/
2023-01-23 AnonCreds Specification Working Group Meeting

2023-01-23 AnonCreds Specification Working Group Meeting

Jan 23, 2023

Summary

  • PRs

  • issuance_by_* handling

  • Revocation Interval

  • Do we need an anoncreds-indy-rs repo for the legacy indy and did:indy AnonCreds methods?

  • Progress on the anoncreds_rs implementation

  • Open Discussion

Recording of Call: dummyfile.txt

Notices: 

This specification creating group operates under the Linux Foundation Community Specification License v1.0.

Hyperledger is committed to creating a safe and welcoming

community for all. For more information

please visit the Hyperledger Code of Conduct.

Hyperledger is committed to creating a safe and welcoming

community for all. For more information

please visit the Hyperledger Code of Conduct.

Meeting Attendees

@Stephen Curran (BC Gov / Cloud Compass Computing Inc.) <swcurran@cloudcompass.ca>

@Rodolfo Miranda (RootsID)<rodolfo.miranda@rootsid.com>

@Matteo Midena  (Monokee) <matteo.midena@monokee.com>

@Lance Byrd (RootsID) <lance.byrd@rootsid.com>



Related Repositories:

Meeting Preliminaries:

  • Welcome and Introductions

  • Announcements:

    • Request for a host for the meeting next week – Timo

  • Updates the Agenda

Agenda

Open Issue

  • PRs for review and merging

    • Prover DID PR needs more work. From Berend: The prover_id gets hashed with, optionally, the revocation index in there as well

  • Issues to Discuss

    • issuance_by_* handling

    • Revocation Interval

      • To set "validation" to true/false based on the RevRegEntry timestamp in relation to the revocation interval?  Presentation 

      • Key points:

        • 1. an RevRegEntry is “current” from the time it is written, to the time of the next RevRegEntry

        • 2. “within the interval” is based on when a RevRegEntry is “current” (see 1.), not its timestamp.

        • 3. AnonCreds should calculate “within interval” (using 2.) and mark verification true if the RevRegEntry used by the Prover is within the interval, else false.

          • However, this is different than what is done today – which is to just return the status of the Non-Revocation Proof based on whatever RevRegEntry/timestamp the Holder used.

          • Danger:

            • False-Negatives: If a strict "timestamp used is between from, to" and not based on when a RevReg is "current" (per 2.), we will get "not verified" incorrectly.

            • False-Positives: If we don't do any checking of the timestamp and the interval, the holder could incorrectly use an old RevRegEntry.

        • 4. General point: AnonCreds should return both a summary (true/false) and if false, additional data about why it was false.

      • Next steps:

        • Consider options and discuss again next week.

    • Issue #137 added regarding further investigation into what happens to the issuance data flow nonce(s) by Belsy

  • Do we need an anoncreds-indy-rs repo for the legacy indy and did:indy AnonCreds methods?

    • Briefly discussed.

    • Decision: No extra repo is needed. An Aries (or other tech stack) implementation (e.g., ACA-Py, AFJ) should implement the AnonCreds methods required.

      • Likely we need more discussion of this, and to put this into spec.

  • Checkin: anoncreds-rs implementation progress, requests

  • Open Discussion

Future Calls

To Dos:

  • Backwards Compatibility

    • PRs in (#82, #105) that seem to change public data structures – ones that are handled outside of AnonCreds and/or by two or more participants (issuer, holder, verifier)

    • We want to retain compatibility with existing data – credentials that have been issued and the published AnonCreds objects on which they rely.

    • That extends to business logic – e.g. the handling of the objects not just by AnonCreds, AnonCreds Methods and Aries Frameworks, but also by business applications built on Aries.

    • Suggestion:

      • Include in the specification a statement about backward compatibility

        • Perhaps this is what Ankur had planned to do?

      • Formalize what data structures will be expected by AnonCreds

        • This is being done throughout the specification and verified against the current implementation.

      • As needed support sending and receiving data in "old" and "new" formats, but (for now) always sending "old" formats.

        • TBD if there are any such cases.

Action items