Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Default verificationMethod #144

Closed
clehner opened this issue Mar 24, 2021 · 2 comments · Fixed by #234 or #253
Closed

Default verificationMethod #144

clehner opened this issue Mar 24, 2021 · 2 comments · Fixed by #234 or #253

Comments

@clehner
Copy link
Contributor

clehner commented Mar 24, 2021

DIDKit/ssi currently fails this VC HTTP API test:
https://github.com/w3c-ccg/vc-http-api/blob/b4df10dfdce98b453a2333e7ec1728a10bcc54d1/packages/vc-http-api-test-server/__tests__/issueCredential.spec.js#L72-L85

  1. The Issuer's Issue Credential HTTP API MUST reject if the value of "options.verificationMethod" in the body of the POST request does not exist.

That test requests issuing a verifiable credential with linked data proof option verificationMethod: 'foo', and we are supposed to reject this. A solution would be to require that the verificationMethod value is a URI, or at least looks like it might be a URI. verificationMethod may be a URL, or a DID URL, and we see both in this example:
https://w3c.github.io/vc-data-model/#example-2-a-simple-example-of-a-verifiable-presentation

We should also consider what to do when no verificationMethod option is passed in a PresentCredentialOptions or IssueCredentialOptions object. Currently we construct the proof anyway. But this means the resulting proof cannot be verified unless the verifier knows the verificationMethod URI separately tand passes it in the verification options. The description for the verificationMethod option in VC HTTP API says (https://github.com/w3c-ccg/vc-http-api/blob/b4df10dfdce98b453a2333e7ec1728a10bcc54d1/docs/vc-http-api.yml#L226-L228):

The URI of the verificationMethod used for the proof. Default assertionMethod URI.

I think that description implies that if the verificationMethod option is not passed in the issue request, the implementation should pick a verification method that has an assertionMethod verification relationship with the DID subject. i.e. assuming the VC issuer is a DID, resolve the DID document, enumerate the verificationMethod array, and pick the first value for which we have the corresponding private key. If the issuer is not a DID, the verificationMethod URI would need to be passed in to the issue options, or the operation would fail, unless/until we have an idea of what to do in that case. I don't think we need to support creating proof objects where the verificationMethod property is missing.
@clehner clehner mentioned this issue Mar 24, 2021
Open
15 tasks
@wyc
Copy link
Contributor

wyc commented Mar 29, 2021

Agreed on avoiding implicit substitutions and selections, and simply failing if a parameter is un/underspecified. Sounds like a good approach.

@clehner clehner mentioned this issue Jul 22, 2021
Merged
@clehner
Copy link
Contributor Author

clehner commented Aug 12, 2021

Reopening, as it seems that it is expected by VC HTTP API that DID resolution does happen during issuance, to check the verification relationship (between the issuer and the requested verification method and proof purpose) or to pick a default verification method and proof purpose.

@clehner clehner reopened this Aug 12, 2021
@clehner clehner mentioned this issue Aug 12, 2021
Merged
12 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@clehner @wyc