Add placeholder algorithms #190
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -1644,6 +1644,72 @@ <h2> | |
| </section> | ||
| </section> | ||
| </section> | ||
|
|
||
| <section> | ||
| <h2>Verification Algorithm</h2> | ||
| <p> | ||
| This specification might be used with many different key discovery protocols. | ||
| As such, discovery of verification keys is described in a different section of this document, | ||
| and is assumed to have succeeded prior to beginning the verification process. | ||
| </p> | ||
| <p> | ||
| As a general rule, verifiers SHOULD strive to minimize the processing of untrusted data. | ||
| This includes minimizing any processing of the protected header, unprotected header, or payload as part of the key discovery procedures. | ||
| </p> | ||
|
|
||
| <p> | ||
| When verifying a credential or presentation secured with SD-JWT, the algorithm defined in | ||
| <a href="https://datatracker.ietf.org/doc/html/draft-ietf-oauth-selective-disclosure-jwt-06#name-verification-of-the-sd-jwt"> | ||
| Verification of the SD-JWT | ||
| </a> MUST be followed. | ||
| </p> | ||
|
|
||
| <p> | ||
| When verifying a credential or presentation secured with COSE_Sign1, the algorithm defined in | ||
| <a data-cite="RFC9052#section-4.4"> | ||
| Signing and Verification Process | ||
| </a> MUST be followed. | ||
| </p> | ||
|
|
||
| <p> | ||
| After verification has succeeded, additional validation checks SHOULD be performed. | ||
|
There was a problem hiding this comment. Where do the interdependencies between There was a problem hiding this comment. I would call any checking of specific deserialized members "validation" not "verification". As a verifier, I might have a policy that allows me to verify credentials from acme, with a known public key regardless of what the string values for "iss" or "issuer" are. validating the "verified payload" conforms to the core data model, is shared logic between all securing formats... and I prefer to cite it from this document, not duplicate it. |
||
| </p> | ||
|
|
||
| </section> | ||
|
|
||
| <section> | ||
| <h2>Validation Algorithm</h2> | ||
|
|
||
| <p> | ||
| All claims expected for the <code>typ</code> MUST be present. | ||
|
There was a problem hiding this comment. Is there a specification somewhere that maps from There was a problem hiding this comment. Thats typically done in the specification that registers the media type, for example:
Given the uncertainty of the multiple suffixes draft, and the possibility that specific credential token formats might be registered in the future, I am trying not to pin this down in the W3C spec. I would expect any registered media type to define required parameters, in this specification we only require header parameters, since the entire payload is dedicated to https://github.com/w3c/vc-data-model/blob/main/contexts/credentials/v2#L18 |
||
| All claims that are understood MUST be evaluated according the verifier's validation policies. | ||
| All claims that are not understood MUST be ignored. | ||
| </p> | ||
|
|
||
| <p> | ||
| The verified payload MUST be a well formed compact JSON-LD document, as described in | ||
| <a data-cite="VC-DATA-MODEL-2.0/#conformance">Verifiable Credentials Data Model v2.0</a>. | ||
| </p> | ||
|
|
||
| <p> | ||
| Schema extension mechanisms such as <code>credentialSchema</code> SHOULD be checked. | ||
| If the extension mechanism <code>type</code> is not understood, | ||
| this property MUST be ignored. | ||
| </p> | ||
|
|
||
| <p> | ||
| Status extension mechanisms such as <code>credentialStatus</code> SHOULD be checked. | ||
| If the extension mechanism <code>type</code> is not understood, | ||
| this property MUST be ignored. | ||
| </p> | ||
|
|
||
| <p> | ||
| Based on the validation policy of the verifier and the type of credentials and type of securing mechanism, | ||
| additional validation checks might be applied. For example, dependencies between multiple credentials, | ||
| ordering or timing information associated with multiple credentials, and/or multiple presentations | ||
| could cause an otherwise valid credential or presentation to be considered invalid. | ||
| </p> | ||
| </section> | ||
| </body> | ||
|
|
||
| </html> | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is exactly what I'm hoping for. Do you think you can make it that verifiers MUST NOT attempt to discover or retrieve keys during the process of verifying signatures or issuers?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can state something like that... although I am not sure how normative we can make it....
All verification keys are assumed to have been previously dereferenced, keys SHOULD not be resolved at verification time, resolving verification keys at verification time leaks metadata.
The challenge is that for the 3 party model, verifiers do not know up front every issuer or holder they will encounter.
As a practical matter, you may need to do key discovery, if you had not previously done it... but how you do that and when you do that, can be separated from the verify algorithm to a certain degree.