Google Drive
Gist
Clipboard
or
or
By clicking below, you agree to our terms of service.
Sign in with Wallet
New to HackMD? Sign up
| Syntax | Example | Reference | |
|---|---|---|---|
| # Header | Header | 基本排版 | |
| - Unordered List |
|
||
| 1. Ordered List |
|
||
| - [ ] Todo List |
|
||
| > Blockquote | Blockquote |
||
| **Bold font** | Bold font | ||
| *Italics font* | Italics font | ||
| ~~Strikethrough~~ | |||
| 19^th^ | 19th | ||
| H~2~O | H2O | ||
| ++Inserted text++ | Inserted text | ||
| ==Marked text== | Marked text | ||
| [link text](https:// "title") | Link | ||
|  | Image | ||
| `Code` | Code |
在筆記中貼入程式碼 | |
| ```javascript var i = 0; ``` |
|
||
| :smile: |  |
Emoji list | |
| {%youtube youtube_id %} | Externals | ||
| $L^aT_eX$ | LaTeX | ||
| :::info This is a alert area. ::: |
This is a alert area. |
On a scale of 0-10, how likely is it that you would recommend HackMD to your friends, family or business associates?
Please give us some advice and help us improve HackMD.
Do you want to remove this version name and description?
Syncing
xxxxxxxxxx-
Any changes
Be notified of any changes
-
Mention me
Be notified of mention me
-
Unsubscribe
SubscribeAdding W3C Standard Verifiable Credentials support to ACA-Py
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
Learn More →Table Of Contents
What we're looking for
Status
did:sovcredentials.Scope & Requirements
The goal of this opportunity is to add full JSON-LD VC support to ACA-Py. ACA-Py already includes a, by default disabled, admin interface to sign and verify JSON-LD documents (and thus credentials). This support is limited to the
Ed25519signature type, and doesn't integrate with the credential exchange protocols.The work will include:
Ed25519Signature2018signature suite to issue and verify non-zkp credentialsBbsBlsSignature2020/BbsBlsSignatureProof2020signature suites to issue and verify zkp credentialsdid:keysupport to the admin api, adding BBS BLS key typesOut of scope
Interoperability testing with Aries Framework Go using AATH
The backchannel for Aries Framework Go (AFGO) only supports DID exchange at the moment, therefore we cannot test JSON-LD based credential exchange with AFGO. Extending the test harness and ACA-Py backchannel to support JSON-LD based credentials is in scope. If AFGO makes enough progress on their backchannel during the time span of this oppurtunity, we will make our best efforts to complete interoperability testing with AFGO using AATH.
In addition to the AFGO backchannel supporting the issue-credential and present-proof protocols, the following features can have an impact on the scope of interoperability testing:
Presentation Exchange attachment format
The goal is to integrate with the presentation exchange format. However, as the work on presentation exchange has not started yet and because of the lack of a clear timeline, we're unsure we'll be able to accomplish this task in the given time frame. If presentation exchange isn't ready in the course of this project, a very simple workaround will be implemented to show agent-to-agent communication regarding JSON-LD credentials.
Indy Storage
Because only Aries Askar has support for multiple tag values, the Indy non-secrets storage requires a different implementation. In order to complete the project in the given time frame the Indy implementation will be omitted for now. Andrew will look into this further.
Unified Admin API
Because it's hard to foresee the possible barriers when it comes to providing a unified issuance and verification API for both Indy and JSON-LD credentials, our implementation will initially focus on separate payload formats for the credential types. However, we will investigate this topic as part of this opportunity.
Credential Manifest attachment format
At the moment, interoperability with AFGO is more important than supporting the Credential Manifest standard. Therefore we will implement the issue credential format AFGO implemented.
BBS+ Features
Below a table is given showing what BBS+ related features are in scope for this project. ZKP and selective disclosure are definitely in the scope of this project. Revocation and ZKP predicates are definitely out of scope because these are still under development. Domain proof and required disclosure are to be determined based on the availability of these features in the BBS+ library. The table will be updated accordingly.
Related Projects
Projects related to this opportunity
Interop with Aries Framework Go
Part of this opportunity is to show interop with at least one other framework. Aries Framework Go doesn't support the BBS+ signature suite for the credential exchange protocols yet. ACA-Py also doesn't support the presentation exchange attachment format yet. This means interop can only be partly shown, based on the progress of these features.
Requirements
Phases
The four phases can be divided into two main groups which focus on non-ZKP and ZKP credential support. Below are the tasks that will be executed for each of the phases. Tasks will be described in greater detail before starting on the task at hand.
Non-ZKP JSON-LD credential support for ACA-Py
Phase 2 / 3
BBS+ based JSON-LD credential support for ACA-Py
Phase 4 / 5
Present Proof
Present Proof still needs to be implemented in ACA-Py, however a lot of the work of the opportunity can be done in parallel to this work. The indy credential format and exchange protocol can only accommodate indy based credentials. To support the exchange of JSON-LD based credentials with support for predicates and selective disclosure the DIF Presentation Exchange will be used as described in RFC 0510: Presentation-Exchange Attachment format for requesting and presenting proofs
As part of the V2 version of the present proof protocol, the Admin API will extendend to support the new
dif(Presentation Exchange) format. This will mostly be in line with the presentation exchange format, removing fields that can be provided by ACA-Py, simplifying parts that can be abstracted in ACA-Py.By providing mulitple formats in the Admin API a proposal/request for multiple proof formats can be provided. This allows the prover/verifier to select the preferred format to use.
Issue Credential
Credential Manifest
Issue Credential V2
Credential Querying / Storage
With the addition for a new credential format some way to query and store JSON-LD based credentials need to be added to ACA-Py.
We can make use of tags to filter for credentials. Tags can include:
Multiple tag values can be used in Aries Askar, however not in the Indy non-secrets storage. This means the exact implementation of the query method / tag storage used is dependent on the underlying storage method.
JSON-LD VCs
To handle JSON-LD based credentials, we plan to create a few artifacts. The diagram below shows these components (shown in red) and how they relate to other, preexisting components (shown in green). A description of the components is given below.
Verifiable Credentials - Linked Data Proofs Module
This component holds the linked data proofs related functionality. Because ZKP requires additional functionality (e.g. framing), we've decided to split the functionalities of this component into two groups: ZKP and NON-ZKP (e.g. Ed25119).
Signature Suite
We plan to make the architecture in a way that it allows for pluggable signature suites. These suites can then vary in the canonicalization, digest and proof algorithms they use.
ffi-bss-signatures Python Wrapper
This component wraps Ursa's BBS+ related functionality so its accessible from withing Python. There is a repository ursa-bbs-py created by Andrew that wraps Ursa's BBS+ functionality, but it's slightly outdated and uses PyO3 to generate the Python bindings. MATTR Global has an ffi-bbs-signatures repository that currently holds fast-forward interface wrappers for both .NET and Objective-C. We think it would be best to add a Python wrapper to this repository and use that instead of the
ursa-bbs-pyrepository.The gap between JSON-LD Proofs and Verifiable Credentials
Whats missing:
Context URLS
Issue Credential
The issue credential method issues a credential by adding a linked data proof to the credential document. The steps include:
vc.jsandvc-js)jsonld-checker)Additional tasks:
Verify Presentation
The verify presentation method verifies a verifiable presentation and its credentials. The steps include:
vc.jsandvc-js)Derive Proof
This is TBD. The derive proof will be used for BBS+ signatures. Important to note that no private key is needed to derive proof (at least for the unbound signature proof)
Input:
Create Presentation
AATH
DID:Key
{"method": "key", "options": {"keyType": "ed25519"}}{"method": "key", "options": {"keyType": "bls12381g2"}}{"method": "sov"}(default)Todo
Resources
DID Key
did:keyMethodProtocols
JSON-LD
BBS
Path for BBS inside AFGO: pkg/doc/signature/suite/{bbsblssignature2020, bbsblssignatureproof2020}
https://github.com/hyperledger/aries-framework-go/blob/1a3d640d581227fe5f6c629e71b66d12c365c0d0/pkg/doc/signature/suite/bbsblssignatureproof2020/signer_test.go
Ed25519