/
2023-06-19 AnonCreds Specification Working Group Meeting

2023-06-19 AnonCreds Specification Working Group Meeting

Jun 19, 2023

Summary

  • NEW ZOOM LINK!!!

  • Celebration!! AnonCreds 0.1.0 Release finalized!

  • AnonCreds Workshop Report

  • Mentorship Update

  • AnonCreds Specification: Mixing overview/flow information with cryptographic details

  • New revocation approaches

  • Open Discussion

Call Link: https://zoom.us/j/97954159540?pwd=WWk3WmQ3MVh1SXBYZGVreGl0QllGdz09

Recording: 

Notices: 

This specification creating group operates under the Linux Foundation Community Specification License v1.0.

Hyperledger is committed to creating a safe and welcoming

community for all. For more information

please visit the Hyperledger Code of Conduct.

Hyperledger is committed to creating a safe and welcoming

community for all. For more information

please visit the Hyperledger Code of Conduct.

Meeting Attendees

@Stephen Curran (BC Gov / Cloud Compass Computing Inc.) <swcurran@cloudcompass.ca>



Related Repositories:

Meeting Preliminaries:

  • Welcome and Introductions

  • Announcements

    • AnonCreds 0.1.0 Rust Implementation officially released!

    • Welcome @Aritra Bhaduri a Hyperledger Mentor working on the AnonCreds Specification

      • Documenting the cryptography and aligning it with the implementation.

    • Update on the AnonCreds V2.0 Working Group

      • Last Week: How the model supports multiple underlying cryptographic signatures

      • Next Week: Presentation Data Models

  • Any updates to the Agenda?

Agenda

Open Issue

  • NEW ZOOM LINK!!!

  • Celebration!! AnonCreds 0.1.0 Release finalized!

  • AnonCreds Workshop Report

  • Mentorship Update

  • Deferred: AnonCreds Specification: To Do List

  • Deferred: AnonCreds Specification: Mixing overview/flow information with cryptographic details

  • Presentation: AnonCreds Revocation Options

    • AnonCreds v1.0CKS Signature with tails file

    • ALLOSAUR — Revocation Managers contacted at presentation time

    • LVVC — Linked Validity Verifiable Credential -- Revocation Manager issues a VC about the revocation state of a credential.

    • zk-SAM — Signed Accumulator Membership - publication of full revocation state

  • Open Discussion

Future Calls

To Dos:

  • Issue to talking about what AnonCreds verifies and what is left to the issuer to verify.

  • Issue #137 added regarding further investigation into what happens to the issuance data flow nonce(s) by Belsy – definition completed, to be added to the spec. @Stephen Curran 

  • Issue #140 should WQL be allowed in a Presentation Request?

    • WQL is supported currently in the Indy SDK, but not in the Aries Frameworks

    • Should it be in the specification?

    • If so, in what form. From @Sam Curren — don't call it WQL if we do include it – just describe it.

    • Not used and it is not clear there is a good reason to support it.

    • Complicates the specification and the implementation.

    • Decision:

      • Not supported in the specification – let's keep it out in this version

  • Revocation Interval

    • Approach to determine if the holder used an acceptable RevRegistry – see this Issue comment

    • Who calls the AnonCreds method to get the Revocation Registry from the ledger for verification

      • Verifier or AnonCreds?

    • To set "validation" to true/false based on the RevRegEntry timestamp in relation to the revocation interval?  Presentation 

    • Key points:

      • 1. an RevRegEntry is “current” from the time it is written, to the time of the next RevRegEntry

      • 2. “within the interval” is based on when a RevRegEntry is “current” (see 1.), not its timestamp.

      • 3. AnonCreds or the Verifier (calling AnonCreds) should calculate “within interval” (using 2.) and mark verification true if the RevRegEntry used by the Prover is within the interval, else false.

        • Dangers:

          • False-Negatives: If a strict "timestamp used is between from, to" and not based on when a RevReg is "current" (per 2.), we will get "not verified" incorrectly.

          • False-Positives: If we don't do any checking of the timestamp and the interval, the holder could incorrectly use an old RevRegEntry.

      • 4. General point: AnonCreds should return both a summary (true/false) and if false, additional data about why it was false.

    • Decision – add an optional `at_from_ts` set of entries, one per NRP, that AnonCreds can use for determining if the holder_ts is within the Presentation Request interval.

Action items