diff --git a/artifacts/src/main/resources/context/dcp.jsonld b/artifacts/src/main/resources/context/dcp.jsonld index a161a06..473e03b 100644 --- a/artifacts/src/main/resources/context/dcp.jsonld +++ b/artifacts/src/main/resources/context/dcp.jsonld @@ -36,7 +36,6 @@ "@id": "dcp:credentialType", "@container": "@set" }, - "format": "dcp:format", "offerReason": { "@id": "dcp:offerReason", "@type": "xsd:string" @@ -46,8 +45,8 @@ "@type": "xsd:string", "@container": "@set" }, - "cryptography": { - "@id": "dcp:cryptography", + "profiles": { + "@id": "dcp:profiles", "@type": "xsd:string", "@container": "@set" }, diff --git a/artifacts/src/main/resources/issuance/credential-object-schema.json b/artifacts/src/main/resources/issuance/credential-object-schema.json index 8baf38b..89b2fd9 100644 --- a/artifacts/src/main/resources/issuance/credential-object-schema.json +++ b/artifacts/src/main/resources/issuance/credential-object-schema.json @@ -27,7 +27,7 @@ "type": "string" } }, - "cryptography": { + "profiles": { "type": "array", "items": { "type": "string" @@ -66,7 +66,7 @@ "credentialType", "offerReason", "bindingMethods", - "cryptography", + "profiles", "issuancePolicy" ] } diff --git a/artifacts/src/main/resources/issuance/example/credential-object.json b/artifacts/src/main/resources/issuance/example/credential-object.json index 3c83b98..6563fe0 100644 --- a/artifacts/src/main/resources/issuance/example/credential-object.json +++ b/artifacts/src/main/resources/issuance/example/credential-object.json @@ -9,15 +9,13 @@ "VerifiableCredential", "CompanyCredential" ], - "format": "ldp_vc", "offerReason": "reissue", "bindingMethods": [ "did:web" ], - "cryptography": [ - "JsonWebSignature2020", - "eddsa-rdfc-2022", - "eddsa-jcs-2022", + "profiles": [ + "vc20-bssl/jwt", + "vc10-sl2021/jwt", "..." ], "issuancePolicy": { diff --git a/artifacts/src/main/resources/issuance/example/credential-offer-message.json b/artifacts/src/main/resources/issuance/example/credential-offer-message.json index 1446f66..d542956 100644 --- a/artifacts/src/main/resources/issuance/example/credential-offer-message.json +++ b/artifacts/src/main/resources/issuance/example/credential-offer-message.json @@ -13,13 +13,12 @@ "VerifiableCredential", "CompanyCredential" ], - "format": "ldp_vc", "offerReason": "reissue", "bindingMethods": [ "did:web" ], - "cryptography": [ - "JsonWebSignature2020", "eddsa-rdfc-2022", "eddsa-jcs-2022", "..." + "profiles": [ + "vc20-bssl/jwt", "vc10-sl2021/jwt", "..." ], "issuancePolicy": { "id": "Scalable trust example", diff --git a/artifacts/src/main/resources/issuance/example/issuer-metadata.json b/artifacts/src/main/resources/issuance/example/issuer-metadata.json index cfef9ff..04781ca 100644 --- a/artifacts/src/main/resources/issuance/example/issuer-metadata.json +++ b/artifacts/src/main/resources/issuance/example/issuer-metadata.json @@ -17,7 +17,7 @@ "bindingMethods": [ "did:web" ], - "cryptography": [ + "profiles": [ "JsonWebSignature2020", "eddsa-rdfc-2022", "eddsa-jcs-2022", "..." ], "issuancePolicy": { diff --git a/artifacts/src/test/java/org/eclipse/dcp/schema/issuance/CredentialObjectSchemaTest.java b/artifacts/src/test/java/org/eclipse/dcp/schema/issuance/CredentialObjectSchemaTest.java index 73bbac9..720180f 100644 --- a/artifacts/src/test/java/org/eclipse/dcp/schema/issuance/CredentialObjectSchemaTest.java +++ b/artifacts/src/test/java/org/eclipse/dcp/schema/issuance/CredentialObjectSchemaTest.java @@ -32,8 +32,8 @@ public class CredentialObjectSchemaTest extends AbstractSchemaTest { "bindingMethods": [ "did:web" ], - "cryptography": [ - "JsonWebSignature2020" + "profiles": [ + "vc20-bssl/jwt" ], "issuancePolicy": { "id": "Scalable trust example", @@ -72,8 +72,8 @@ public class CredentialObjectSchemaTest extends AbstractSchemaTest { "bindingMethods": [ "did:web" ], - "cryptography": [ - "JsonWebSignature2020" + "profiles": [ + "vc20-bssl/jwt", "vc10-sl2021/jwt"," ], "issuancePolicy": { "id": "Scalable trust example", @@ -106,7 +106,7 @@ void verifySchema() { .containsExactly(error("credentialType", REQUIRED), error("offerReason", REQUIRED), error("bindingMethods", REQUIRED), - error("cryptography", REQUIRED), + error("profiles", REQUIRED), error("issuancePolicy", REQUIRED)); assertThat(schema.validate(INVALID_CREDENTIAL_REQUEST_MESSAGE_NO_TYPE_AND_CONTEXT, JSON)) diff --git a/specifications/credential.issuance.protocol.md b/specifications/credential.issuance.protocol.md index 7649a02..4fa30c2 100644 --- a/specifications/credential.issuance.protocol.md +++ b/specifications/credential.issuance.protocol.md @@ -211,7 +211,7 @@ The following is a non-normative example of a credential offer request: | | - `credentialType`: An array of strings defining the type of credential being offered | | **Optional** | - `@context`: Specifies a valid Json-Ld context ([[json-ld11]], sect. 3.1). As the `credentialObject` is usually embedded, its context is provided by the enveloping object. | | | - `bindingMethods`: An array of strings defining the key material that an issued credential is bound to | -| | - `cryptography`: An array of strings defining the algorithm used for credential signing | +| | - `profiles`: An array of strings containing the aliases of the [profiles](./dcp.profiles.md), e.g. `"vc20-bssl/jwt"` | | | - `issuancePolicy`: A [presentation definition](https://identity.foundation/presentation-exchange/spec/v2.0.0/#presentation-definition) [[presentation-ex]] signifying the required [=Verifiable Presentation=] for issuance. | | | - `offerReason`: A reason for the offer as a string. Valid values may include `reissue` and `proof-key-revocation` | diff --git a/specifications/dcp.profiles.md b/specifications/dcp.profiles.md new file mode 100644 index 0000000..0a852c7 --- /dev/null +++ b/specifications/dcp.profiles.md @@ -0,0 +1,33 @@ +# Profiles of the Decentralized Claims Protocol + +## Introduction + +Many different variations of the VerifiableCredentials data model, the revocation system and the proof stack exist which +makes it almost impossible to reach a sufficient level of interoperability. Profiles of the DCP specification help +narrow down those possibilities. + +The DCP working group defines two basic profiles, each of which is referenced by an alias. + +## DCP profile definitions + +| alias | VC data model | revocation system | proof stack | remarks | +|-------------------|-------------------------------------------------------------|--------------------------------------------------------------------------|-----------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `vc20-bssl/jwt` | [VC DataModel 2.0](https://www.w3.org/TR/vc-data-model-2.0) | [BitStringStatusList](https://www.w3.org/TR/vc-bitstring-status-list/) | Enveloped proofs [using JWT](https://www.w3.org/TR/vc-jose-cose/#with-jose) | Ignore `ttl`, use `validUntil` *). No JWE supported. The concrete signature algorithm is not specified, as implementors are expected to handle all reasonably well-known crypto algorithms like RSA, EC and EdDSA | +| `vc11-sl2021/jwt` | [VC DataModel 1.1](https://www.w3.org/TR/vc-data-model) | [StatusList2021](https://www.w3.org/TR/2023/WD-vc-status-list-20230427/) | External proofs using JWT | --"-- | + +*) In its current form, the BitStringStatusList credential data +model [conflicts](https://www.w3.org/TR/vc-bitstring-status-list/#bitstringstatuslistcredential) with the VC DataModel +2.0, specifically regarding the validity period (`ttl` vs `validUntil`). + +## Profile authoring recommendations + +This non-normative section is intended to provide guidance to authors who aim at defining their own profile definition. + +For a usable profile, at least the following aspects must be defined: + +- VerifiableCredential Data Model +- Revocation System: specifies how the validity and expiration of VerifiableCredentials is checked +- Proof stack: how data integrity of the VC is to be provided + +In addition, it is possible to further constrain the profile, for example by limiting the number of acceptable +cryptographic algorithms. \ No newline at end of file diff --git a/specifications/dsp.profile.md b/specifications/dsp.profile.md index 0ff72b1..3e30716 100644 --- a/specifications/dsp.profile.md +++ b/specifications/dsp.profile.md @@ -41,8 +41,4 @@ catalog. The `CredentialsSupported` object contains the following properties: - `types`: REQUIRED. An array of verifiable credential type strings the credential corresponds to - `bindingMethod`: REQUIRED. String that identifies how the credential is bound to the identifier of the credential holder. -- `cryptography` REQUIRED. An array of strings that identify the cryptographic standards supported for verifying - proofs. Values should either use those defined - by [IANA JOSE](https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms) for JWT-based VCs - or the [Linked Data Cryptographic Suite Registry](https://w3c-ccg.github.io/ld-cryptosuite-registry/) for LD-based - VCs. +- `profiles` REQUIRED. An array of strings containing the aliases of the [profiles](./dcp.profiles.md), e.g. `"vc20-bssl/jwt"`.