Skip to content

Commit

Permalink
docs: introduce DCP profiles (eclipse-dataspace-dcp#129)
Browse files Browse the repository at this point in the history
* docs: introduce DCP profiles

* fix test

* Update specifications/dcp.profiles.md

Co-authored-by: Jim Marino <jim.marino@gmail.com>

* remove intro headline

---------

Co-authored-by: Jim Marino <jim.marino@gmail.com>
  • Loading branch information
paullatzelsperger and jimmarino authored Dec 18, 2024
1 parent 778c810 commit 65b227f
Show file tree
Hide file tree
Showing 9 changed files with 50 additions and 32 deletions.
5 changes: 2 additions & 3 deletions artifacts/src/main/resources/context/dcp.jsonld
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,6 @@
"@id": "dcp:credentialType",
"@container": "@set"
},
"format": "dcp:format",
"offerReason": {
"@id": "dcp:offerReason",
"@type": "xsd:string"
Expand All @@ -46,8 +45,8 @@
"@type": "xsd:string",
"@container": "@set"
},
"cryptography": {
"@id": "dcp:cryptography",
"profiles": {
"@id": "dcp:profiles",
"@type": "xsd:string",
"@container": "@set"
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@
"type": "string"
}
},
"cryptography": {
"profiles": {
"type": "array",
"items": {
"type": "string"
Expand All @@ -46,7 +46,7 @@
"credentialType",
"offerReason",
"bindingMethods",
"cryptography",
"profiles",
"issuancePolicy",
"type"
]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,15 +9,13 @@
"VerifiableCredential",
"CompanyCredential"
],
"format": "ldp_vc",
"offerReason": "reissue",
"bindingMethods": [
"did:web"
],
"cryptography": [
"JsonWebSignature2020",
"eddsa-rdfc-2022",
"eddsa-jcs-2022",
"profiles": [
"vc20-bssl/jwt",
"vc10-sl2021/jwt",
"..."
],
"issuancePolicy": {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,16 +13,12 @@
"VerifiableCredential",
"CompanyCredential"
],
"format": "ldp_vc",
"offerReason": "reissue",
"bindingMethods": [
"did:web"
],
"cryptography": [
"JsonWebSignature2020",
"eddsa-rdfc-2022",
"eddsa-jcs-2022",
"..."
"profiles": [
"vc20-bssl/jwt", "vc10-sl2021/jwt", "..."
],
"issuancePolicy": {
"id": "Scalable trust example",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,11 +17,8 @@
"bindingMethods": [
"did:web"
],
"cryptography": [
"JsonWebSignature2020",
"eddsa-rdfc-2022",
"eddsa-jcs-2022",
"..."
"profiles": [
"JsonWebSignature2020", "eddsa-rdfc-2022", "eddsa-jcs-2022", "..."
],
"issuancePolicy": {
"id": "Scalable trust example",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,8 @@ public class CredentialObjectSchemaTest extends AbstractSchemaTest {
"bindingMethods": [
"did:web"
],
"cryptography": [
"JsonWebSignature2020"
"profiles": [
"vc20-bssl/jwt"
],
"issuancePolicy": {
"id": "Scalable trust example",
Expand Down Expand Up @@ -70,8 +70,8 @@ public class CredentialObjectSchemaTest extends AbstractSchemaTest {
"bindingMethods": [
"did:web"
],
"cryptography": [
"JsonWebSignature2020"
"profiles": [
"vc20-bssl/jwt", "vc10-sl2021/jwt"
],
"issuancePolicy": {
"id": "Scalable trust example",
Expand Down Expand Up @@ -104,7 +104,7 @@ void verifySchema() {
.containsExactly(error("credentialType", REQUIRED),
error("offerReason", REQUIRED),
error("bindingMethods", REQUIRED),
error("cryptography", REQUIRED),
error("profiles", REQUIRED),
error("issuancePolicy", REQUIRED));

assertThat(schema.validate(INVALID_CREDENTIAL_REQUEST_MESSAGE_NO_TYPE_AND_CONTEXT, JSON))
Expand Down
2 changes: 1 addition & 1 deletion specifications/credential.issuance.protocol.md
Original file line number Diff line number Diff line change
Expand Up @@ -211,7 +211,7 @@ The following is a non-normative example of a credential offer request:
| | - `credentialType`: An array of strings defining the type of credential being offered |
| **Optional** | - `@context`: Specifies a valid Json-Ld context ([[json-ld11]], sect. 3.1). As the `credentialObject` is usually embedded, its context is provided by the enveloping object. |
| | - `bindingMethods`: An array of strings defining the key material that an issued credential is bound to |
| | - `cryptography`: An array of strings defining the algorithm used for credential signing |
| | - `profiles`: An array of strings containing the aliases of the [profiles](./dcp.profiles.md), e.g. `"vc20-bssl/jwt"` |
| | - `issuancePolicy`: A [presentation definition](https://identity.foundation/presentation-exchange/spec/v2.0.0/#presentation-definition) [[presentation-ex]] signifying the required [=Verifiable Presentation=] for issuance. |
| | - `offerReason`: A reason for the offer as a string. Valid values may include `reissue` and `proof-key-revocation` |

Expand Down
32 changes: 32 additions & 0 deletions specifications/dcp.profiles.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
## Profiles of the Decentralized Claims Protocol


Many different variations of the VerifiableCredentials data model, the revocation system and the proof stack exist which
makes it almost impossible to reach a sufficient level of interoperability. Profiles of the DCP specification help
narrow down those possibilities.

This specification defines two profiles, which are referenced by an alias.

## DCP profile definitions

| alias | VC data model | revocation system | proof stack | remarks |
|-------------------|-------------------------------------------------------------|--------------------------------------------------------------------------|-----------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `vc20-bssl/jwt` | [VC DataModel 2.0](https://www.w3.org/TR/vc-data-model-2.0) | [BitStringStatusList](https://www.w3.org/TR/vc-bitstring-status-list/) | Enveloped proofs [using JWT](https://www.w3.org/TR/vc-jose-cose/#with-jose) | Ignore `ttl`, use `validUntil` *). No JWE supported. The concrete signature algorithm is not specified, as implementors are expected to handle all reasonably well-known crypto algorithms like RSA, EC and EdDSA |
| `vc11-sl2021/jwt` | [VC DataModel 1.1](https://www.w3.org/TR/vc-data-model) | [StatusList2021](https://www.w3.org/TR/2023/WD-vc-status-list-20230427/) | External proofs using JWT | --"-- |

*) In its current form, the BitStringStatusList credential data
model [conflicts](https://www.w3.org/TR/vc-bitstring-status-list/#bitstringstatuslistcredential) with the VC DataModel
2.0, specifically regarding the validity period (`ttl` vs `validUntil`).

## Profile authoring recommendations

This non-normative section is intended to provide guidance to authors who aim at defining their own profile definition.

For a usable profile, at least the following aspects must be defined:

- VerifiableCredential Data Model
- Revocation System: specifies how the validity and expiration of VerifiableCredentials is checked
- Proof stack: how data integrity of the VC is to be provided

In addition, it is possible to further constrain the profile, for example by limiting the number of acceptable
cryptographic algorithms.
6 changes: 1 addition & 5 deletions specifications/dsp.profile.md
Original file line number Diff line number Diff line change
Expand Up @@ -41,8 +41,4 @@ catalog. The `CredentialsSupported` object contains the following properties:
- `types`: REQUIRED. An array of verifiable credential type strings the credential corresponds to
- `bindingMethod`: REQUIRED. String that identifies how the credential is bound to the identifier of the
credential holder.
- `cryptography` REQUIRED. An array of strings that identify the cryptographic standards supported for verifying
proofs. Values should either use those defined
by [IANA JOSE](https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms) for JWT-based VCs
or the [Linked Data Cryptographic Suite Registry](https://w3c-ccg.github.io/ld-cryptosuite-registry/) for LD-based
VCs.
- `profiles` REQUIRED. An array of strings containing the aliases of the [profiles](./dcp.profiles.md), e.g. `"vc20-bssl/jwt"`.

0 comments on commit 65b227f

Please sign in to comment.