2023-11-06 AnonCreds Working Group Meeting

Owned by Stephen Curran
Last updated: Dec 15, 2023
3 min read

Summary

  • PRs to the AnonCreds specification – current status
  • Design and planning – AnonCreds v1.0 in the W3C Verifiable Credentials Data Model Standard format
  • Open Discussion

Call Link: https://zoom.us/j/97954159540?pwd=WWk3WmQ3MVh1SXBYZGVreGl0QllGdz09

Recording:


Notices: 

This specification creating group operates under the Linux Foundation Community Specification License v1.0.

Hyperledger is committed to creating a safe and welcoming

community for all. For more information

please visit the Hyperledger Code of Conduct.

Meeting Attendees

Stephen Curran (BC Gov / Cloud Compass Computing Inc.) <swcurran@cloudcompass.ca>

Steve McCown (Anonyome Labs) <smccown@anonyome.com>

Alexander Sherbakov (DSR Corporation) <alexander.sherbakov@dsr-corporation.com>

Artem Ivanov (DSR Corporation) <artem.ivanov@dsr-corporation.com>


Related Repositories:

Meeting Preliminaries:

  • Welcome and Introductions
  • Announcements:
  • Any updates no the Agenda?

Agenda

Open Issues

  • PRs to Review
  • Design and planning – AnonCreds v1.0 in the W3C Verifiable Credentials Data Model Standard format
    • The BC Gov Code With Us on AnonCreds Rust – https://marketplace.digital.gov.bc.ca/opportunities/code-with-us/d81f1bb4-4abb-4a4c-8b19-92904e0bd6a6
    • PR with a starting point for discussing the design: https://github.com/hyperledger/anoncreds-rs/pull/266
      • Questions Raised:
        • JSON-LD processing on the contexts?
        • Identifier within the CredentialSubject ?
        • Nested JSON and Arrays in AnonCreds credentials.
        • Encoding scheme – move into AnonCreds or leave for the issuer?
        • Time of Day for the `IssuanceDate` field
        • Use of the term "Data Integrity Proof" to differentiate AnonCreds and non-AnonCreds Data Integrity Proofs.
        • Simple vs. complex/size efficient encoding of the proof data into a single "proof" JSON item?
        • "mapping" of source VC attributes/predicates to the presentation request.
        • Using other than the AnonCreds presentation request model
        • Out of scope – support in the AnonCreds library for signing W3C VC/VP Format Data Integrity Proofs with other Proof Types.
          • There might be some "devil in the details" in this. Do we have to add extra values (notably issuer ) to have a second signature?
        • Altering the format/Data Model of the Credential Offer and Request format.
        • Proposed AnonCreds library API changes.
        • Using AnonCreds W3C format with OpenID4VCs.  Can OpenID4VCs support the necessary Offer-Request-Issuer flow?
    • Downstream Code With Us opportunities for Aries Cloud Agent Python and Aries Framework JavaScript
  • Open discussion

Future Calls

To Dos:

  • Issue to talking about what AnonCreds verifies and what is left to the issuer to verify.
  • Revocation Interval
    • Approach to determine if the holder used an acceptable RevRegistry – see this Issue comment
    • Who calls the AnonCreds method to get the Revocation Registry from the ledger for verification
      • Verifier or AnonCreds?
    • To set "validation" to true/false based on the RevRegEntry timestamp in relation to the revocation interval?  Presentation 
    • Key points:
      • 1. an RevRegEntry is “current” from the time it is written, to the time of the next RevRegEntry
      • 2. “within the interval” is based on when a RevRegEntry is “current” (see 1.), not its timestamp.
      • 3. AnonCreds or the Verifier (calling AnonCreds) should calculate “within interval” (using 2.) and mark verification true if the RevRegEntry used by the Prover is within the interval, else false.
        • Dangers:
          • False-Negatives: If a strict "timestamp used is between from, to" and not based on when a RevReg is "current" (per 2.), we will get "not verified" incorrectly.
          • False-Positives: If we don't do any checking of the timestamp and the interval, the holder could incorrectly use an old RevRegEntry.
      • 4. General point: AnonCreds should return both a summary (true/false) and if false, additional data about why it was false.
    • Decision – add an optional `at_from_ts` set of entries, one per NRP, that AnonCreds can use for determining if the holder_ts is within the Presentation Request interval.

Action items