Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Problems with prefix expansion when defining new JSON-LD proof suite

See original GitHub issue

Recently we have been working on refactoring the JSON-LD context definition for security-v3 to not use a recursive import style for the prior JSON-LD security contexts and have run into the following issue.

Take the following JSON-LD document (Note I know this is not a valid linked data proof, the example has just been simplified to convey only the issue at hand).

{
  "@context": {
    "BbsBlsSignature2020": {
        "@id": "https://w3id.org/security#BbsBlsSignature2020",
        "@context": {
          "@protected": true,
          "id": "@id",
          "type": "@type",
          "xsd": "http://www.w3.org/2001/XMLSchema#",
          "challenge": "https://w3id.org/security#challenge",
          "created": {
            "@id": "http://purl.org/dc/terms/created",
            "@type": "xsd:dateTime"
          },
          "domain": "https://w3id.org/security#domain",
          "nonce": "https://w3id.org/security#nonce",
          "proofPurpose": {
            "@id": "https://w3id.org/security#proofPurpose",
            "@type": "@vocab",
            "@context": {
              "@protected": true,
              "id": "@id",
              "type": "@type",
              "assertionMethod": {
                "@id": "https://w3id.org/security#assertionMethod",
                "@type": "@id",
                "@container": "@set"
              },
              "authentication": {
                "@id": "https://w3id.org/security#authenticationMethod",
                "@type": "@id",
                "@container": "@set"
              }
            }
          },
          "proofValue": "https://w3id.org/security#proofValue",
          "verificationMethod": {
            "@id": "https://w3id.org/security#verificationMethod",
            "@type": "@id"
          }
        }
      }
  },
  "@type": "BbsBlsSignature2020",
  "created": "2020-04-26T04:21:07Z",
  "verificationMethod": "did:example:489398593#test",
  "proofPurpose": "assertionMethod",
  "proofValue": "jx2VhjyZqUT91e2OhzweJA7G2u2UvmiDtIfmr+wUWNHWno+UOAh0FaNpM8Br+5j2JBkH981/nO1I7/9PFaRrng6NXu7vzDroKtuyj6nHGkMmGq4OMmBzIqRnG3ybin/Sxmu5YwqOxPMRsWH3H+2wSA=="
}

Because this library is written against the security-v2 context (e.g https://w3id.org/security/v2) unless explicitly skipped, an input document will be compacted against this context prior to any other proof related operations, here is where this is done today.

However in doing this operation with the JSON-LD document example provided above, the following results.

{
  "@context": "https://w3id.org/security/v2",
  "type": "sec:BbsBlsSignature2020",
  "created": "2020-04-26T04:21:07Z",
  "proofPurpose": "assertionMethod",
  "proofValue": "jx2VhjyZqUT91e2OhzweJA7G2u2UvmiDtIfmr+wUWNHWno+UOAh0FaNpM8Br+5j2JBkH981/nO1I7/9PFaRrng6NXu7vzDroKtuyj6nHGkMmGq4OMmBzIqRnG3ybin/Sxmu5YwqOxPMRsWH3H+2wSA==",
  "verificationMethod": "did:example:489398593#test"
}

Instead of the expected

{
  "@context": "https://w3id.org/security/v2",
  "type": "https://w3id.org/security#BbsBlsSignature2020",
  "created": "2020-04-26T04:21:07Z",
  "proofPurpose": "assertionMethod",
  "proofValue": "jx2VhjyZqUT91e2OhzweJA7G2u2UvmiDtIfmr+wUWNHWno+UOAh0FaNpM8Br+5j2JBkH981/nO1I7/9PFaRrng6NXu7vzDroKtuyj6nHGkMmGq4OMmBzIqRnG3ybin/Sxmu5YwqOxPMRsWH3H+2wSA==",
  "verificationMethod": "did:example:489398593#test"
}

Example on JSON-LD Playground

It appears the prefix sec that is originally defined in security-v1 and recursively imported into security-v2 is not being applied correctly during the compact operation.

Possible Solution

I noted that if instead of doing the compact operation against just the security-v2 context but instead the following

{
  "@context": [ "https://w3id.org/security/v2", {
        "@version": 1.1,
        "dc": "http://purl.org/dc/terms",
        "sec": "https://w3id.org/security",
        "xsd": "http://www.w3.org/2001/XMLSchema"
       }]
}

The issue with the compact result is resolved.

I also verified that this works when these lines are changed to

    document = await jsonld.compact(
      document, [ constants.SECURITY_CONTEXT_URL, 
       {
        "@version": 1.1,
        "dc": "http://purl.org/dc/terms",
        "sec": "https://w3id.org/security",
        "xsd": "http://www.w3.org/2001/XMLSchema"
       }],
      {documentLoader, expansionMap, compactToRelative: false});

Happy to submit a PR if this is the best solution to the problem although it appears the real issue is with the jsonld.js compact operation.

Issue Analytics

  • State:open
  • Created 3 years ago
  • Comments:6 (3 by maintainers)

github_iconTop GitHub Comments

1reaction
dlongleycommented, Oct 19, 2020

@tplooker, Yes, to making the proof suite expect those possible values.

0reactions
tplookercommented, Oct 19, 2020

Note the missing #. Since sec no longer matched the URL prefix in https://w3id.org/security#BbsBlsSignature2020, it was no longer used.

Ah right that makes a lot more sense now, thanks for the clarification and to make things clear for others on the thread too, doing this

document = await jsonld.compact(
      document, [ constants.SECURITY_CONTEXT_URL, 
       {
        "@version": 1.1,
        "dc": "http://purl.org/dc/terms",
        "sec": "https://example.com/completely-different-url",
        "xsd": "http://www.w3.org/2001/XMLSchema"
       }],
      {documentLoader, expansionMap, compactToRelative: false});

Where the document is that shown at the start of the issue, will yield

{
  "@context": "https://w3id.org/security/v2",
  "type": "https://w3id.org/security#BbsBlsSignature2020",
  "created": "2020-04-26T04:21:07Z",
  "proofPurpose": "assertionMethod",
  "proofValue": "jx2VhjyZqUT91e2OhzweJA7G2u2UvmiDtIfmr+wUWNHWno+UOAh0FaNpM8Br+5j2JBkH981/nO1I7/9PFaRrng6NXu7vzDroKtuyj6nHGkMmGq4OMmBzIqRnG3ybin/Sxmu5YwqOxPMRsWH3H+2wSA==",
  "verificationMethod": "did:example:489398593#test"
}

because the sec prefix is defined twice, differently, it forces the expansion of the prefix using the first definition as that is what is the definition of BbsBlsSignature2020 uses.

Until we move away from using the prefix, yes, that will be the expected value.

Ok understood does it make sense to expand our match proof logic to match on the following three values

BbsBlsSignature2020
sec:BbsBlsSignature2020
https://w3id.org/security#BbsBlsSignature2020

I believe this will future proof the suite and perhaps should be a general rule for all future JSON-LD proof suites? As that way when a new version of jsonld-signatures is released programmed against the v3 context, this suite should work with no further changes required?

Yes, I think they are trouble and we should move away from them – for precisely the kinds of the reasons you’ve brought up here. If we could keep prefixes contained to contexts only (so they didn’t leak into data), then they could be used as shortcuts there and it wouldn’t be such an issue, but a feature to enable that behavior just missed the boat in JSON-LD 1.1. Maybe in a future version we can do that, but until then, I do recommend just avoiding them entirely at this point, even thought it makes for a more verbose context.

+1 understood now

Read more comments on GitHub >

github_iconTop Results From Across the Web

JSON-LD 1.1 - W3C
JSON is a useful data serialization and messaging format. This specification defines JSON-LD 1.1, a JSON-based format to serialize Linked Data.
Read more >
How to use ACA-Py to issue and verify JSON-LD credentials
JSON-LD W3C Verifiable Credentials are a popular credential format in the Decentralized Identity community. They complement the Anonymous ...
Read more >
JSON-LD Syntax 1.0
D.1.1 Prefix definitions; D.1.2 Embedding; D.1.3 Lists ... For example, to expand a JSON-LD document from a compacted form, only one pass is ......
Read more >
Adding W3C Standard Verifiable Credentials support to ACA-Py
Present Proof; Issue Credential; Credential Querying / Storage; JSON-LD VCs ... Create presentation / verify presentation; Ed25519Signature2018 Suite ...
Read more >
digitalbazaar - Bountysource
After factoring out proof suites from jsonld-signatures, we will need to create an example "TestSuite" to demonstrate how to extend the library.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

getVerificationMethod should be framing the verificationMethod URI

Next page

LinkedDataSignature.getVerificationMethod limited to w3id.org security context definitions.