Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add confidence method to VCDM #1054

Closed
wants to merge 49 commits into from
Closed
Changes from 7 commits
Commits
Show all changes
49 commits
Select commit Hold shift + click to select a range
c08f81a
fix: first stab on #789
Feb 27, 2023
5884ecc
fix: fixed typo
Feb 27, 2023
d353ed8
fix: added confirmation method to types section
Feb 27, 2023
fc0cd1f
fix: fixes references in types section and adds reference to extensio…
Feb 27, 2023
87fb326
fix: removed array from confirmation method types
Feb 27, 2023
2b84c20
fix: removed array from confirmation method example if only one confi…
Feb 27, 2023
1d83150
fix: removed id in 2nd confirmation method example
Feb 27, 2023
59684a4
fix: accepting editorial suggestions
awoie Mar 7, 2023
8450b27
fix: accepting editorial suggestions
awoie Mar 7, 2023
825d128
fix: accepting editorial language improvements
awoie Mar 7, 2023
61381c1
fix: accepting editorial suggestions
awoie Mar 7, 2023
9e61926
fix: accepting editorial suggestions
awoie Mar 7, 2023
1f6c3d3
fix: accepting editorial suggestions
awoie Mar 7, 2023
f3f6c47
fix: accepting editorial suggestions
awoie Mar 7, 2023
872d1bd
fix: accepting editorial suggestions
awoie Mar 7, 2023
463b8da
fix: fixed type in confirmation method example
awoie Mar 7, 2023
2632d7d
fix: removed 2023 from confirmation method types
Mar 7, 2023
e00e02f
fix: addressed gabe's concern
Mar 7, 2023
7275ae8
fix: extended confirmation method verb
Mar 7, 2023
23e5108
fix: fixed language
Mar 7, 2023
61893d4
fix: fixed whitespace
Mar 7, 2023
5e880f1
fix: replaced may with can since notes should not contain normative v…
Mar 8, 2023
0f12cca
fix: accepting requested language improvements
awoie Mar 8, 2023
413b14f
fix: accepting editorial improvements
awoie Mar 8, 2023
ee326d8
fix: accepting requested language improvements
awoie Mar 13, 2023
6107513
fix: accepting requested language improvements
awoie Mar 13, 2023
6fe6b4a
fix: using satisfy instead of proving control
Mar 13, 2023
12ea07e
fix: accepting requested language improvements
awoie Apr 12, 2023
20fe60a
fix: accepting requested language improvements
awoie Apr 12, 2023
90a7455
fix: accepting requested language improvements
awoie Apr 12, 2023
fd065af
fix: renamed confirmation method to confidence method
awoie May 3, 2023
8821578
fix: renamed confirmation method to confidence method
awoie May 3, 2023
73c85e4
fix: renamed confirmation method to confidence method
awoie May 3, 2023
65948b1
fix: renamed confirmation method to confidence method
awoie May 4, 2023
b691737
fix: adjusted intro to confidence method and accepted suggestion on p…
awoie May 4, 2023
0dfdc32
fix: accepted editorial suggestions on confidence method
awoie May 4, 2023
f4435ba
fix: renamed confirmation method to confidence method
awoie May 4, 2023
7e06b5c
fix: accepted editorial suggestions on confidence method
awoie May 4, 2023
9fb3918
fix: renamed confirmation method to confidence method
awoie May 4, 2023
372bbe8
fix: renamed confirmation method to confidence method
awoie May 4, 2023
659053b
fix: renamed confirmation method to confidence method
awoie May 4, 2023
55a2568
fix: renamed confirmation method to confidence method
awoie May 4, 2023
85bce72
Renamed confirmation method to confidence method
awoie May 8, 2023
7aa4ec9
Renamed confirmation method to confidence method
awoie May 8, 2023
c139a8e
Renamed confirmation method to confidence method
awoie May 8, 2023
6a7c4fd
Improving definition confidence method definition
awoie May 8, 2023
a84f866
Fine tuning confidence method language on liability
awoie May 8, 2023
1119501
fix: removed normative language for demonstrated confidence method types
May 8, 2023
05b4034
fix: renamed confirmationMethod to confidenceMethod in example
May 9, 2023
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
160 changes: 158 additions & 2 deletions index.html
Original file line number Diff line number Diff line change
Expand Up @@ -1416,6 +1416,15 @@ <h3>Types</h3>
</td>
</tr>

<tr>
<td>
<a href="#confirmation-method">confirmationMethod</a>&nbsp;object
awoie marked this conversation as resolved.
Show resolved Hide resolved
awoie marked this conversation as resolved.
Show resolved Hide resolved
</td>
<td>
A valid confirmation method <a>type</a>. For example,<br>
awoie marked this conversation as resolved.
Show resolved Hide resolved
<code>"type": "VerificationKeyConfirmation2023"</code>
Sakurann marked this conversation as resolved.
Show resolved Hide resolved
</td>
</tr>
</tbody>
</table>

Expand Down Expand Up @@ -2362,8 +2371,9 @@ <h3>Extensibility</h3>
<p>
Implementers are advised to pay close attention to the extension points in this
specification, such as in Sections <a href="#proofs-signatures"></a>,
<a href="#status"></a>, <a href="#data-schemas"></a>,<a href="#refreshing"></a>,
<a href="#terms-of-use"></a>, and <a href="#evidence"></a>. While this
<a href="#status"></a>, <a href="#data-schemas"></a>,
<a href="#refreshing"></a>, <a href="#terms-of-use"></a>,
<a href="#evidence"></a> and <a href="#confirmation-method"></a>. While this
awoie marked this conversation as resolved.
Show resolved Hide resolved
specification does not define concrete implementations for those extension
points, the Verifiable Credentials Extension Registry [[?VC-EXTENSION-REGISTRY]]
provides an unofficial, curated list of extensions that developers can use from
Expand Down Expand Up @@ -2905,6 +2915,152 @@ <h3>Evidence</h3>

</section>

<section>
<h3>Confirmation Method</h3>
awoie marked this conversation as resolved.
Show resolved Hide resolved

<p>
Confirmation Method can be included by an <a>issuer</a> in a <a>verifiable
awoie marked this conversation as resolved.
Show resolved Hide resolved
credential</a> to declare that the <a>subject</a> controls one or more
awoie marked this conversation as resolved.
Show resolved Hide resolved
awoie marked this conversation as resolved.
Show resolved Hide resolved
particular confirmation methods and to bind the <a>claims</a> about the
<a>subject</a> to one or more of these confirmation methods. In this way, an
<a>issuer</a> explicitly enables a <a>verifier</a> to validate that the
<a>holder</a> presenting the <a>verifiable credential</a> has proven control of
one or more of these confirmation methods when the <a>claims</a> bound to the
confirmation method are presented.
</p>

<p class="note">
A <a>verifier</a> can decide to accept <a>claims</a> in a <a>verifiable
credential</a> without validating the confirmation method or to use a different
mechanism to validate the <a>holder</a> is bound to the presented <a>claims</a>
if required without impacting liability if not specified by other means such
as a <code>termsOfUse</code> policy.
awoie marked this conversation as resolved.
Show resolved Hide resolved
</p>

<p>
This specification defines the <code>confirmationMethod</code> <a>property</a>
for expressing confirmation method information in a
<code>credentialSubject</code> in a <a>verifiable credential</a>.
awoie marked this conversation as resolved.
Show resolved Hide resolved
</p>

<p class="note">
For example, an <a>issuer</a> can include a confirmation method based on public
key cryptography in the <a>verifiable credential</a>. A <a>holder</a> can
generate and include a <a>proof</a> with a cryptographic signature in the
<a>verifiable presentation</a> where the verification key of the cryptographic
signature is bound to a confirmation method in the embedded <a>verifiable
credential</a>. A <a>verifier</a> can validate that the <a>holder</a> controls
the confirmation method by verifying the <a>proof</a> of the <a>verifiable
presentation</a> using the information in the confirmation method. The
confirmation method can include the verification key or the type of the
confirmation method can define that the verification key is inferred by other
<a>properties</a> in the <a>verifiable credential</a> such as the
<code>credentialSubject.id</code>.
</p>
awoie marked this conversation as resolved.
Show resolved Hide resolved

<dl>
<dt><dfn>confirmationMethod</dfn></dt>
awoie marked this conversation as resolved.
Show resolved Hide resolved
<dd>
If present, the value of the <code>confirmationMethod</code> <a>property</a> is
decentralgabe marked this conversation as resolved.
Show resolved Hide resolved
one or more confirmation methods each providing enough information for a
<a>verifier</a> to validate a <a>holder</a> generating a <a>verifiable
presentation</a> has proven control of a confirmation method bound to <a>claims
</a> in a <a>verifiable credential</a> in the <a>verifiable presentation</a>.
Each confirmation method MUST specify its <code>type</code> (for example,
awoie marked this conversation as resolved.
Show resolved Hide resolved
<code>DIDAuthWithSubjectIdConfirmation2023</code>) and MAY specify an
<code>id</code>. The precise <a>properties</a> and semantics of each
confirmation method is determined by the specific
<code>confirmationMethod</code> type definition.
awoie marked this conversation as resolved.
Show resolved Hide resolved
</dd>
</dl>

<p>
The type <code>DIDAuthWithSubjectIdConfirmation2023</code> defines that a
awoie marked this conversation as resolved.
Show resolved Hide resolved
awoie marked this conversation as resolved.
Show resolved Hide resolved
<a>verifier</a> MAY validate the confirmation method by verifying the proof of
awoie marked this conversation as resolved.
Show resolved Hide resolved
the <a>verifiable presentation</a> with the verification material of one of the
authentication verification relationships of the
<code>credentialSubject.id</code> in case the particular
<code>credentialSubject.id</code> is a Decentralized Identifier (DID).
awoie marked this conversation as resolved.
Show resolved Hide resolved
Copy link
Member

@msporny msporny Apr 16, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A DID isn't necessary if you're using Data Integrity, since that specification defines how authentication methods can be fetched using a protocol scheme: https://w3c.github.io/vc-data-integrity/#retrieve-verification-method ... that approach works for both publicKeyJwk and publicKeyMultibase.

</p>

<pre class="example nohighlight"
title="Usage of the confirmationMethod property of type DIDAuthWithSubjectIdConfirmation2023">
{
"@context": [
"https://www.w3.org/ns/credentials/v2",
"https://www.w3.org/ns/credentials/examples/v2"
],
"id": "http://example.edu/credentials/3732",
"type": ["VerifiableCredential", "UniversityDegreeCredential"],
"issuer": "https://example.edu/issuers/14",
"validFrom": "2010-01-01T19:23:24Z",
"credentialSubject": {
"id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
<span class="highlight">"confirmationMethod": {
"type": "DIDAuthWithSubjectIdConfirmation2023"
}</span>,
"degree": {
"type": "BachelorDegree",
"name": "Bachelor of Science and Arts"
}
},
"proof": { <span class="comment">...</span> }
}
</pre>

<p>
The type <code>VerificationKeyConfirmation2023</code> defines that a
<a>verifier</a> MAY validate the confirmation method by verifying the proof of
awoie marked this conversation as resolved.
Show resolved Hide resolved
the <a>verifiable presentation</a> with the verification material contained in
<code>publicKeyJwk</code> or <code>publicKeyMultibase</code>.
</p>

<pre class="example nohighlight"
title="Usage of the confirmationMethod property of type DIDAuthWithSubjectIdConfirmation2023">
awoie marked this conversation as resolved.
Show resolved Hide resolved
{
"@context": [
"https://www.w3.org/ns/credentials/v2",
"https://www.w3.org/ns/credentials/examples/v2"
],
"id": "http://example.edu/credentials/3732",
"type": ["VerifiableCredential", "UniversityDegreeCredential"],
"issuer": "https://example.edu/issuers/14",
"validFrom": "2010-01-01T19:23:24Z",
"credentialSubject": {
<span class="highlight">"confirmationMethod": [{
"type": "VerificationKeyConfirmation2023",
"publicKeyJwk": {
"crv": "Ed25519",
"x": "VCpo2LMLhn6iWku8MKvSLg2ZAoC-nlOyPVQaO3FxVeQ",
"kty": "OKP",
"kid": "_Qq0UL2Fq651Q0Fjd6TvnYE-faHiOpRlPVQcY_-tA4A"
}
},{
"type": "VerificationKeyConfirmation2023",
"publicKeyMultibase": "zH3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
}]</span>,
"degree": {
"type": "BachelorDegree",
"name": "Bachelor of Science and Arts"
}
},
"proof": { <span class="comment">...</span> }
}

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like the examples, however I wonder if it is best to include a confirmation method example that does not include key proofs, e.g. a portrait picture or the id number of a passport document, as we have described it in our RWOT#11 paper on identifier bindings. This might help readers understand the concept and open their mind

Copy link
Contributor

@dlongley dlongley Mar 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is further evidence that we're talking about something more broad than "confirmation methods", i.e., "assurance" of some kind. It seems that a "confirmation method" could be one such example of an assurance method -- if we even want to use "confirmation" language at all. But "confirmation method" seems to describe something very specific when used in other places in the ecosystem (e.g., confirmation of the possession of key material -- which, btw, it doesn't even actually confirm).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMO, portrait picture generally makes sense. For example in the ICAO DTC use case, where a traveller registers their DTC before travelling. The DTC might include a confirmation method with a biometric template, e.g., picture. When crossing the border, the automated border control system could then check whether a traveller with that biometric template was registered and let them through.

</pre>

<p class="note">
A confirmation method can express various metadata such as the <a>issuer's</a>
awoie marked this conversation as resolved.
Show resolved Hide resolved
level of confidence that the <a>holder</a> is the entity referenced by a
<a>subject</a> of the <a>verifiable credential</a>, specific form factors or
mechanisms of authenticators, references to other <a>verifiable credentials</a>
awoie marked this conversation as resolved.
Show resolved Hide resolved
or versioned trust frameworks. For example, an <a>issuer</a> can make a
<a>claim</a> about a confirmation method that is based on a cryptographic key
pair but to produce a signature using that key the <a>holder</a> has to unlock
awoie marked this conversation as resolved.
Show resolved Hide resolved
a device using multi-factor authentication.
</p>

</section>

<section>
<h3>Zero-Knowledge Proofs</h3>

Expand Down