2023-09-11 AnonCreds Specification Working Group Meeting
Summary
PRs to Review
AnonCreds v2.0 – what code exists?
AnonCreds RS Implementation update – the state of the Shared Components
Open Discussion
Recording:
Notices:
This specification creating group operates under the Linux Foundation Community Specification License v1.0.
Hyperledger is committed to creating a safe and welcoming community for all. For more information please visit the Hyperledger Code of Conduct. |
|---|
Meeting Attendees
@Stephen Curran (BC Gov / Cloud Compass Computing Inc.) <swcurran@cloudcompass.ca>
@Steve McCown (Anonyome Labs) <smccown@anonyome.com>
Related Repositories:
AnonCreds Specification: https://hyperledger.github.io/anoncreds-spec/
AnonCreds Methods Registry: https://hyperledger.github.io/anoncreds-methods-registry
AnonCreds Rust Open Source Code: https://github.com/hyperledger/anoncreds-rs
Ledger Agnostic AnonCreds Project Page: https://github.com/orgs/hyperledger/projects/16
Meeting Preliminaries:
Welcome and Introductions
Announcements:
Any updates no the Agenda?
Agenda
Open Issues
PRs to Review
AnonCreds v2.0 – what code exists?
Update on the AnonCreds RS implementation – current state of the Shared Components
Open discussion
Future Calls
To Dos:
Issue to talking about what AnonCreds verifies and what is left to the issuer to verify.
Issue #140 should WQL be allowed in a Presentation Request?
WQL is supported currently in the Indy SDK, but not in the Aries Frameworks
Should it be in the specification?
If so, in what form. From @Sam Curren — don't call it WQL if we do include it – just describe it.
Not used and it is not clear there is a good reason to support it.
Complicates the specification and the implementation.
Decision:
Not supported in the specification – let's keep it out in this version
Revocation Interval
Approach to determine if the holder used an acceptable RevRegistry – see this Issue comment
Who calls the AnonCreds method to get the Revocation Registry from the ledger for verification
Verifier or AnonCreds?
To set "validation" to true/false based on the RevRegEntry timestamp in relation to the revocation interval? Presentation
Key points:
1. an RevRegEntry is “current” from the time it is written, to the time of the next RevRegEntry
2. “within the interval” is based on when a RevRegEntry is “current” (see 1.), not its timestamp.
3. AnonCreds or the Verifier (calling AnonCreds) should calculate “within interval” (using 2.) and mark verification true if the RevRegEntry used by the Prover is within the interval, else false.
Dangers:
False-Negatives: If a strict "timestamp used is between from, to" and not based on when a RevReg is "current" (per 2.), we will get "not verified" incorrectly.
False-Positives: If we don't do any checking of the timestamp and the interval, the holder could incorrectly use an old RevRegEntry.
4. General point: AnonCreds should return both a summary (true/false) and if false, additional data about why it was false.
Decision – add an optional `at_from_ts` set of entries, one per NRP, that AnonCreds can use for determining if the holder_ts is within the Presentation Request interval.
Action items
Adding support for W3C Format AnonCreds to the anoncreds implementation and the spec.
Links to be referenced in the spec and used where needed: