Difference between revisions of "Verifiable Presentation"
(→Context) |
(→Components) |
||
| (7 intermediate revisions by the same user not shown) | |||
| Line 4: | Line 4: | ||
==Context== | ==Context== | ||
* [[Decentralized ID]] is a related effort of the | * [[Decentralized ID]] is a related effort of the | ||
| − | * A [[Verifiable Presentation]] | + | * A [[Verifiable Presentation]] may also include a short lived liveness credential along with other credentials needed by the [[Relying Party]] under the assumption that the access to the VC is controlled by a phone with a lock screen. It is also possible for the wallet to ask for a proof of presence at the time the VP is created, but that is less likely in practice. |
| − | |||
==Hide information from VCs in VPs== | ==Hide information from VCs in VPs== | ||
| − | Aplieox opened this issue | + | Aplieox opened this issue 2022-03-01 in DIF-ID slack |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
Is there any way to hide informations from VCs in a VP? The Standard describes that such a privacy-enhancing feature should be implemented. | Is there any way to hide informations from VCs in a VP? The Standard describes that such a privacy-enhancing feature should be implemented. | ||
See here: https://www.w3.org/TR/vc-data-model/#presentations | See here: https://www.w3.org/TR/vc-data-model/#presentations | ||
| − | |||
| − | |||
| − | |||
| − | |||
| + | mirceanis commented | ||
Hiding information from VCs contained in a VP is only possible when using cryptographic systems that support this. | Hiding information from VCs contained in a VP is only possible when using cryptographic systems that support this. | ||
| Line 31: | Line 22: | ||
The recommended alternative is to use single purpose credentials, or credentials with few claims that can be disclosed together, as opposed to large credentials with multiple claims. This way, you are free to use any other cryptographic suite for both credentials and presentations. | The recommended alternative is to use single purpose credentials, or credentials with few claims that can be disclosed together, as opposed to large credentials with multiple claims. This way, you are free to use any other cryptographic suite for both credentials and presentations. | ||
| − | |||
| − | + | Aplieox - Thanks for the quick answer. Single purpose Credentials or Credentials with minimal private data seem to be the easiest solution. | |
| − | Aplieox | + | |
| − | |||
| − | Thanks for the quick answer. Single purpose Credentials or Credentials with minimal private data seem to be the easiest solution. | ||
| − | + | bumblefudge commented | |
| − | |||
| − | |||
| − | |||
| − | |||
@Aplieox , you might want to check out the JsonWebPresentation work item in the Applied Crypto WG at DIF-- it's a greenfield project to add a new form of token to the JSON family for just this purpose. I'm not sure how committed that WG is to backwards compatibility with presenting today's JWTs selectively (or if that's even mathematically possible!), but it's the best upgrade path I can imagine for today's JWT systems to upgrade to selective disclosure without having to scrap all the JW* token tooling! | @Aplieox , you might want to check out the JsonWebPresentation work item in the Applied Crypto WG at DIF-- it's a greenfield project to add a new form of token to the JSON family for just this purpose. I'm not sure how committed that WG is to backwards compatibility with presenting today's JWTs selectively (or if that's even mathematically possible!), but it's the best upgrade path I can imagine for today's JWT systems to upgrade to selective disclosure without having to scrap all the JW* token tooling! | ||
| Line 49: | Line 33: | ||
===Parts of [[Verifiable Credential]]s=== | ===Parts of [[Verifiable Credential]]s=== | ||
* The user is asked to supply verifiable attributed from credentials that are on the user device or that can easily be acquired online. | * The user is asked to supply verifiable attributed from credentials that are on the user device or that can easily be acquired online. | ||
| + | |||
| + | ===Presentation Request=== | ||
| + | https://w3c-ccg.github.io/vp-request-spec/<blockquote>This specification describes a declarative JSON-based query language used by applications to perform requests from wallets and agents. The results of the requests are always wrapped in a Verifiable Presentation.</blockquote> | ||
| + | |||
===Bindings to Users=== | ===Bindings to Users=== | ||
Also called proof of presence. | Also called proof of presence. | ||
Latest revision as of 17:43, 21 January 2024
Contents
Full Text or Meme
The Verifiable Presentation is a collection of Claims from Verifiable Credentials with other claims that bind these to the subject of the Verifiable Presentation.
Context
- Decentralized ID is a related effort of the
- A Verifiable Presentation may also include a short lived liveness credential along with other credentials needed by the Relying Party under the assumption that the access to the VC is controlled by a phone with a lock screen. It is also possible for the wallet to ask for a proof of presence at the time the VP is created, but that is less likely in practice.
Hide information from VCs in VPs
Aplieox opened this issue 2022-03-01 in DIF-ID slack
Is there any way to hide informations from VCs in a VP? The Standard describes that such a privacy-enhancing feature should be implemented. See here: https://www.w3.org/TR/vc-data-model/#presentations
mirceanis commented
Hiding information from VCs contained in a VP is only possible when using cryptographic systems that support this.
First, the VCs need to be constructed in such a way that their data is selectively disclosable. Then, the presentation only contains a derived VC which contains only that disclosable information along with a proof that the VC was derived correctly.
An example of such a crypto system is BBS+, but it is not yet compatible with JWT credentials, and therefore this library doesn't support it.
The recommended alternative is to use single purpose credentials, or credentials with few claims that can be disclosed together, as opposed to large credentials with multiple claims. This way, you are free to use any other cryptographic suite for both credentials and presentations.
Aplieox - Thanks for the quick answer. Single purpose Credentials or Credentials with minimal private data seem to be the easiest solution.
bumblefudge commented
@Aplieox , you might want to check out the JsonWebPresentation work item in the Applied Crypto WG at DIF-- it's a greenfield project to add a new form of token to the JSON family for just this purpose. I'm not sure how committed that WG is to backwards compatibility with presenting today's JWTs selectively (or if that's even mathematically possible!), but it's the best upgrade path I can imagine for today's JWT systems to upgrade to selective disclosure without having to scrap all the JW* token tooling!
Components
Parts of Verifiable Credentials
- The user is asked to supply verifiable attributed from credentials that are on the user device or that can easily be acquired online.
Presentation Request
https://w3c-ccg.github.io/vp-request-spec/This specification describes a declarative JSON-based query language used by applications to perform requests from wallets and agents. The results of the requests are always wrapped in a Verifiable Presentation.
Bindings to Users
Also called proof of presence.
Use of External Sites
- DHS/ALL/PIA-089 DHS International Biometric Interoperability Initiative for the Visa Waiver Program
- BioID
All processes on User Device
References
- One example is the Mobile Driver's License Presentation.
