2023-05-08 AnonCreds Specification Working Group Meeting
Summary
Update on the AnonCreds V2.0 Working Group
Unrevealed attributes
Checkin: anoncreds-rs implementation progress, requests
Open Discussion
Recording of Call: dummyfile.txt
Notices:
This specification creating group operates under the Linux Foundation Community Specification License v1.0.
Hyperledger is committed to creating a safe and welcoming community for all. For more information please visit the Hyperledger Code of Conduct. |
|---|
Meeting Attendees
@Stephen Curran (BC Gov / Cloud Compass Computing Inc.) <swcurran@cloudcompass.ca>
@Steve McCown (Anonyome Labs) <smccown@anonyome.com>
Related Repositories:
AnonCreds Specification: https://hyperledger.github.io/anoncreds-spec/
AnonCreds Methods Registry: https://hyperledger.github.io/anoncreds-methods-registry
AnonCreds Rust Open Source Code: https://github.com/hyperledger/anoncreds-rs
Ledger Agnostic AnonCreds Project Page: https://github.com/orgs/hyperledger/projects/16
Meeting Preliminaries:
Welcome and Introductions
Announcements
Presentation at VC-API Working Group
Any updates to the Agenda?
Agenda
Open Issue
Update on the AnonCreds V2.0 Working Group
Previous Meeting: Revisiting the Issuance data models – do we need an extra "attributes repository" object?
Same objects as AnonCreds 1 – Schema, Credential Definition, Credential
Schema adds types information on attributes – cryptographic types (string, numeric, scalar, enumeration, range)
Proposed addition of new "Schema Claims" object that is effectively a "repository of claims" to be shared across schemas
Name, type, validators defined at either the Schema Claims level or at the Schema level
Next week: Presentation Data Models
PRs for review and merging
Issues to Discuss – None.
Unrevealed Attributes, cryptographic vs. business-level verification, and related issues:
Core issue – cryptographic verification vs. business purpose verification.
Where does the AnonCreds specification end, and the Present Proof protocol take over?
Clarification of the behaviour of unrevealed attributes. Based on recent message on Discord – gmulhearn
Unrevealed attributes are the same as selective disclosure controlled by the holder.
Unrevealed attributes are not (as I had thought) a way to choose to disclose/not disclose an entire referent (group of claims from a credential).
This is a desirable feature: Being asked for multiple types of credentials (ORs), any of which are suitable, with the expectation the holder holds (will respond with) only one of them.
Referents for "Person" Credential from three different jurisdictions (3 credential types), where any one person would ever only have 1 of the 3.
The AnonCreds Presentation Request syntax has no mechanism to make this kind of request.
Note: DIF Presentation Exchange does support this kind of syntax.
In the "Ask for 3 when I only have 1" issue, the holder is (evidently) able act unilaterally, assuming what the verifier intended:
A holder may respond to a presentation request with only a subset of the referents (claim groups) and the presentation will verify.
The verifier must then decide what to do – accept the presentation as meeting the business need or not.
E.g., ACA-Py was been coded to detect what the developer called a "bait and switch" by the holder – being very firm on the presentation matching the presentation request.
However, this approach rejects both the use of "unrevealed attributes", and the "one of many" use case.
Another example:
Verifier presentation request asks for a "Proof of Degree" based on a common schema.
The presentation may verify.
Is the credential that was used for the presentation from a trusted source?
Being able to scale requires this capability.
Issue:
AnonCreds stops at the cryptographic verification.
The verification wrapper around AnonCreds verification may go further. Should that be part of the spec or not?
The protocol around AnonCreds may or may not have a "business verification" response.
How do we combine the two?
For AnonCreds v1.0 we clarify what is possible.
For AnonCreds v2.0 we adjust the design.
To Do:
Issue to talking about what AnonCreds verifies and what is left to the issuer to verify.
Dynamic Accumulator Revocation scheme
Proposal: To be presented two weeks from today.
Checkin: anoncreds-rs implementation progress, requests
Seems to be pretty stable right now – most effort is in using the implementation in various frameworks.
Open Discussion:
Future Calls
To Dos:
Issue #137 added regarding further investigation into what happens to the issuance data flow nonce(s) by Belsy – definition completed, to be added to the spec. @Stephen Curran
Issue #140 should WQL be allowed in a Presentation Request?
WQL is supported currently in the Indy SDK, but not in the Aries Frameworks
Should it be in the specification?
If so, in what form. From @Sam Curren — don't call it WQL if we do include it – just describe it.
Not used and it is not clear there is a good reason to support it.
Complicates the specification and the implementation.
Decision:
Not supported in the specification – let's keep it out in this version
Revocation Interval
Approach to determine if the holder used an acceptable RevRegistry – see this Issue comment
Who calls the AnonCreds method to get the Revocation Registry from the ledger for verification
Verifier or AnonCreds?
To set "validation" to true/false based on the RevRegEntry timestamp in relation to the revocation interval? Presentation
Key points:
1. an RevRegEntry is “current” from the time it is written, to the time of the next RevRegEntry
2. “within the interval” is based on when a RevRegEntry is “current” (see 1.), not its timestamp.
3. AnonCreds or the Verifier (calling AnonCreds) should calculate “within interval” (using 2.) and mark verification true if the RevRegEntry used by the Prover is within the interval, else false.
Dangers:
False-Negatives: If a strict "timestamp used is between from, to" and not based on when a RevReg is "current" (per 2.), we will get "not verified" incorrectly.
False-Positives: If we don't do any checking of the timestamp and the interval, the holder could incorrectly use an old RevRegEntry.
4. General point: AnonCreds should return both a summary (true/false) and if false, additional data about why it was false.
Decision – add an optional `at_from_ts` set of entries, one per NRP, that AnonCreds can use for determining if the holder_ts is within the Presentation Request interval.
Backwards Compatibility
PRs in (#82, #105) that seem to change public data structures – ones that are handled outside of AnonCreds and/or by two or more participants (issuer, holder, verifier)
We want to retain compatibility with existing data – credentials that have been issued and the published AnonCreds objects on which they rely.
That extends to business logic – e.g. the handling of the objects not just by AnonCreds, AnonCreds Methods and Aries Frameworks, but also by business applications built on Aries.
Suggestion:
Include in the specification a statement about backward compatibility
Perhaps this is what Ankur had planned to do?
Formalize what data structures will be expected by AnonCreds
This is being done throughout the specification and verified against the current implementation.
As needed support sending and receiving data in "old" and "new" formats, but (for now) always sending "old" formats.
TBD if there are any such cases.
Action items
Adding support for W3C Format AnonCreds to the anoncreds implementation and the spec.
Links to be referenced in the spec and used where needed: