Summary
- Update on the AnonCreds V2.0 Working Group
- Hyperledger AnonCreds Workshop – May 31, 2023 8:00 Pacific / 17:00 Central Europe
- IIW Recap
- Discussion: AnonCreds in W3C VC and JWT formats
- Checkin: anoncreds-rs implementation progress, requests
- Open Discussion
Recording of Call: <TO BE ADDED>
Notices:
This specification creating group operates under the Linux Foundation Community Specification License v1.0.
Hyperledger is committed to creating a safe and welcoming community for all. For more information please visit the Hyperledger Code of Conduct. |
---|
Meeting Attendees
Stephen Curran (BC Gov / Cloud Compass Computing Inc.) <swcurran@cloudcompass.ca>
Related Repositories:
- AnonCreds Specification: https://hyperledger.github.io/anoncreds-spec/
- AnonCreds Methods Registry: https://hyperledger.github.io/anoncreds-methods-registry
- AnonCreds Rust Open Source Code: https://github.com/hyperledger/anoncreds-rs
- Ledger Agnostic AnonCreds Project Page: https://github.com/orgs/hyperledger/projects/16
Meeting Preliminaries:
- Welcome and Introductions
- Announcements:
- Any updates to the Agenda?
Agenda
Open Issue
- Update on the AnonCreds V2.0 Working Group
- Previous Meeting: ALLOSAUR Revocation
- Next week: Revisiting the Issuance data models
- Hyperledger AnonCreds Workshop - May 31
- Proposed Agenda:
- Introduction to AnonCreds and ZKPs
- Set Context – VCs, issuer-holder-verifier
- AnonCreds
- ZKPs overview
- Where ZKPs are used in AnonCreds
- Exercise – issuing, holding, requesting, presenting
- Revocation
- AnonCreds Methods
- AnonCreds on other than Indy Ledgers
- Ideally an exercise using AnonCreds with other than Indy
- What changes when using other ledgers?
- Making AnonCreds Credential Beautiful
- AnonCreds and the Overlays Capture Architecture (OCA)
- Future AnonCreds Features
- AnonCreds in W3C Format
- AnonCreds v2.0 — what’s next?
- Introduction to AnonCreds and ZKPs
- Proposed Agenda:
- IIW
- Revocation
- OCA
- AnonCreds AMA
- Lots of OpenID4VCs
- OWF presence but no new information
- Discussion: AnonCreds in W3C VC and JWT format
- Importance?
- Anyone know about the W3C to JWT transformation mechanism?
- Can that be used with AnonCreds?
- Consuming a credential in another format should be easy
- Sniff the format and convert to "internal" format.
- Receipt of Credential
- Receipt of Presentation
- Sniff the format and convert to "internal" format.
- Production of Credential/Presentation in different formats?
- Add a parameter to indicate the type?
- Add a call to convert the type?
- Produce multiple formats?
- Other questions from Discord:
- The process of issuance in this context, more specifically, what does a AnonCreds credential request would look like in w3c format. Is the
AnonCreds in W3C VC formats
feature only limited to a representation of the already signed and issued credential? - To sign a json-ld VC you apply a signature to the Credential, transforming it into a VC without a need to communicate with the holder. With AnonCreds there is an exchange between the issuer and holder to introduce the secret link before the credential is signed.
- The process of issuance in this context, more specifically, what does a AnonCreds credential request would look like in w3c format. Is the
- PRs for review and merging
- Issues to Discuss – None.
- Checkin: anoncreds-rs implementation progress, requests
- Wrapping up wrappers, documentation
- Official release coming soon! Working in test deployments of Bifold
- Status of ASCA-Py implementation
- Open Discussion:
Future Calls
To Dos:
- Issue #137 added regarding further investigation into what happens to the issuance data flow nonce(s) by Belsy – definition completed, to be added to the spec. Stephen Curran
- Issue #140 should WQL be allowed in a Presentation Request?
- WQL is supported currently in the Indy SDK, but not in the Aries Frameworks
- Should it be in the specification?
- If so, in what form. From Sam Curren — don't call it WQL if we do include it – just describe it.
- Not used and it is not clear there is a good reason to support it.
- Complicates the specification and the implementation.
- Decision:
- Not supported in the specification – let's keep it out in this version
- Revocation Interval
- Approach to determine if the holder used an acceptable RevRegistry – see this Issue comment
- Who calls the AnonCreds method to get the Revocation Registry from the ledger for verification
- Verifier
or AnonCreds?
- Verifier
- To set "validation" to true/false based on the RevRegEntry timestamp in relation to the revocation interval? Presentation
- Key points:
- 1. an RevRegEntry is “current” from the time it is written, to the time of the next RevRegEntry
- 2. “within the interval” is based on when a RevRegEntry is “current” (see 1.), not its timestamp.
- 3. AnonCreds or the Verifier (calling AnonCreds) should calculate “within interval” (using 2.) and mark verification true if the RevRegEntry used by the Prover is within the interval, else false.
- Dangers:
- False-Negatives: If a strict "timestamp used is between from, to" and not based on when a RevReg is "current" (per 2.), we will get "not verified" incorrectly.
- False-Positives: If we don't do any checking of the timestamp and the interval, the holder could incorrectly use an old RevRegEntry.
- Dangers:
- 4. General point: AnonCreds should return both a summary (true/false) and if false, additional data about why it was false.
- Decision – add an optional `at_from_ts` set of entries, one per NRP, that AnonCreds can use for determining if the holder_ts is within the Presentation Request interval.
- Backwards Compatibility
- PRs in (#82, #105) that seem to change public data structures – ones that are handled outside of AnonCreds and/or by two or more participants (issuer, holder, verifier)
- We want to retain compatibility with existing data – credentials that have been issued and the published AnonCreds objects on which they rely.
- That extends to business logic – e.g. the handling of the objects not just by AnonCreds, AnonCreds Methods and Aries Frameworks, but also by business applications built on Aries.
- Suggestion:
- Include in the specification a statement about backward compatibility
- Perhaps this is what Ankur had planned to do?
- Formalize what data structures will be expected by AnonCreds
- This is being done throughout the specification and verified against the current implementation.
- As needed support sending and receiving data in "old" and "new" formats, but (for now) always sending "old" formats.
- TBD if there are any such cases.
- Include in the specification a statement about backward compatibility
Action items
- Adding support for W3C Format AnonCreds to the anoncreds implementation and the spec.
- Links to be referenced in the spec and used where needed: