentials/v1" + ], + "type": [ + "VerifiablePresentation" + ], + "holder": "did:key:z6MkvrFpBNCoYewiaeBLgjUDvLxUtnK5R6mqh5XPvLsrPsro", + "proof": [ + { + "type": "DataIntegrityProof", + "cryptosuite": "eddsa-2022", + "proofPurpose": "authentication", + "verificationMethod": "did:key:z6MkvrFpBNCoYewiaeBLgjUDvLxUtnK5R6mqh5XPvLsrPsro#z6MkvrFpBNCoYewiaeBLgjUDvLxUtnK5R6mqh5XPvLsrPsro", + "created": "2023-03-01T14:56:29.280619Z", + "challenge": "82d4cb36-11f6-4273-b9c6-df1ac0ff17e9", + "domain": "did:web:audience.company.com", + "proofValue": "z5hrbHzZiqXHNpLq6i7zePEUcUzEbZKmWfNQzXcUXUrqF7bykQ7ACiWFyZdT2HcptF1zd1t7NhfQSdqrbPEjZceg7" + } + ] + } + } + +``` + #### `cwt` Key Proof Type {#cwt-proof-type} The CWT MUST contain the following elements: @@ -1374,6 +1418,68 @@ TBD + + + Verifiable Credentials Data Model 2.0 + + Digital Bazaar + + + Transmute + + + Spruce Systems, Inc. + + + ConsenSys + + + Block + + + independent + + + Digital Bazaar + + + ConsenSys + + + Evernym + + + MATTR + + + University of Kent + + + + + + + + Verifiable Credential Data Integrity 1.0 + + Digital Bazaar + + + Digital Bazaar + + + Invited Expert + + + Invited Expert + + + Invited Expert + + + + + The OAuth 2.0 Authorization Framework: Bearer Token Usage @@ -1788,6 +1894,10 @@ The following is a non-normative example of a Credential Offer of type `ldp_vc`: <{{examples/credential_offer_ldp_vc.json}} +For better suiting the W3C Data Integrity Proof ecosystem the following non-normative example displays a credential request with the proof of posession type `ldp_vp` which uses a verifiable presentation. + +<{{examples/credential_request_ldp_vc_vp.json}} + #### Authorization Details {#authorization_ldp_vc} The following additional claims are defined for authorization details of type `openid_credential` and this Credential format. From 1229a6da83ebe1cd91cca31c6133894b0a337991 Mon Sep 17 00:00:00 2001 From: F-Node-Karlsruhe <41575897+F-Node-Karlsruhe@users.noreply.github.com> Date: Thu, 7 Sep 2023 09:50:13 +0200 Subject: [PATCH 02/21] Update openid-4-verifiable-credential-issuance-1_0.md Co-authored-by: Kristina <52878547+Sakurann@users.noreply.github.com> --- openid-4-verifiable-credential-issuance-1_0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openid-4-verifiable-credential-issuance-1_0.md b/openid-4-verifiable-credential-issuance-1_0.md index cca0fd6d..9ff5cdf6 100644 --- a/openid-4-verifiable-credential-issuance-1_0.md +++ b/openid-4-verifiable-credential-issuance-1_0.md @@ -801,7 +801,7 @@ Here is another example JWT not only proving possession of a private key but als #### `ldp_vp_2.0` Key Proof Type {#ldp_vp-proof-type} -The verifiable presentation MUST contain the following elements: +The verifiable presentation as defined by [@VC_DATA_2.0] signed using Data Integrity that are used as Key Proofs MUST contain the following elements: * in the presentation itself, * `holder`: OPTIONAL. MUST be equivalent to the DID in the `proof.verificationMethod` property. From d8e5b75029dfba2e1dc8f091e56e13d064ffb175 Mon Sep 17 00:00:00 2001 From: F-Node-Karlsruhe <41575897+F-Node-Karlsruhe@users.noreply.github.com> Date: Thu, 5 Oct 2023 15:13:46 +0200 Subject: [PATCH 03/21] Update openid-4-verifiable-credential-issuance-1_0.md Co-authored-by: Giuseppe De Marco --- openid-4-verifiable-credential-issuance-1_0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openid-4-verifiable-credential-issuance-1_0.md b/openid-4-verifiable-credential-issuance-1_0.md index 9ff5cdf6..fc38d205 100644 --- a/openid-4-verifiable-credential-issuance-1_0.md +++ b/openid-4-verifiable-credential-issuance-1_0.md @@ -735,7 +735,7 @@ This specification defines the following values for the `proof_type` property: * `jwt`: A JWT [@!RFC7519] is used as proof of possession. When `proof_type` is `jwt`, a `proof` object MUST include a `jwt` claim containing a JWT defined in (#jwt-proof-type). * `cwt`: A CWT [@!RFC8392] is used as proof of possession. When `proof_type` is `cwt`, a `proof` object MUST include a `cwt` claim containing a CWT defined in (#cwt-proof-type). -* `ldp_vp_2.0`: A verifiable presentation signed using data integrity proof as defined in [@VC_DATA_2.0] and [@DI] specs must be used as a proof of possession. When `proof_type` is `ldp_vp_2.0`, a `proof` object MUST include a `ldp_vp` claim containing a [verifiable presentation](https://www.w3.org/TR/vc-data-model-2.0/#presentations-0) defined in (#ldp_vp-proof-type). +* `ldp_vp_2.0`: A verifiable presentation signed using the data integrity proof defined in [@VC_DATA_2.0], and where the proof of possession MUST be done in accordance with [@DI]. When `proof_type` is set to `ldp_vp_2.0`, the `proof` object MUST include a `ldp_vp` claim containing a [verifiable presentation](https://www.w3.org/TR/vc-data-model-2.0/#presentations-0) defined in (#ldp_vp-proof-type). #### `jwt` Key Proof Type {#jwt-proof-type} From fc8f7bbb577fddd09405b0751e688d98554af5bb Mon Sep 17 00:00:00 2001 From: F-Node-Karlsruhe <41575897+F-Node-Karlsruhe@users.noreply.github.com> Date: Thu, 5 Oct 2023 15:14:31 +0200 Subject: [PATCH 04/21] Update openid-4-verifiable-credential-issuance-1_0.md Co-authored-by: Giuseppe De Marco --- openid-4-verifiable-credential-issuance-1_0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openid-4-verifiable-credential-issuance-1_0.md b/openid-4-verifiable-credential-issuance-1_0.md index fc38d205..52d12c77 100644 --- a/openid-4-verifiable-credential-issuance-1_0.md +++ b/openid-4-verifiable-credential-issuance-1_0.md @@ -808,7 +808,7 @@ The verifiable presentation as defined by [@VC_DATA_2.0] signed using Data Integ * in the proof body, * `domain`: REQUIRED (string). The value of this claim MUST be the Credential Issuer Identifier. - * `challenge`: REQUIRED (string). The value type of this claim MUST be a string, where the value is a server-provided `c_nonce`. MUST be present when the Wallet received server-provided `c_nonce`. + * `challenge`: REQUIRED (string). The value type of this claim MUST be a string, where the value is a server-provided `c_nonce`. It MUST be present when the Wallet received server-provided `c_nonce`. The Credential Issuer MUST validate that the `proof` is actually signed by a key of the holder. From fe57bdc411cc9c1af08c88373b4a2574f7ba2ead Mon Sep 17 00:00:00 2001 From: F-Node-Karlsruhe <41575897+F-Node-Karlsruhe@users.noreply.github.com> Date: Thu, 5 Oct 2023 15:14:51 +0200 Subject: [PATCH 05/21] Update openid-4-verifiable-credential-issuance-1_0.md Co-authored-by: Giuseppe De Marco --- openid-4-verifiable-credential-issuance-1_0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openid-4-verifiable-credential-issuance-1_0.md b/openid-4-verifiable-credential-issuance-1_0.md index 52d12c77..ab133dc9 100644 --- a/openid-4-verifiable-credential-issuance-1_0.md +++ b/openid-4-verifiable-credential-issuance-1_0.md @@ -810,7 +810,7 @@ The verifiable presentation as defined by [@VC_DATA_2.0] signed using Data Integ * `domain`: REQUIRED (string). The value of this claim MUST be the Credential Issuer Identifier. * `challenge`: REQUIRED (string). The value type of this claim MUST be a string, where the value is a server-provided `c_nonce`. It MUST be present when the Wallet received server-provided `c_nonce`. -The Credential Issuer MUST validate that the `proof` is actually signed by a key of the holder. +The Credential Issuer MUST validate that the `proof` is actually signed with a key in possession of the Holder. Below is a non-normative example of a `proof` parameter: From 3e0379492d39f7f3c5be68ceafd2d193c372285a Mon Sep 17 00:00:00 2001 From: F-Node-Karlsruhe <41575897+F-Node-Karlsruhe@users.noreply.github.com> Date: Thu, 5 Oct 2023 15:15:21 +0200 Subject: [PATCH 06/21] Update openid-4-verifiable-credential-issuance-1_0.md Co-authored-by: Giuseppe De Marco --- openid-4-verifiable-credential-issuance-1_0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openid-4-verifiable-credential-issuance-1_0.md b/openid-4-verifiable-credential-issuance-1_0.md index ab133dc9..6c118d1f 100644 --- a/openid-4-verifiable-credential-issuance-1_0.md +++ b/openid-4-verifiable-credential-issuance-1_0.md @@ -1894,7 +1894,7 @@ The following is a non-normative example of a Credential Offer of type `ldp_vc`: <{{examples/credential_offer_ldp_vc.json}} -For better suiting the W3C Data Integrity Proof ecosystem the following non-normative example displays a credential request with the proof of posession type `ldp_vp` which uses a verifiable presentation. +For better suiting the W3C Data Integrity Proof ecosystem the following non-normative example displays a Credential request with the proof of possession type set to `ldp_vp`, using a verifiable presentation. <{{examples/credential_request_ldp_vc_vp.json}} From 93c20c80e547ce70b655ca15d38477b7e7f87200 Mon Sep 17 00:00:00 2001 From: F-Node-Karlsruhe Date: Thu, 5 Oct 2023 15:21:41 +0200 Subject: [PATCH 07/21] capitalize Data Integrity Signed-off-by: F-Node-Karlsruhe --- openid-4-verifiable-credential-issuance-1_0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openid-4-verifiable-credential-issuance-1_0.md b/openid-4-verifiable-credential-issuance-1_0.md index 6c118d1f..7bc3f629 100644 --- a/openid-4-verifiable-credential-issuance-1_0.md +++ b/openid-4-verifiable-credential-issuance-1_0.md @@ -735,7 +735,7 @@ This specification defines the following values for the `proof_type` property: * `jwt`: A JWT [@!RFC7519] is used as proof of possession. When `proof_type` is `jwt`, a `proof` object MUST include a `jwt` claim containing a JWT defined in (#jwt-proof-type). * `cwt`: A CWT [@!RFC8392] is used as proof of possession. When `proof_type` is `cwt`, a `proof` object MUST include a `cwt` claim containing a CWT defined in (#cwt-proof-type). -* `ldp_vp_2.0`: A verifiable presentation signed using the data integrity proof defined in [@VC_DATA_2.0], and where the proof of possession MUST be done in accordance with [@DI]. When `proof_type` is set to `ldp_vp_2.0`, the `proof` object MUST include a `ldp_vp` claim containing a [verifiable presentation](https://www.w3.org/TR/vc-data-model-2.0/#presentations-0) defined in (#ldp_vp-proof-type). +* `ldp_vp_2.0`: A verifiable presentation signed using the Data Integrity Proof defined in [@VC_DATA_2.0], and where the proof of possession MUST be done in accordance with [@DI]. When `proof_type` is set to `ldp_vp_2.0`, the `proof` object MUST include a `ldp_vp` claim containing a [verifiable presentation](https://www.w3.org/TR/vc-data-model-2.0/#presentations-0) defined in (#ldp_vp-proof-type). #### `jwt` Key Proof Type {#jwt-proof-type} From b429a35718228e80f79904e50f2b510da39ec0b1 Mon Sep 17 00:00:00 2001 From: F-Node-Karlsruhe Date: Mon, 16 Oct 2023 10:14:01 +0200 Subject: [PATCH 08/21] use verification identifier instead of DID Signed-off-by: F-Node-Karlsruhe --- openid-4-verifiable-credential-issuance-1_0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openid-4-verifiable-credential-issuance-1_0.md b/openid-4-verifiable-credential-issuance-1_0.md index 7bc3f629..4a829ae7 100644 --- a/openid-4-verifiable-credential-issuance-1_0.md +++ b/openid-4-verifiable-credential-issuance-1_0.md @@ -804,7 +804,7 @@ Here is another example JWT not only proving possession of a private key but als The verifiable presentation as defined by [@VC_DATA_2.0] signed using Data Integrity that are used as Key Proofs MUST contain the following elements: * in the presentation itself, - * `holder`: OPTIONAL. MUST be equivalent to the DID in the `proof.verificationMethod` property. + * `holder`: OPTIONAL. MUST be equivalent to the verificationMethod identifier (e.g. DID) in the `proof.verificationMethod` property. * in the proof body, * `domain`: REQUIRED (string). The value of this claim MUST be the Credential Issuer Identifier. From 0f232ac694a3a2db37ca17bfc4b600c0431a8e12 Mon Sep 17 00:00:00 2001 From: F-Node-Karlsruhe <41575897+F-Node-Karlsruhe@users.noreply.github.com> Date: Tue, 17 Oct 2023 11:22:05 +0200 Subject: [PATCH 09/21] Update openid-4-verifiable-credential-issuance-1_0.md Co-authored-by: Gabe <7622243+decentralgabe@users.noreply.github.com> --- openid-4-verifiable-credential-issuance-1_0.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/openid-4-verifiable-credential-issuance-1_0.md b/openid-4-verifiable-credential-issuance-1_0.md index 4a829ae7..e156d565 100644 --- a/openid-4-verifiable-credential-issuance-1_0.md +++ b/openid-4-verifiable-credential-issuance-1_0.md @@ -819,7 +819,8 @@ Below is a non-normative example of a `proof` parameter: "proof_type": "ldp_vp_2.0", "ldp_vp": { "@context": [ - "https://www.w3.org/2018/credentials/v1" + "https://www.w3.org/ns/credentials/v2", + "https://www.w3.org/ns/credentials/examples/v2" ], "type": [ "VerifiablePresentation" From 0c0197317fecb22185a9a2d1b255e918bbba8897 Mon Sep 17 00:00:00 2001 From: F-Node-Karlsruhe <41575897+F-Node-Karlsruhe@users.noreply.github.com> Date: Tue, 17 Oct 2023 11:22:40 +0200 Subject: [PATCH 10/21] Update examples/credential_request_ldp_vc_vp.json Co-authored-by: Gabe <7622243+decentralgabe@users.noreply.github.com> --- examples/credential_request_ldp_vc_vp.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/examples/credential_request_ldp_vc_vp.json b/examples/credential_request_ldp_vc_vp.json index df8f86cf..cc077a1d 100644 --- a/examples/credential_request_ldp_vc_vp.json +++ b/examples/credential_request_ldp_vc_vp.json @@ -19,7 +19,8 @@ "proof_type": "ldp_vp_2.0", "ldp_vp": { "@context": [ - "https://www.w3.org/2018/credentials/v1" + "https://www.w3.org/ns/credentials/v2", + "https://www.w3.org/ns/credentials/examples/v2" ], "type": [ "VerifiablePresentation" From 8efb27b0ea86d294a81accfb258447d41ea06577 Mon Sep 17 00:00:00 2001 From: F-Node-Karlsruhe Date: Fri, 27 Oct 2023 09:04:59 +0200 Subject: [PATCH 11/21] generalize ldp proof type Signed-off-by: F-Node-Karlsruhe --- examples/credential_request_ldp_vc_vp.json | 6 +++--- openid-4-verifiable-credential-issuance-1_0.md | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/examples/credential_request_ldp_vc_vp.json b/examples/credential_request_ldp_vc_vp.json index cc077a1d..c07ce9b1 100644 --- a/examples/credential_request_ldp_vc_vp.json +++ b/examples/credential_request_ldp_vc_vp.json @@ -16,11 +16,11 @@ } }, "proof": { - "proof_type": "ldp_vp_2.0", + "proof_type": "ldp_vp", "ldp_vp": { "@context": [ - "https://www.w3.org/ns/credentials/v2", - "https://www.w3.org/ns/credentials/examples/v2" + "https://www.w3.org/ns/credentials/v2", + "https://www.w3.org/ns/credentials/examples/v2" ], "type": [ "VerifiablePresentation" diff --git a/openid-4-verifiable-credential-issuance-1_0.md b/openid-4-verifiable-credential-issuance-1_0.md index e156d565..c1e83121 100644 --- a/openid-4-verifiable-credential-issuance-1_0.md +++ b/openid-4-verifiable-credential-issuance-1_0.md @@ -735,7 +735,7 @@ This specification defines the following values for the `proof_type` property: * `jwt`: A JWT [@!RFC7519] is used as proof of possession. When `proof_type` is `jwt`, a `proof` object MUST include a `jwt` claim containing a JWT defined in (#jwt-proof-type). * `cwt`: A CWT [@!RFC8392] is used as proof of possession. When `proof_type` is `cwt`, a `proof` object MUST include a `cwt` claim containing a CWT defined in (#cwt-proof-type). -* `ldp_vp_2.0`: A verifiable presentation signed using the Data Integrity Proof defined in [@VC_DATA_2.0], and where the proof of possession MUST be done in accordance with [@DI]. When `proof_type` is set to `ldp_vp_2.0`, the `proof` object MUST include a `ldp_vp` claim containing a [verifiable presentation](https://www.w3.org/TR/vc-data-model-2.0/#presentations-0) defined in (#ldp_vp-proof-type). +* `ldp_vp`: A verifiable presentation signed using the Data Integrity Proof defined in [@VC_DATA_2.0] or [@VC_DATA], and where the proof of possession MUST be done in accordance with [@DI]. When `proof_type` is set to `ldp_vp`, the `proof` object MUST include a `ldp_vp` claim containing a [verifiable presentation](https://www.w3.org/TR/vc-data-model-2.0/#presentations-0) defined in (#ldp_vp-proof-type). #### `jwt` Key Proof Type {#jwt-proof-type} @@ -799,9 +799,9 @@ Here is another example JWT not only proving possession of a private key but als } ``` -#### `ldp_vp_2.0` Key Proof Type {#ldp_vp-proof-type} +#### `ldp_vp` Key Proof Type {#ldp_vp-proof-type} -The verifiable presentation as defined by [@VC_DATA_2.0] signed using Data Integrity that are used as Key Proofs MUST contain the following elements: +The verifiable presentation as defined by [@VC_DATA_2.0] or [@VC_DATA] signed using Data Integrity that are used as Key Proofs MUST contain the following elements: * in the presentation itself, * `holder`: OPTIONAL. MUST be equivalent to the verificationMethod identifier (e.g. DID) in the `proof.verificationMethod` property. @@ -816,7 +816,7 @@ Below is a non-normative example of a `proof` parameter: ```json { - "proof_type": "ldp_vp_2.0", + "proof_type": "ldp_vp", "ldp_vp": { "@context": [ "https://www.w3.org/ns/credentials/v2", From 985a499ba286df7a0764138698a8a74bcc510069 Mon Sep 17 00:00:00 2001 From: F-Node-Karlsruhe <41575897+F-Node-Karlsruhe@users.noreply.github.com> Date: Mon, 30 Oct 2023 11:04:53 +0100 Subject: [PATCH 12/21] Update openid-4-verifiable-credential-issuance-1_0.md Co-authored-by: Dave Longley --- openid-4-verifiable-credential-issuance-1_0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openid-4-verifiable-credential-issuance-1_0.md b/openid-4-verifiable-credential-issuance-1_0.md index c1e83121..10d8e5d4 100644 --- a/openid-4-verifiable-credential-issuance-1_0.md +++ b/openid-4-verifiable-credential-issuance-1_0.md @@ -804,7 +804,7 @@ Here is another example JWT not only proving possession of a private key but als The verifiable presentation as defined by [@VC_DATA_2.0] or [@VC_DATA] signed using Data Integrity that are used as Key Proofs MUST contain the following elements: * in the presentation itself, - * `holder`: OPTIONAL. MUST be equivalent to the verificationMethod identifier (e.g. DID) in the `proof.verificationMethod` property. + * `holder`: OPTIONAL. MUST be equivalent to the controller identifier (e.g. DID) for the verificationMethod identified by the `proof.verificationMethod` property. * in the proof body, * `domain`: REQUIRED (string). The value of this claim MUST be the Credential Issuer Identifier. From 6c227faf855baf0b8d1f72c9ba9feac09029d6c1 Mon Sep 17 00:00:00 2001 From: F-Node-Karlsruhe Date: Tue, 31 Oct 2023 08:12:55 +0100 Subject: [PATCH 13/21] mv example to to request section Signed-off-by: F-Node-Karlsruhe --- openid-4-verifiable-credential-issuance-1_0.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/openid-4-verifiable-credential-issuance-1_0.md b/openid-4-verifiable-credential-issuance-1_0.md index 10d8e5d4..3516bdea 100644 --- a/openid-4-verifiable-credential-issuance-1_0.md +++ b/openid-4-verifiable-credential-issuance-1_0.md @@ -1895,9 +1895,6 @@ The following is a non-normative example of a Credential Offer of type `ldp_vc`: <{{examples/credential_offer_ldp_vc.json}} -For better suiting the W3C Data Integrity Proof ecosystem the following non-normative example displays a Credential request with the proof of possession type set to `ldp_vp`, using a verifiable presentation. - -<{{examples/credential_request_ldp_vc_vp.json}} #### Authorization Details {#authorization_ldp_vc} @@ -1925,6 +1922,10 @@ The following is a non-normative example of a Credential Request with Credential <{{examples/credential_request_ldp_vc.json}} +For better suiting the W3C Data Integrity Proof ecosystem the following non-normative example displays a Credential request with the proof of possession type set to `ldp_vp`, using a verifiable presentation. + +<{{examples/credential_request_ldp_vc_vp.json}} + #### Credential Response The value of the `credential` claim in the Credential Response MUST be a JSON object. Credentials of this format MUST NOT be re-encoded. From 65b2736f5c302e485305445c024786e068987888 Mon Sep 17 00:00:00 2001 From: F-Node-Karlsruhe <41575897+F-Node-Karlsruhe@users.noreply.github.com> Date: Thu, 2 Nov 2023 07:52:19 +0100 Subject: [PATCH 14/21] Update openid-4-verifiable-credential-issuance-1_0.md Co-authored-by: Kristina <52878547+Sakurann@users.noreply.github.com> --- openid-4-verifiable-credential-issuance-1_0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openid-4-verifiable-credential-issuance-1_0.md b/openid-4-verifiable-credential-issuance-1_0.md index a8bb1af5..72ec638c 100644 --- a/openid-4-verifiable-credential-issuance-1_0.md +++ b/openid-4-verifiable-credential-issuance-1_0.md @@ -835,7 +835,7 @@ Here is another example JWT not only proving possession of a private key but als #### `ldp_vp` Key Proof Type {#ldp_vp-proof-type} -The verifiable presentation as defined by [@VC_DATA_2.0] or [@VC_DATA] signed using Data Integrity that are used as Key Proofs MUST contain the following elements: +When a W3C Verifiable Presentation as defined by [@VC_DATA_2.0] or [@VC_DATA] signed using Data Integrity is used as Key Proof, it MUST contain the following elements: * in the presentation itself, * `holder`: OPTIONAL. MUST be equivalent to the controller identifier (e.g. DID) for the verificationMethod identified by the `proof.verificationMethod` property. From e6822532a4d7d2bbc1313376ac470fe6348d6a21 Mon Sep 17 00:00:00 2001 From: F-Node-Karlsruhe Date: Thu, 2 Nov 2023 07:58:57 +0100 Subject: [PATCH 15/21] rename DI to data_Integrity Signed-off-by: F-Node-Karlsruhe --- openid-4-verifiable-credential-issuance-1_0.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/openid-4-verifiable-credential-issuance-1_0.md b/openid-4-verifiable-credential-issuance-1_0.md index 72ec638c..af3b3e06 100644 --- a/openid-4-verifiable-credential-issuance-1_0.md +++ b/openid-4-verifiable-credential-issuance-1_0.md @@ -769,7 +769,7 @@ This specification defines the following values for the `proof_type` property: * `jwt`: A JWT [@!RFC7519] is used as proof of possession. When `proof_type` is `jwt`, a `proof` object MUST include a `jwt` claim containing a JWT defined in (#jwt-proof-type). * `cwt`: A CWT [@!RFC8392] is used as proof of possession. When `proof_type` is `cwt`, a `proof` object MUST include a `cwt` claim containing a CWT defined in (#cwt-proof-type). -* `ldp_vp`: A verifiable presentation signed using the Data Integrity Proof defined in [@VC_DATA_2.0] or [@VC_DATA], and where the proof of possession MUST be done in accordance with [@DI]. When `proof_type` is set to `ldp_vp`, the `proof` object MUST include a `ldp_vp` claim containing a [verifiable presentation](https://www.w3.org/TR/vc-data-model-2.0/#presentations-0) defined in (#ldp_vp-proof-type). +* `ldp_vp`: A verifiable presentation signed using the Data Integrity Proof defined in [@VC_DATA_2.0] or [@VC_DATA], and where the proof of possession MUST be done in accordance with [@Data_Integrity]. When `proof_type` is set to `ldp_vp`, the `proof` object MUST include a `ldp_vp` claim containing a [verifiable presentation](https://www.w3.org/TR/vc-data-model-2.0/#presentations-0) defined in (#ldp_vp-proof-type). #### `jwt` Key Proof Type {#jwt-proof-type} @@ -1494,7 +1494,7 @@ TBD - + Verifiable Credential Data Integrity 1.0 From 5dbe826f43a857eea97115391ede392639a32936 Mon Sep 17 00:00:00 2001 From: F-Node-Karlsruhe <41575897+F-Node-Karlsruhe@users.noreply.github.com> Date: Thu, 2 Nov 2023 08:01:54 +0100 Subject: [PATCH 16/21] Update openid-4-verifiable-credential-issuance-1_0.md Co-authored-by: Kristina <52878547+Sakurann@users.noreply.github.com> --- openid-4-verifiable-credential-issuance-1_0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openid-4-verifiable-credential-issuance-1_0.md b/openid-4-verifiable-credential-issuance-1_0.md index af3b3e06..f0ae6769 100644 --- a/openid-4-verifiable-credential-issuance-1_0.md +++ b/openid-4-verifiable-credential-issuance-1_0.md @@ -838,7 +838,7 @@ Here is another example JWT not only proving possession of a private key but als When a W3C Verifiable Presentation as defined by [@VC_DATA_2.0] or [@VC_DATA] signed using Data Integrity is used as Key Proof, it MUST contain the following elements: * in the presentation itself, - * `holder`: OPTIONAL. MUST be equivalent to the controller identifier (e.g. DID) for the verificationMethod identified by the `proof.verificationMethod` property. + * `holder`: OPTIONAL. MUST be equivalent to the controller identifier (e.g. DID) for the `verificationMethod` value identified by the `proof.verificationMethod` property. * in the proof body, * `domain`: REQUIRED (string). The value of this claim MUST be the Credential Issuer Identifier. From 9e31825398e426fb22da4c09c7259e0647dcb677 Mon Sep 17 00:00:00 2001 From: F-Node-Karlsruhe Date: Thu, 2 Nov 2023 08:07:08 +0100 Subject: [PATCH 17/21] restructure presentation definition Signed-off-by: F-Node-Karlsruhe --- openid-4-verifiable-credential-issuance-1_0.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/openid-4-verifiable-credential-issuance-1_0.md b/openid-4-verifiable-credential-issuance-1_0.md index f0ae6769..43a51997 100644 --- a/openid-4-verifiable-credential-issuance-1_0.md +++ b/openid-4-verifiable-credential-issuance-1_0.md @@ -837,10 +837,9 @@ Here is another example JWT not only proving possession of a private key but als When a W3C Verifiable Presentation as defined by [@VC_DATA_2.0] or [@VC_DATA] signed using Data Integrity is used as Key Proof, it MUST contain the following elements: - * in the presentation itself, - * `holder`: OPTIONAL. MUST be equivalent to the controller identifier (e.g. DID) for the `verificationMethod` value identified by the `proof.verificationMethod` property. + * `holder`: OPTIONAL. MUST be equivalent to the controller identifier (e.g. DID) for the `verificationMethod` value identified by the `proof.verificationMethod` property. - * in the proof body, + * `proof`: REQUIRED. The proof body of a W3C Verifiable Presentation. * `domain`: REQUIRED (string). The value of this claim MUST be the Credential Issuer Identifier. * `challenge`: REQUIRED (string). The value type of this claim MUST be a string, where the value is a server-provided `c_nonce`. It MUST be present when the Wallet received server-provided `c_nonce`. From 6a2dba64f498910afc3b26400ede0a2a1f52ed40 Mon Sep 17 00:00:00 2001 From: F-Node-Karlsruhe Date: Thu, 2 Nov 2023 08:30:04 +0100 Subject: [PATCH 18/21] specify object type of ldp_vp Signed-off-by: F-Node-Karlsruhe --- openid-4-verifiable-credential-issuance-1_0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openid-4-verifiable-credential-issuance-1_0.md b/openid-4-verifiable-credential-issuance-1_0.md index 43a51997..bdbade56 100644 --- a/openid-4-verifiable-credential-issuance-1_0.md +++ b/openid-4-verifiable-credential-issuance-1_0.md @@ -769,7 +769,7 @@ This specification defines the following values for the `proof_type` property: * `jwt`: A JWT [@!RFC7519] is used as proof of possession. When `proof_type` is `jwt`, a `proof` object MUST include a `jwt` claim containing a JWT defined in (#jwt-proof-type). * `cwt`: A CWT [@!RFC8392] is used as proof of possession. When `proof_type` is `cwt`, a `proof` object MUST include a `cwt` claim containing a CWT defined in (#cwt-proof-type). -* `ldp_vp`: A verifiable presentation signed using the Data Integrity Proof defined in [@VC_DATA_2.0] or [@VC_DATA], and where the proof of possession MUST be done in accordance with [@Data_Integrity]. When `proof_type` is set to `ldp_vp`, the `proof` object MUST include a `ldp_vp` claim containing a [verifiable presentation](https://www.w3.org/TR/vc-data-model-2.0/#presentations-0) defined in (#ldp_vp-proof-type). +* `ldp_vp`: A W3C Verifiable Presentation object signed using the Data Integrity Proof as defined in [@VC_DATA_2.0] or [@VC_DATA], and where the proof of possession MUST be done in accordance with [@Data_Integrity]. When `proof_type` is set to `ldp_vp`, the `proof` object MUST include a `ldp_vp` claim containing a [W3C Verifiable Presentation](https://www.w3.org/TR/vc-data-model-2.0/#presentations-0) defined in (#ldp_vp-proof-type). #### `jwt` Key Proof Type {#jwt-proof-type} From 0b2cbfe2884a5ff2c141466edc887711083b81f7 Mon Sep 17 00:00:00 2001 From: F-Node-Karlsruhe <41575897+F-Node-Karlsruhe@users.noreply.github.com> Date: Thu, 2 Nov 2023 08:35:17 +0100 Subject: [PATCH 19/21] Update openid-4-verifiable-credential-issuance-1_0.md Co-authored-by: Kristina <52878547+Sakurann@users.noreply.github.com> --- openid-4-verifiable-credential-issuance-1_0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openid-4-verifiable-credential-issuance-1_0.md b/openid-4-verifiable-credential-issuance-1_0.md index bdbade56..8d17c36d 100644 --- a/openid-4-verifiable-credential-issuance-1_0.md +++ b/openid-4-verifiable-credential-issuance-1_0.md @@ -1956,7 +1956,7 @@ The following is a non-normative example of a Credential Request with Credential <{{examples/credential_request_ldp_vc.json}} -For better suiting the W3C Data Integrity Proof ecosystem the following non-normative example displays a Credential request with the proof of possession type set to `ldp_vp`, using a verifiable presentation. +The following is a non-normative example of a Credential request with the key proof type `ldp_vp`: <{{examples/credential_request_ldp_vc_vp.json}} From c62bc00e85a95bde3ea6cb927ea586de803d4e18 Mon Sep 17 00:00:00 2001 From: F-Node-Karlsruhe <41575897+F-Node-Karlsruhe@users.noreply.github.com> Date: Fri, 1 Dec 2023 08:44:50 +0100 Subject: [PATCH 20/21] Update openid-4-verifiable-credential-issuance-1_0.md Co-authored-by: Kristina <52878547+Sakurann@users.noreply.github.com> --- openid-4-verifiable-credential-issuance-1_0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openid-4-verifiable-credential-issuance-1_0.md b/openid-4-verifiable-credential-issuance-1_0.md index 8d17c36d..648c4a0c 100644 --- a/openid-4-verifiable-credential-issuance-1_0.md +++ b/openid-4-verifiable-credential-issuance-1_0.md @@ -841,7 +841,7 @@ When a W3C Verifiable Presentation as defined by [@VC_DATA_2.0] or [@VC_DATA] si * `proof`: REQUIRED. The proof body of a W3C Verifiable Presentation. * `domain`: REQUIRED (string). The value of this claim MUST be the Credential Issuer Identifier. - * `challenge`: REQUIRED (string). The value type of this claim MUST be a string, where the value is a server-provided `c_nonce`. It MUST be present when the Wallet received server-provided `c_nonce`. + * `challenge`: REQUIRED when the Credential Issuer has provided a `c_nonce`. MUST NOT be used otherwise. String, where the value is a server-provided `c_nonce`. It MUST be present when the Wallet received server-provided `c_nonce`. The Credential Issuer MUST validate that the `proof` is actually signed with a key in possession of the Holder. From c65957944ba2a95c7f06df1f43ecfe2320649128 Mon Sep 17 00:00:00 2001 From: F-Node-Karlsruhe <41575897+F-Node-Karlsruhe@users.noreply.github.com> Date: Sat, 9 Dec 2023 08:39:40 +0100 Subject: [PATCH 21/21] Update openid-4-verifiable-credential-issuance-1_0.md Co-authored-by: Kristina <52878547+Sakurann@users.noreply.github.com> --- openid-4-verifiable-credential-issuance-1_0.md | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/openid-4-verifiable-credential-issuance-1_0.md b/openid-4-verifiable-credential-issuance-1_0.md index 4305c847..b134e59a 100644 --- a/openid-4-verifiable-credential-issuance-1_0.md +++ b/openid-4-verifiable-credential-issuance-1_0.md @@ -1504,17 +1504,6 @@ TBD - - - The OAuth 2.0 Authorization Framework: Bearer Token Usage - - Independent - - - Microsoft - - - Coded Character Set -- 7-bit American Standard Code for Information Interchange