From 7fdb272517b65126106eb3bd1df147bdd9c170a7 Mon Sep 17 00:00:00 2001 From: Brent Zundel Date: Fri, 30 Jun 2023 15:20:05 -0600 Subject: [PATCH 01/11] rewrite Presentations section Signed-off-by: Brent Zundel --- index.html | 85 +++++++++++++++++++++--------------------------------- 1 file changed, 33 insertions(+), 52 deletions(-) diff --git a/index.html b/index.html index efde55092..d6a3a9643 100644 --- a/index.html +++ b/index.html @@ -1899,65 +1899,61 @@

Status

Presentations

-Presentations MAY be used to combine and present credentials. -They can be packaged in such a way that the authorship of the data is -verifiable. The data in a presentation is often all about the same -subject, but there is no limit to the number of subjects or -issuers in the data. The aggregation of information from multiple -verifiable credentials is a typical use of -verifiable presentations. +Verifiable presentations MAY be used to aggregate information from +multiple verifiable credentials.

-Verifiable presentations SHOULD be extremely short-lived, and -bound to a challenge provided by a verifier. Details for accomplishing -this depend on the securing mechanism, the transport protocol, and -verifier policies. Unless additional requirements are defined by the -particular securing mechanism or embedding protocol, a verifier cannot -generally assume that the verifiable presentation has any correlation -with the presented verifiable credentials. +Verifiable presentations SHOULD be extremely short-lived, and bound to a +challenge provided by a verifier. Details for accomplishing this depend +on the securing mechanism, the transport protocol, and verifier policies. +Unless additional requirements are defined by the particular securing mechanism +or embedding protocol, a verifier cannot generally assume that the +verifiable presentation has any correlation with the presented +verifiable credentials.

-A verifiable presentation is typically composed of the following -properties: +The following properties are defined for a verifiable presentation:

id
-The id property is optional and MAY be used to provide a -unique identifier for the presentation. For details related to the use of -this property, see Section . +The id property is optional. It MAY be used to provide a +unique identifier for the verifiable presentation. For details related to +the use of this property, see Section .
type
-The type property is required and expresses the -type of presentation, such as VerifiablePresentation. For +The type property MUST be present. It is used to express the +type of verifiable presentation. The value of this property MUST be +VerifiablePresentation, but additional types MAY be included. For details related to the use of this property, see Section .
verifiableCredential
-If present, the value of the verifiableCredential property -MUST be constructed from one or more verifiable credentials, or of data +The verifiableCredential property MUST be present. The value +MUST be an array of one or more verifiable credentials, or of data derived from verifiable credentials in a cryptographically verifiable format.
holder
-If present, the value of the holder property -is expected to be a URL for the entity that is generating the -presentation. +The holder property is optional. If present, the value +MUST be a URL for the entity that is generating the +verifiable presentation.
proof
-If present, the value of the proof property ensures that -the presentation is verifiable. For details related to the use of -this property, see Section . +The proof property is optional. If present, the value MAY be +be used to express a securing mechanism such as [[?VC-DATA-INTEGRITY]]. A +verifiable presentation MAY be secured using an external proof such as +[[?VC-JWT]]. For details related to the use of this property, see Section +.

-The example below shows a verifiable presentation that embeds -verifiable credentials. +The example below shows a verifiable presentation: 

@@ -1989,18 +1985,14 @@ 
Presentations Using Derived Credentials

           

 Some zero-knowledge cryptography schemes might enable holders to
 indirectly prove they hold claims from a verifiable credential
-without revealing the verifiable credential itself. In these schemes, a
-claim from a verifiable credential might be used to derive a
-presented value, which is cryptographically asserted such that a verifier
-can trust the value if they trust the issuer.
+without revealing the entire verifiable credential. In these schemes, a
+verifiable credential might be used to derive presentable data, which is
+cryptographically asserted such that a verifier can trust the value if
+they trust the issuer.
           

-
           

-For example, a verifiable credential containing the claim
-date of birth might be used to derive the presented value
-over the age of 15 in a manner that is cryptographically
-verifiable. That is, a verifier can still trust the derived value
-if they trust the issuer.
+Some selective disclosure schemes can share only a subset of claims
+derived from a verifiable credential.
           

 
           

@@ -2009,17 +2001,6 @@ 
Presentations Using Derived Credentials

 Section .
           

 
-          

-Selective disclosure schemes using zero-knowledge proofs can use claims
-expressed in this model to prove additional statements about those claims.
-For example, a claim specifying a subject's date of birth can be
-used as a predicate to prove the subject's age is within a given range,
-and therefore prove the subject qualifies for age-related discounts,
-without actually revealing the subject's birthdate. The holder
-has the flexibility to use the claim in any way that is applicable to
-the desired verifiable presentation.
-          

-
           

             Pat has a property

From 93bc8a6e3028dbab85e96b9f84f3c0a6f795853d Mon Sep 17 00:00:00 2001
From: Brent Zundel <brent.zundel@gmail.com>
Date: Fri, 30 Jun 2023 15:24:32 -0600
Subject: [PATCH 02/11] edit presentations intro

Signed-off-by: Brent Zundel <brent.zundel@gmail.com>
---
 index.html | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/index.html b/index.html
index d6a3a9643..462f3e03b 100644
--- a/index.html
+++ b/index.html
@@ -790,12 +790,7 @@ <h3>Presentations</h3>
 
         <p>
 A <a>verifiable presentation</a> expresses data from one or more
-<a>verifiable credentials</a>, and is packaged in such a way that the
-authorship of the data is <a>verifiable</a>. If <a>verifiable credentials</a>
-are presented directly, they become <a>verifiable presentations</a>. Data
-formats derived from <a>verifiable credentials</a> that are cryptographically
-<a>verifiable</a>, but do not of themselves contain
-<a>verifiable credentials</a>, might also be <a>verifiable presentations</a>.
+<a>verifiable credentials</a>.
         </p>
 
         <p>

From adf1cebeffd13db4dcaa4e55aac01adea3b75661 Mon Sep 17 00:00:00 2001
From: Brent Zundel <brent.zundel@gmail.com>
Date: Mon, 3 Jul 2023 13:34:08 -0600
Subject: [PATCH 03/11] Apply suggestions from code review

Co-authored-by: Oliver Terbu <43441584+awoie@users.noreply.github.com>
Co-authored-by: Manu Sporny <msporny@digitalbazaar.com>
---
 index.html | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/index.html b/index.html
index 462f3e03b..e44a4ba61 100644
--- a/index.html
+++ b/index.html
@@ -1926,16 +1926,15 @@ <h3>Presentations</h3>
           </dd>
           <dt><var>verifiableCredential</var></dt>
           <dd>
-The <code>verifiableCredential</code> <a>property</a> MUST be present. The value
+The <code>verifiableCredential</code> <a>property</a> MAY be present. The value
 MUST be an array of one or more <a>verifiable credentials</a>, or of data
 derived from <a>verifiable credentials</a> in a cryptographically
 <a>verifiable</a> format.
           </dd>
           <dt><var>holder</var></dt>
           <dd>
-The <code>holder</code> <a>property</a> is optional. If present, the value
-MUST be a <a>URL</a> for the entity that is generating the
-<a>verifiable presentation</a>.
+The <a>verifiable presentation</a> MAY include a <code>holder</code> <a>property</a>. If present, the value
+MUST be a <a>URL</a> for the entity that is generating the <a>verifiable presentation</a>.
           </dd>
           <dt><var>proof</var></dt>
           <dd>
@@ -1986,7 +1985,7 @@ <h4>Presentations Using Derived Credentials</h4>
 they trust the <a>issuer</a>.
           </p>
           <p>
-Some selective disclosure schemes can share only a subset of <a>claims</a>
+Some selective disclosure schemes can share a subset of <a>claims</a>
 derived from a <a>verifiable credential</a>.
           </p>
 

From b62bb00e39d9258d7abff3f9e77a3dcfadc344f6 Mon Sep 17 00:00:00 2001
From: Brent Zundel <brent.zundel@gmail.com>
Date: Wed, 5 Jul 2023 12:55:40 -0600
Subject: [PATCH 04/11] Update index.html

---
 index.html | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/index.html b/index.html
index e44a4ba61..c10753aa1 100644
--- a/index.html
+++ b/index.html
@@ -1938,8 +1938,8 @@ <h3>Presentations</h3>
           </dd>
           <dt><var>proof</var></dt>
           <dd>
-The <code>proof</code> <a>property</a> is optional. If present, the value MAY be
-be used to express a securing mechanism such as [[?VC-DATA-INTEGRITY]]. A
+The <a>verifiable presentation</a> MAY include a <code>proof</code> 
+<a>property</a>. If present, the value SHOULD be used to express a securing mechanism such as [[?VC-DATA-INTEGRITY]]. A
 <a>verifiable presentation</a> MAY be secured using an external proof such as
 [[?VC-JWT]]. For details related to the use of this property, see Section
 <a href=.

From 3264f74f9785d351d5b5f8ed0cff21928f0d867f Mon Sep 17 00:00:00 2001
From: Brent Zundel 
Date: Wed, 5 Jul 2023 12:58:04 -0600
Subject: [PATCH 05/11] Update index.html

---
 index.html | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/index.html b/index.html
index c10753aa1..df4654047 100644
--- a/index.html
+++ b/index.html
@@ -1939,10 +1939,10 @@ 
Presentations

           
proof

           

 The verifiable presentation MAY include a proof 
-property. If present, the value SHOULD be used to express a securing mechanism such as [[?VC-DATA-INTEGRITY]]. A
-verifiable presentation MAY be secured using an external proof such as
-[[?VC-JWT]]. For details related to the use of this property, see Section
-.
+property. If present, the value SHOULD be used to express a securing 
+mechanism such as [[?VC-DATA-INTEGRITY]]. A verifiable presentation MAY
+be secured using an external proof such as [[?VC-JWT]]. For details related to 
+the use of this property, see Section .
           

         
 

From 9eaf43eb2b82784b667e4ffd0aeb56465df21953 Mon Sep 17 00:00:00 2001
From: Brent Zundel 
Date: Wed, 5 Jul 2023 13:52:56 -0600
Subject: [PATCH 06/11] Apply suggestions from code review

Co-authored-by: Orie Steele 
---
 index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.html b/index.html
index df4654047..64014b2f6 100644
--- a/index.html
+++ b/index.html
@@ -1979,7 +1979,7 @@ 
Presentations Using Derived Credentials

           

 Some zero-knowledge cryptography schemes might enable holders to
 indirectly prove they hold claims from a verifiable credential
-without revealing the entire verifiable credential. In these schemes, a
+without revealing all claims in a verifiable credential. In these schemes, a
 verifiable credential might be used to derive presentable data, which is
 cryptographically asserted such that a verifier can trust the value if
 they trust the issuer.

From 29f5cc974498b19b1f4062f4ddc05bdeb5e954f5 Mon Sep 17 00:00:00 2001
From: Brent Zundel 
Date: Wed, 5 Jul 2023 15:21:18 -0600
Subject: [PATCH 07/11] modify description to address Orie and Gabe's comments.

Signed-off-by: Brent Zundel 
---
 index.html | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/index.html b/index.html
index 64014b2f6..f3a5ae6f6 100644
--- a/index.html
+++ b/index.html
@@ -789,8 +789,11 @@ 
Presentations

         

 
         

-A verifiable presentation expresses data from one or more
-verifiable credentials.
+A verifiable presentation can express data from multiple
+verifiable credentials and contain arbitrary additional data encoded as
+JSON-LD. They are used by a holder to present claims to a
+verifier. It is also possible to present verifiable credentials
+directly.
         

 
         


From 75bfa7d36b781ea639dbb7759c06a86b122bd9b8 Mon Sep 17 00:00:00 2001
From: Brent Zundel 
Date: Wed, 5 Jul 2023 15:27:17 -0600
Subject: [PATCH 08/11] point normatively to guidance elsewhere.

Signed-off-by: Brent Zundel 
---
 index.html | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/index.html b/index.html
index f3a5ae6f6..4967cf75c 100644
--- a/index.html
+++ b/index.html
@@ -1917,15 +1917,15 @@ 
Presentations

           
id

           

 The id property is optional. It MAY be used to provide a
-unique identifier for the verifiable presentation. For details related to
-the use of this property, see Section .
+unique identifier for the verifiable presentation. If present, the
+normative guidance in Section  MUST be followed.
           

           
type

           

 The type property MUST be present. It is used to express the
 type of verifiable presentation. The value of this property MUST be
-VerifiablePresentation, but additional types MAY be included. For
-details related to the use of this property, see Section .
+VerifiablePresentation, but additional types MAY be included. The
+related normative guidance in Section  MUST be followed.
           

           
verifiableCredential

           


From e5b8dd056271f06b19b8e36890ce573853d273df Mon Sep 17 00:00:00 2001
From: Brent Zundel 
Date: Wed, 5 Jul 2023 15:34:18 -0600
Subject: [PATCH 09/11] let holder copy issuer

Signed-off-by: Brent Zundel 
---
 index.html | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/index.html b/index.html
index 4967cf75c..764da7147 100644
--- a/index.html
+++ b/index.html
@@ -1936,8 +1936,13 @@ 
Presentations

           

           
holder

           

-The verifiable presentation MAY include a holder property. If present, the value
-MUST be a URL for the entity that is generating the verifiable presentation.
+The verifiable presentation MAY include a holder
+property. If present, the value MUST be either a URL or an object
+containing an id property. It is RECOMMENDED that the
+URL in the holder or its id be one which, if
+dereferenced, results in a document containing machine-readable information
+about the holder that can be used to verify the information
+expressed in the verifiable presentation.
           

           
proof

           


From 6a7c14e0a9cc2486d816c2072f82185c1919cc26 Mon Sep 17 00:00:00 2001
From: Brent Zundel 
Date: Fri, 7 Jul 2023 08:09:52 -0600
Subject: [PATCH 10/11] Apply suggestions from code review

Thanks Ted!

Co-authored-by: Ted Thibodeau Jr 
---
 index.html | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/index.html b/index.html
index 764da7147..e6e69535f 100644
--- a/index.html
+++ b/index.html
@@ -1923,7 +1923,7 @@ 
Presentations

           
type

           

 The type property MUST be present. It is used to express the
-type of verifiable presentation. The value of this property MUST be
+type of verifiable presentation. One value of this property MUST be
 VerifiablePresentation, but additional types MAY be included. The
 related normative guidance in Section  MUST be followed.
           

@@ -1987,8 +1987,8 @@ 
Presentations Using Derived Credentials

           

 Some zero-knowledge cryptography schemes might enable holders to
 indirectly prove they hold claims from a verifiable credential
-without revealing all claims in a verifiable credential. In these schemes, a
-verifiable credential might be used to derive presentable data, which is
+without revealing all claims in that verifiable credential. In these schemes,
+a verifiable credential might be used to derive presentable data, which is
 cryptographically asserted such that a verifier can trust the value if
 they trust the issuer.
           


From b1119cbd0860e8abd0ad825113d8865ffae4bd70 Mon Sep 17 00:00:00 2001
From: Brent Zundel 
Date: Fri, 7 Jul 2023 08:16:42 -0600
Subject: [PATCH 11/11] Update index.html

---
 index.html | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/index.html b/index.html
index e6e69535f..187c8b740 100644
--- a/index.html
+++ b/index.html
@@ -1943,6 +1943,9 @@ 
Presentations

 dereferenced, results in a document containing machine-readable information
 about the holder that can be used to verify the information
 expressed in the verifiable presentation.
+If the holder property> is absent, information about the
+holder is expected to either be obtained via the securing mechanism, or
+to not pertain to the validation of the verifiable presentation.
           
           
proof