Notes on Linked Data Proofs

Table of Contents

Introduction

Linked Data Proofs provide a mechanism to for ensuring the authenticity and integrity of Linked Data documents using mathematical proofs.

Resources Used

The Purpose of Linked Data Proofs

Linked Data Proofs can be used to:

  • Make statements without the loss of trust (e.g. VCs or social media posts)
  • Authenticate an entity is identified by a certain identifier (e.g. DIDs)
  • Delegate authorization for actions to remote environments (e.g. ZCAP-LD)
  • Agree to contracts (where agreement can be verified by other parties)
  • Integrity protection (e.g. making document tamper-evident)

Common Properties

This section describes the most common attributes of a Linked Data Proof.

type (required)

Indicates the proof type that is used. For example, an Ed25519Signature2018 type indicates that the proof includes a digital signature produced by an ed25519 cryptographic key.

proofPurpose (required)

Indicates the purpose the proof was created for. It acts as a safeguard to prevent the proof from being misused for a purpose other than the one it was intended for. For example, a proof can be used for purposes of authentication, for asserting control of a Verifiable Credential (assertionMethod), and several others.

verificationMethod (required)

Indicates when the proof was generated. Must be specified in the ISO8601 format.

domain (optional)

A string value that specifies the operational domain of a digital proof. This could be an Internet domain name like example.com, an ad-hoc value such as mycorp-level3-access, or a very specific transaction value like 8zF6T$mqP.

proofValue (required)

A valid representation of the proof value that can be used to verify the proof. This value is generated by the proof algorithm. What representation is considered valid depends on the specified verificationMethod. More info can be found here.

Proof Sets

A proof set is simply an array of proof objects under the proof key. It's useful when the same data needs to be secured by multiple entities, but where the order of proods doesn't matter.

For example:


























{
  "@context": [
    "https://www.w3.org/2018/credentials/v1",
    "https://www.w3.org/2018/credentials/examples/v1"
  ],
  "title": "Hello World!",
  "proof": [{
    "type": "Ed25519Signature2018",
    "proofPurpose": "assertionMethod",
    "created": "2019-08-23T20:21:34Z",
    "verificationMethod": "did:example:123456#key1",
    "challenge": "2bbgh3dgjg2302d-d2b3gi423d42",
    "domain": "example.org",
    "jws": "eyJ0eXAiOiJK...gFWFOEjXk"
  },
  {
    "type": "RsaSignature2018",
    "proofPurpose": "assertionMethod",
    "created": "2017-09-23T20:21:34Z",
    "verificationMethod": "https://example.com/i/pat/keys/5",
    "challenge": "2bbgh3dgjg2302d-d2b3gi423d42",
    "domain": "example.org",
    "jws": "eyJ0eXAiOiJK...gFWFOEjXk"
  }]
}

Proof Chains

A proof chain is the same as a proof set, except that in a proof chain the order of proofs does matter. In this case the array is specified by the proofChain key (instead of proof).

For example:
























{
  "@context": [
    "https://www.w3.org/2018/credentials/v1",
    "https://www.w3.org/2018/credentials/examples/v1"
  ],
  "title": "Hello World!",
  "proofChain": [{
    "type": "Ed25519Signature2018",
    "proofPurpose": "assertionMethod",
    "created": "2019-08-23T20:21:34Z",
    "verificationMethod": "did:example:123456#key1",
    "domain": "example.org",
    "jws": "eyJ0eXAiOiJK...gFWFOEjXk"
  },
  {
    "type": "RsaSignature2018",
    "proofPurpose": "assertionMethod",
    "created": "2017-09-23T20:21:34Z",
    "verificationMethod": "https://example.com/i/pat/keys/5",
    "domain": "example.org",
    "jws": "eyJ0eXAiOiJK...gFWFOEjXk"
  }]
}
Select a repo