Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Verifiable Presentation Clarification

See original GitHub issue

I am confused by the verifiable presentation API and process.

The README here states you create a VP by passing in the issuer DID, which is used to create a signed JWT.

This seems wrong to me. The issuer uses their EthrDID to sign the VC, they then give that to the holder. The holder does not or at least should not, have to know the issuers keys to create a VP. They may want to use the keys associated with the subject of the credential to sign the VP. Is this just a mistake in the README?

Should it be

    let vpPayload = {
        vp: {
            '@context': ['https://www.w3.org/2018/credentials/v1'],
            type: ['VerifiablePresentation'],
            verifiableCredential: [vcJWT]
        }
    }

    vpJWT = await didJWT.createVerifiablePresentationJwt(vpPayload, subject)

Also, this library includes no API for liveness through a challenge-sign-response type flow that would protect against replay’s. In effect signing a VP seems pretty pointless without this. I could have got this signed presentation object from my friend last week, or by listening on the wire last year.

Quite possibly I am missing something here, but by going through the README and setting up a basic example that is my interpretation. Is this just out of scope and left to an implementor to handle protection against replay?

Thanks

Issue Analytics

State:
Created 3 years ago
Comments:10 (8 by maintainers)

Top GitHub Comments

1reaction

wip-abramsoncommented, Feb 12, 2021

Ah okay so to implement this I would create a vp like:

    let vpPayload = {
        vp: {
            '@context': ['https://www.w3.org/2018/credentials/v1'],
            type: ['VerifiablePresentation'],
            verifiableCredential: [vcJWT]
        }
        nonce: "123454"
        aud: "www.example.com"
    }

And then sign it.

1reaction

awoiecommented, Feb 12, 2021

I’d say…

nonce <-> challenge
aud<-> domain

Note, we cannot use challenge and domain in the JWT itself as they are not registered with IANA.

Top Results From Across the Web

Verifiable Credentials Data Model v1.1 - W3C

A verifier can verify verifiable presentations from any holder, containing proofs of claims from any issuer. Verification should not depend on ...

Verifiable Credentials – how does it work? Understanding key ...

VP proof is used to verify the integrity of presentation. Proof is the holder's counter signature of a collection of VCs where each...

Verifiable Credentials Data Model 1.0 - AWS

A verifiable presentation expresses data from one or more verifiable credentials, and is packaged in such a way that the authorship of the...

Verifiable Credentials Flavors Explained

This presentation can contain attributes from more than one credential. For each attribute shared, the verifier looks up the credential schema it came...

Verifiable Credentials 101 for SSI with Tyler Ruff - YouTube

The focus of this presentation is how Verifiable Credentials work, and why the different steps and components are necessary.