talaodao / hedera-vc-api Goto Github PK
View Code? Open in Web Editor NEWVC API
License: Apache License 2.0
hedera-vc-api's People
Contributors
Stargazers
Watchers
hedera-vc-api's Issues
Context in EU Standards
Hello. How does hedera-vc-api fit in with the evolving EU identity standards. My quick perspective is that most of the EBSI "standards" focus on the OpenID4VC and OpenID4Issuance interactions. So hedera-vc-api can be used to create the VCs that can then be put into an identity token, create the VP to respond to a proof request, and be used to verify the received VP from a token.
That being said there are many profiles for a VC. Looking at the jwt_vc_json samples like here I see some differences from the VC data model in hedera-vc-api. So is there an "EU" VC data model this is based on - or another VC profile spec I can reference?
Thanks!
Different 400 message when Credential is revoked.
When you do Verification of a revoked Verifiable Credential - if the credential is properly revoked then you'll get a 400 "message": "Invalid Input!"
However this is the same message I seem to get when there is any issues with a credential one is attempting to verify. Therefore one cannot distinguish from the response if the credential is revoked or there is maybe a format issue with the credential.
Is it possible to create a specific response message if a credential is revoked?
Verifiable Presentation Actor correction
The readme located at https://github.com/TalaoDAO/hedera-vc-api outlines the REST endpoints, and one of them is listed as follows:
"#4: [Issuer] Issue a Verifiable Presentation."
However, this appears to be a discrepancy; typically, issuing a Verifiable Presentation is the holder's responsibility. Any request for a Presentation should originate from the verifier, and the presentation itself should be provided by the holder. It's unclear why this task is attributed to the issuer. The vc-api specification also reflects the expected roles correctly, as shown in the image from the spec below.
Is this discrepancy a typographical mistake or an error in implementation? Could this be corrected, please?
Getting 400 on Verify
I am trying to run through a flow where I issue a credential with status using status list one and position of 1. Here is the Issuance:
"credential": {
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://w3id.org/vc/status-list/2021/v1",
{
"DemoPass": {
"@context": {
"@protected": true,
"@version": 1.1,
"email": "schema:email",
"entityId": "schema:identifier",
"firstName": "schema:firstName",
"id": "@id",
"lastName": "schema:lastName",
"parentId": "schema:identifier",
"phone": "schema:telephone",
"schema": "https://schema.org/",
"type": "@type",
"userId": "schema:identifier"
},
"@id": "urn:demopass"
}
}
],
"id": "did:key:zQ3sharUr4F1zxVK8YJKbzx4qi9X6vsmjkphwj7NAwHLz3p2T",
"type": [
"VerifiableCredential",
"DemoPass"
],
"issuer": "did:hedera:testnet:z3sojay9YVZeEUQW1w6PsNXF7CygVfdkNRVj3VcqKmDXN_0.0.7645847",
"issuanceDate": "2010-01-01T19:23:24Z",
"credentialSubject": {
"email": "[email protected]",
"entityId": 984,
"firstName": "John",
"id": "did:key:zQ3sharUr4F1zxVK8YJKbzx4qi9X6vsmjkphwj7NAwHLz3p2T",
"lastName": "Doe",
"parentId": 120,
"type": "DemoPass",
"userId": 12
}
},
"options": {
"credentialStatus": {
"id": "http://localhost:3004/credentials/status/0.0.7645848/1#1",
"type": "StatusList2021Entry",
"statusListIndex": "1",
"statusPurpose": "revocation",
"statusListCredential": "http://localhost:3004/credentials/0.0.7645848/status/1"
}
}
}```
From this issuance I get this response:
`{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://w3id.org/vc/status-list/2021/v1",
{
"DemoPass": {
"@context": {
"@protected": true,
"@version": 1.1,
"email": "schema:email",
"entityId": "schema:identifier",
"firstName": "schema:firstName",
"id": "@id",
"lastName": "schema:lastName",
"parentId": "schema:identifier",
"phone": "schema:telephone",
"schema": "https://schema.org/",
"type": "@type",
"userId": "schema:identifier"
},
"@id": "urn:demopass"
}
}
],
"id": "did:key:zQ3sharUr4F1zxVK8YJKbzx4qi9X6vsmjkphwj7NAwHLz3p2T",
"type": [
"VerifiableCredential",
"DemoPass"
],
"issuer": "did:hedera:testnet:z3sojay9YVZeEUQW1w6PsNXF7CygVfdkNRVj3VcqKmDXN_0.0.7645847",
"issuanceDate": "2010-01-01T19:23:24Z",
"credentialSubject": {
"email": "[email protected]",
"entityId": 984,
"firstName": "John",
"id": "did:key:zQ3sharUr4F1zxVK8YJKbzx4qi9X6vsmjkphwj7NAwHLz3p2T",
"lastName": "Doe",
"parentId": 120,
"type": "DemoPass",
"userId": 12
},
"credentialStatus": {
"id": "http://localhost:3004/credentials/status/0.0.7645848/1#1",
"type": "StatusList2021Entry",
"statusListIndex": "1",
"statusPurpose": "revocation",
"statusListCredential": "http://localhost:3004/credentials/0.0.7645848/status/1"
},
"proof": {
"type": "Ed25519Signature2018",
"created": "2024-01-15T22:02:13Z",
"verificationMethod": "did:hedera:testnet:z3sojay9YVZeEUQW1w6PsNXF7CygVfdkNRVj3VcqKmDXN_0.0.7645847",
"proofPurpose": "assertionMethod",
"jws": "eyJhbGciOiJFZERTQSIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..c-5U1EwnIuvHiFvgAgFs2E9zDXU-KS0Z20VONhYXAmfwkqloASqDWYcYn89gEEcwfs73TEYIJxbuG8CYTD6MAg"
}
}`
I then create the verify request:
`{
"verifiableCredential": {
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://w3id.org/vc/status-list/2021/v1",
{
"DemoPass": {
"@context": {
"@protected": true,
"@version": 1.1,
"email": "schema:email",
"entityId": "schema:identifier",
"firstName": "schema:firstName",
"id": "@id",
"lastName": "schema:lastName",
"parentId": "schema:identifier",
"phone": "schema:telephone",
"schema": "https://schema.org/",
"type": "@type",
"userId": "schema:identifier"
},
"@id": "urn:demopass"
}
}
],
"id": "did:key:zQ3sharUr4F1zxVK8YJKbzx4qi9X6vsmjkphwj7NAwHLz3p2T",
"type": [
"VerifiableCredential",
"DemoPass"
],
"issuer": "did:hedera:testnet:z3sojay9YVZeEUQW1w6PsNXF7CygVfdkNRVj3VcqKmDXN_0.0.7645847",
"issuanceDate": "2010-01-01T19:23:24Z",
"credentialSubject": {
"email": "[email protected]",
"entityId": 984,
"firstName": "John",
"id": "did:key:zQ3sharUr4F1zxVK8YJKbzx4qi9X6vsmjkphwj7NAwHLz3p2T",
"lastName": "Doe",
"parentId": 120,
"type": "DemoPass",
"userId": 12
},
"credentialStatus": {
"id": "http://localhost:3004/credentials/status/0.0.7645848/1#1",
"type": "StatusList2021Entry",
"statusListIndex": "1",
"statusPurpose": "revocation",
"statusListCredential": "http://localhost:3004/credentials/0.0.7645848/status/1"
},
"proof": {
"type": "Ed25519Signature2018",
"created": "2024-01-15T22:02:13Z",
"verificationMethod": "did:hedera:testnet:z3sojay9YVZeEUQW1w6PsNXF7CygVfdkNRVj3VcqKmDXN_0.0.7645847",
"proofPurpose": "assertionMethod",
"jws": "eyJhbGciOiJFZERTQSIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..c-5U1EwnIuvHiFvgAgFs2E9zDXU-KS0Z20VONhYXAmfwkqloASqDWYcYn89gEEcwfs73TEYIJxbuG8CYTD6MAg"
}
}
}`
From this I get a 400 "message": "Invalid Input!"
Any ideas on the problem?
Verifying revocation status
When a credential is revoked one can lookup the status of the revocation list. From the response you can confirm the if that status is a 1 or 0 from the position in the bitlist. From my understanding the process to determine this is the pass the encoded list into the vc-status-list library.
From the example 02-VC-status.md there is a code snippet at the bottom for this process:
import * as sl from "@digitalbazaar/vc-status-list";
const decoded = await sl.decodeList({
encodedList: "H4sIAAAAAAAAA-3BIQEAAAACIKc73RcmoAEAAAAAAAAAAAAAAPgbjSrD2NQwAAA"
});
// return true, which means revoked
console.log(decoded.getStatus(0));
I am not sure from the examples or the vc-status-list repo how to get this check to pass. Can we provide more detail on this process?
Signing a Presentation
Ref: #4
I'm somewhat puzzled by a specific entry in the readme:
"#5: [Verifier] Verify a Presentation issued by a did:hedera."
This entry seems to suggest that the issuer is the one signing the VP proof, which the verifier then verifies (considering the context of item #4).
In the example at https://github.com/TalaoDAO/hedera-vc-api/blob/main/examples/03-issue-verify-VP.md, the VP proof under the section "And we'll verify it now:" shows the issuer’s did as the verificationMethod in both the VC's and VP's proof sections, which seems incorrect. The VP should be signed by the holder, not the issuer.
Could you please confirm whether this is just a copy-paste error or an actual issue in the implementation? Either way, can this be rectified, please?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.