docs: introduce DCP profiles (#129)

* docs: introduce DCP profiles

* fix test

* Update specifications/dcp.profiles.md

Co-authored-by: Jim Marino <[email protected]>

* remove intro headline

---------

Co-authored-by: Jim Marino <[email protected]>

artifacts/src/main/resources/context/dcp.jsonld

@@ -36,7 +36,6 @@
           "@id": "dcp:credentialType",
           "@container": "@set"
         },
-        "format": "dcp:format",
         "offerReason": {
           "@id": "dcp:offerReason",
           "@type": "xsd:string"
@@ -46,8 +45,8 @@
           "@type": "xsd:string",
           "@container": "@set"
         },
-        "cryptography": {
-          "@id": "dcp:cryptography",
+        "profiles": {
+          "@id": "dcp:profiles",
           "@type": "xsd:string",
           "@container": "@set"
         },

artifacts/src/main/resources/issuance/credential-object-schema.json

@@ -27,7 +27,7 @@
             "type": "string"
           }
         },
-        "cryptography": {
+        "profiles": {
           "type": "array",
           "items": {
             "type": "string"
@@ -46,7 +46,7 @@
         "credentialType",
         "offerReason",
         "bindingMethods",
-        "cryptography",
+        "profiles",
         "issuancePolicy",
         "type"
       ]

artifacts/src/main/resources/issuance/example/credential-object.json

@@ -9,15 +9,13 @@
     "VerifiableCredential",
     "CompanyCredential"
   ],
-  "format": "ldp_vc",
   "offerReason": "reissue",
   "bindingMethods": [
     "did:web"
   ],
-  "cryptography": [
-    "JsonWebSignature2020",
-    "eddsa-rdfc-2022",
-    "eddsa-jcs-2022",
+  "profiles": [
+    "vc20-bssl/jwt",
+    "vc10-sl2021/jwt",
     "..."
   ],
   "issuancePolicy": {

artifacts/src/main/resources/issuance/example/credential-offer-message.json

@@ -13,16 +13,12 @@
         "VerifiableCredential",
         "CompanyCredential"
       ],
-      "format": "ldp_vc",
       "offerReason": "reissue",
       "bindingMethods": [
         "did:web"
       ],
-      "cryptography": [
-        "JsonWebSignature2020",
-        "eddsa-rdfc-2022",
-        "eddsa-jcs-2022",
-        "..."
+      "profiles": [
+        "vc20-bssl/jwt", "vc10-sl2021/jwt", "..."
       ],
       "issuancePolicy": {
         "id": "Scalable trust example",

artifacts/src/main/resources/issuance/example/issuer-metadata.json

@@ -17,11 +17,8 @@
       "bindingMethods": [
         "did:web"
       ],
-      "cryptography": [
-        "JsonWebSignature2020",
-        "eddsa-rdfc-2022",
-        "eddsa-jcs-2022",
-        "..."
+      "profiles": [
+        "JsonWebSignature2020", "eddsa-rdfc-2022", "eddsa-jcs-2022", "..."
       ],
       "issuancePolicy": {
         "id": "Scalable trust example",

artifacts/src/test/java/org/eclipse/dcp/schema/issuance/CredentialObjectSchemaTest.java

@@ -31,8 +31,8 @@ public class CredentialObjectSchemaTest extends AbstractSchemaTest {
                 "bindingMethods": [
                   "did:web"
                 ],
-                "cryptography": [
-                  "JsonWebSignature2020"
+                "profiles": [
+                  "vc20-bssl/jwt"
                 ],
                 "issuancePolicy": {
                   "id": "Scalable trust example",
@@ -70,8 +70,8 @@ public class CredentialObjectSchemaTest extends AbstractSchemaTest {
                 "bindingMethods": [
                   "did:web"
                 ],
-                "cryptography": [
-                  "JsonWebSignature2020"
+                "profiles": [
+                  "vc20-bssl/jwt", "vc10-sl2021/jwt"
                 ],
                 "issuancePolicy": {
                    "id": "Scalable trust example",
@@ -104,7 +104,7 @@ void verifySchema() {
                 .containsExactly(error("credentialType", REQUIRED),
                         error("offerReason", REQUIRED),
                         error("bindingMethods", REQUIRED),
-                        error("cryptography", REQUIRED),
+                        error("profiles", REQUIRED),
                         error("issuancePolicy", REQUIRED));
 
         assertThat(schema.validate(INVALID_CREDENTIAL_REQUEST_MESSAGE_NO_TYPE_AND_CONTEXT, JSON))

specifications/credential.issuance.protocol.md

@@ -211,7 +211,7 @@ The following is a non-normative example of a credential offer request:
 |              | - `credentialType`: An array of strings defining the type of credential being offered                                                                                                                                         |
 | **Optional** | - `@context`: Specifies a valid Json-Ld context ([[json-ld11]], sect. 3.1). As the `credentialObject` is usually embedded, its context is provided by the enveloping object.                                                  |
 |              | - `bindingMethods`: An array of strings defining the key material that an issued credential is bound to                                                                                                                       |
-|              | - `cryptography`: An array of strings defining the algorithm used for credential signing                                                                                                                                      |
+|              | - `profiles`: An array of strings containing the aliases of the [profiles](./dcp.profiles.md), e.g. `"vc20-bssl/jwt"`                                                                                                     |
 |              | - `issuancePolicy`: A [presentation definition](https://identity.foundation/presentation-exchange/spec/v2.0.0/#presentation-definition) [[presentation-ex]] signifying the required [=Verifiable Presentation=] for issuance. |
 |              | - `offerReason`: A reason for the offer as a string. Valid values may include `reissue` and `proof-key-revocation`                                                                                                            |
 

specifications/dcp.profiles.md

@@ -0,0 +1,32 @@
+## Profiles of the Decentralized Claims Protocol
+
+
+Many different variations of the VerifiableCredentials data model, the revocation system and the proof stack exist which
+makes it almost impossible to reach a sufficient level of interoperability. Profiles of the DCP specification help
+narrow down those possibilities.
+
+This specification defines two profiles, which are referenced by an alias.
+
+## DCP profile definitions
+
+| alias             | VC data model                                               | revocation system                                                        | proof stack                                                                 | remarks                                                                                                                                                                                                           |
+|-------------------|-------------------------------------------------------------|--------------------------------------------------------------------------|-----------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `vc20-bssl/jwt`   | [VC DataModel 2.0](https://www.w3.org/TR/vc-data-model-2.0) | [BitStringStatusList](https://www.w3.org/TR/vc-bitstring-status-list/)   | Enveloped proofs [using JWT](https://www.w3.org/TR/vc-jose-cose/#with-jose) | Ignore `ttl`, use `validUntil` *). No JWE supported. The concrete signature algorithm is not specified, as implementors are expected to handle all reasonably well-known crypto algorithms like RSA, EC and EdDSA |
+| `vc11-sl2021/jwt` | [VC DataModel 1.1](https://www.w3.org/TR/vc-data-model)     | [StatusList2021](https://www.w3.org/TR/2023/WD-vc-status-list-20230427/) | External proofs using JWT                                                   | --"--                                                                                                                                                                                                             |
+
+*) In its current form, the BitStringStatusList credential data
+model [conflicts](https://www.w3.org/TR/vc-bitstring-status-list/#bitstringstatuslistcredential) with the VC DataModel
+2.0, specifically regarding the validity period (`ttl` vs `validUntil`).
+
+## Profile authoring recommendations
+
+This non-normative section is intended to provide guidance to authors who aim at defining their own profile definition.
+
+For a usable profile, at least the following aspects must be defined:
+
+- VerifiableCredential Data Model
+- Revocation System: specifies how the validity and expiration of VerifiableCredentials is checked
+- Proof stack: how data integrity of the VC is to be provided
+
+In addition, it is possible to further constrain the profile, for example by limiting the number of acceptable
+cryptographic algorithms.

specifications/dsp.profile.md

@@ -41,8 +41,4 @@ catalog. The `CredentialsSupported` object contains the following properties:
 - `types`: REQUIRED. An array of verifiable credential type strings the credential corresponds to
 - `bindingMethod`: REQUIRED. String that identifies how the credential is bound to the identifier of the
   credential holder.
-- `cryptography` REQUIRED. An array of strings that identify the cryptographic standards supported for verifying
-  proofs. Values should either use those defined
-  by [IANA JOSE](https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms) for JWT-based VCs
-  or the [Linked Data Cryptographic Suite Registry](https://w3c-ccg.github.io/ld-cryptosuite-registry/) for LD-based
-  VCs.
+- `profiles` REQUIRED. An array of strings containing the aliases of the [profiles](./dcp.profiles.md), e.g. `"vc20-bssl/jwt"`.