# Veramo Credential Interface Specification 2.0 # Credential Interface Design Update ## Notes / Main Points: - a persistence function should not be part of the interface: remove "save" - If clients want to persist a VC/VP they will have to call the appropriate separate save interface function - Accumulate all non-credential Payload properties into an `options` object. - Input is always a valid JSON-LD (and validate against @context) (even with proofType: "JWT") - Verification of JWT and JSON-LD Payload cannot separeted from Credentials Validation e.g. verify and validate a credential is an atomic operation - MessageHandler would need to be updated to identify payload (by metadata?) in order to call the appropriate action handlers - We introduce dedicated verify methods for Credentials that did not exist before. - We "keep" a dedicated function that validates(!) a verifiable presentation against a previous request. - CredentialStatus Endpoints (to revoke) are currently out-of-scope. ## CreateVerifiablePresentation (Holder) ``` { "presentation": {...}, "options": { "verificationMethod": "direct type" OR "DID Anchor", "proofType": "LDProof" or "JWT", "proofPurpose": "string", Default 'assertionMethod', "domain": "example.com", "challenge": "d436f0c8-fbd9-4e48-bbb2-55fc5d0920a8" } } ``` Example DID Anchor: `id:example:123#z6MksHh7qHWvybLg5QTPPdG2DgEjjduBDArV9EF9mRiRzMBN` Example Verification Method: `Ed25519VerificationKey2018` -> Results in `Ed25519Signature2018` ## CreateVerifiableCredential (Issuer) ``` { "credential": { ... "credentialStatus": {...} ... }, "options": { "verificationMethod": "proofType": "LDProof" or "JWT", "proofPurpose": "string", Default 'assertionMethod'. } } ``` credentialStatus `payload` is automatically witin the `credential` payload. It's the responsibility of th ## VerifyVerifiablePresentation ``` { "presentation": JWT or {...}, "options": { "verificationMethod": "direct type" OR "DID Anchor", "proofType": "LDProof" or "JWT", "proofPurpose": "assertionMethod", "domain": "example.com", "challenge": "d436f0c8-fbd9-4e48-bbb2-55fc5d0920a8" } } ``` This methods can delegate VC validation of contained VC to `VerifyVerifiableCredential` JWT/JSON-LD Discovery/Format should be outside of this function. Fails on `proofType` mismatch. Fails on `proofPurpose` mismatch. ## VerifyVerifiableCredential ``` { "credential": {...}, "options": { "verificationMethod": "proofType": "LDProof" or "JWT", "proofPurpose": "string", Default 'assertionMethod'. "failOnCredentialStatus: "true/false" } } ``` JWT/JSON-LD Discovery/Format should be outside of this function. Fails on `proofType` mismatch. Fails on `proofPurpose` mismatch. ## ValidatePresentationAgainstRequest This is the end-2-end validation of a presentation against a previous request. Currently: Veramos SDR, but also Presentation Definition int he future. ``` { "presentation": {...}, "request": {} "options": { "proofType": "LDProof" or "JWT", "request_format: "VeramoSDR" or "DIF_PE" } } ``` Note, "challenge/domain" can be inside the supported request format and revalidated within ## Credential Status Methods (Out of Scope / TBD) ### Update Credential Status ``` { "credentialId": "urn:uuid:45a44711-e457-4fa8-9b89-69fe0287c86a", "credentialStatus": [ { "type": "RevocationList2020Status", "status": "0" } ] } ``` ### Check Credential Status? - Should not be exposed and only abstracted behind `VerifyVerifiableCredential` # Appendix ## Current Interface ### CreateVerifiablePresentation ``` { "presentation": { "id": "string", "holder": "string", "issuanceDate": "string", "expirationDate": "string", "@context": [ "string" ], "type": [ "string" ], "verifier": [ "string" ], "verifiableCredential": [ { "@context": [ "string" ], "id": "string", "type": [ "string" ], "issuer": { "id": "string" }, "issuanceDate": "string", "expirationDate": "string", "credentialSubject": { "id": "string" }, "credentialStatus": { "id": "string", "type": "string" }, "proof": { "type": "string" } } ] }, "save": true, "proofFormat": "string" } ``` ### CreateVerifiableCredential ``` { "credential": { "@context": [ "string" ], "id": "string", "type": [ "string" ], "issuer": { "id": "string" }, "issuanceDate": "string", "expirationDate": "string", "credentialSubject": { "id": "string", "additionalProp1": {} }, "credentialStatus": { "id": "string", "type": "string" } }, "save": true, "proofFormat": "string" } ```