2023-05-08 AnonCreds Specification Working Group Meeting

Summary

  • Update on the AnonCreds V2.0 Working Group
  • Unrevealed attributes
  • Checkin: anoncreds-rs implementation progress, requests
  • Open Discussion

Recording of Call: dummyfile.txt


Notices: 

This specification creating group operates under the Linux Foundation Community Specification License v1.0.

Hyperledger is committed to creating a safe and welcoming

community for all. For more information

please visit the Hyperledger Code of Conduct.

Meeting Attendees

Stephen Curran (BC Gov / Cloud Compass Computing Inc.) <swcurran@cloudcompass.ca>

Steve McCown (Anonyome Labs) <smccown@anonyome.com


Related Repositories:

Meeting Preliminaries:

  • Welcome and Introductions
  • Announcements
    • Presentation at VC-API Working Group
  • Any updates to the Agenda?

Agenda

Open Issue

  • Update on the AnonCreds V2.0 Working Group
    • Previous Meeting: Revisiting the Issuance data models – do we need an extra "attributes repository" object?
      • Same objects as AnonCreds 1 – Schema, Credential Definition, Credential
      • Schema adds types information on attributes – cryptographic types (string, numeric, scalar, enumeration, range)
      • Proposed addition of new "Schema Claims" object that is effectively a "repository of claims" to be shared across schemas
        • Name, type, validators defined at either the Schema Claims level or at the Schema level
    • Next week: Presentation Data Models
  • PRs for review and merging
  • Issues to Discuss – None.
  • Unrevealed Attributes, cryptographic vs. business-level verification, and related issues:
    • Core issue – cryptographic verification vs. business purpose verification. 
      • Where does the AnonCreds specification end, and the Present Proof protocol take over?
    • Clarification of the behaviour of unrevealed attributes. Based on recent message on Discordgmulhearn
      • Unrevealed attributes are the same as selective disclosure controlled by the holder.
      • Unrevealed attributes are not (as I had thought) a way to choose to disclose/not disclose an entire referent (group of claims from a credential).
        • This is a desirable feature: Being asked for multiple types of credentials (ORs), any of which are suitable, with the expectation the holder holds (will respond with) only one of them.
          • Referents for "Person" Credential from three different jurisdictions (3 credential types), where any one person would ever only have 1 of the 3.
          • The AnonCreds Presentation Request syntax has no mechanism to make this kind of request.
            • Note: DIF Presentation Exchange does support this kind of syntax.
    • In the "Ask for 3 when I only have 1" issue, the holder is (evidently) able act unilaterally, assuming what the verifier intended:
      • A holder may respond to a presentation request with only a subset of the referents (claim groups) and the presentation will verify.
      • The verifier must then decide what to do – accept the presentation as meeting the business need or not.
        • E.g., ACA-Py was been coded to detect what the developer called a "bait and switch" by the holder – being very firm on the presentation matching the presentation request.
          • However, this approach rejects both the use of "unrevealed attributes", and the "one of many" use case.
    • Another example:
      • Verifier presentation request asks for a "Proof of Degree" based on a common schema.
      • The presentation may verify.
      • Is the credential that was used for the presentation from a trusted source?
      • Being able to scale requires this capability.
    • Issue:
      • AnonCreds stops at the cryptographic verification.
        • The verification wrapper around AnonCreds verification may go further.  Should that be part of the spec or not?
      • The protocol around AnonCreds may or may not have a "business verification" response.
      • How do we combine the two?
      • For AnonCreds v1.0 we clarify what is possible.
      • For AnonCreds v2.0 we adjust the design.
    • To Do:
      • Issue to talking about what AnonCreds verifies and what is left to the issuer to verify.
  • Dynamic Accumulator Revocation scheme
    • Proposal: To be presented two weeks from today.
  • Checkin: anoncreds-rs implementation progress, requests
    • Seems to be pretty stable right now – most effort is in using the implementation in various frameworks.
  • Open Discussion:

Future Calls

To Dos:

  • Issue #137 added regarding further investigation into what happens to the issuance data flow nonce(s) by Belsy – definition completed, to be added to the spec. Stephen Curran 
  • Issue #140 should WQL be allowed in a Presentation Request?
    • WQL is supported currently in the Indy SDK, but not in the Aries Frameworks
    • Should it be in the specification?
    • If so, in what form. From Sam Curren — don't call it WQL if we do include it – just describe it.
    • Not used and it is not clear there is a good reason to support it.
    • Complicates the specification and the implementation.
    • Decision:
      • Not supported in the specification – let's keep it out in this version
  • Revocation Interval
    • Approach to determine if the holder used an acceptable RevRegistry – see this Issue comment
    • Who calls the AnonCreds method to get the Revocation Registry from the ledger for verification
      • Verifier or AnonCreds?
    • To set "validation" to true/false based on the RevRegEntry timestamp in relation to the revocation interval?  Presentation 
    • Key points:
      • 1. an RevRegEntry is “current” from the time it is written, to the time of the next RevRegEntry
      • 2. “within the interval” is based on when a RevRegEntry is “current” (see 1.), not its timestamp.
      • 3. AnonCreds or the Verifier (calling AnonCreds) should calculate “within interval” (using 2.) and mark verification true if the RevRegEntry used by the Prover is within the interval, else false.
        • Dangers:
          • False-Negatives: If a strict "timestamp used is between from, to" and not based on when a RevReg is "current" (per 2.), we will get "not verified" incorrectly.
          • False-Positives: If we don't do any checking of the timestamp and the interval, the holder could incorrectly use an old RevRegEntry.
      • 4. General point: AnonCreds should return both a summary (true/false) and if false, additional data about why it was false.
    • Decision – add an optional `at_from_ts` set of entries, one per NRP, that AnonCreds can use for determining if the holder_ts is within the Presentation Request interval.
  • Backwards Compatibility
    • PRs in (#82, #105) that seem to change public data structures – ones that are handled outside of AnonCreds and/or by two or more participants (issuer, holder, verifier)
    • We want to retain compatibility with existing data – credentials that have been issued and the published AnonCreds objects on which they rely.
    • That extends to business logic – e.g. the handling of the objects not just by AnonCreds, AnonCreds Methods and Aries Frameworks, but also by business applications built on Aries.
    • Suggestion:
      • Include in the specification a statement about backward compatibility
        • Perhaps this is what Ankur had planned to do?
      • Formalize what data structures will be expected by AnonCreds
        • This is being done throughout the specification and verified against the current implementation.
      • As needed support sending and receiving data in "old" and "new" formats, but (for now) always sending "old" formats.
        • TBD if there are any such cases.

Action items