-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathindex.html
254 lines (246 loc) · 9.17 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<title>W3C Verifiable Credentials Confidence Method</title>
<script
src="https://www.w3.org/Tools/respec/respec-w3c"
class="remove"
defer
></script>
<script class="remove">
// All config options at https://respec.org/docs/
var respecConfig = {
specStatus: "CG-DRAFT",
github: "https://github.com/w3c-ccg/confidence-method-spec/",
edDraftURI: "https://w3c-ccg.github.io/confidence-method-spec/",
editors: [
{ name: "Oliver Terbu", company: "Spruce Systems, Inc.", url: "https://spruceid.com" } ],
shortName: "confidence-method-spec",
wg: "W3C Credentials Community Group",
group: "credentials",
wgURI: "https://w3c-ccg.github.io/",
wgPublicList: "public-credentials",
xref: "web-platform",
maxTocLevel: 4,
};
</script>
</head>
<body>
<section id='abstract'>
<p>
This specification defines the Confidence Method property that can be used
with the the W3C Verifiable Credentials Data Model (VCDM). An issuer can
include one or more Confidence Methods in a verifiable credential to inform
verifiers of mechanisms they could use to increase their confidence in the
truth of a variety of things, including the following:
</p>
<p>
<ul>
<li>
a particular identifier in the verifiable credential refers to the same entity
the issuer intended it to refer to,
</li>
<li>
an entity, such as the presenter of a verifiable credential, is the same entity
that the issuer made claims about,
</li>
<li>
an entity controls, or has been designated to use, one or more mechanisms for
demonstrating proof-of-possession or proof-of-use of cryptographic key
material,
</li>
<li>
an entity identified in the verifiable credential can be checked against a
biometric.
</li>
</ul>
</p>
</section>
<section id='sotd'>
<p>
This is an experimental specification and is undergoing regular revisions. It
is not fit for production deployment.
</p>
</section>
<section class="informative">
<h2>Background</h2>
TBD
</section>
<section>
<h2>Terminology</h2>
<p>
The following terms are used to describe concepts involved in the
generation of Verifiable Credentials and Verifiable Presentations
using the confidence method property defined by this specification.
</p>
<dl>
<dt><dfn>Confidence Method</dfn></dt>
<dd>
TBD
</dd>
</dl>
</section>
<section>
<h2>Confidence Method</h2>
<p>
This specification defines the <code>confidenceMethod</code> <a>property</a>
for expressing confidence method information in a
<code>credentialSubject</code> in a <a>verifiable credential</a>.
</p>
<p>
A <a>verifier</a> can decide to accept <a>claims</a> in a <a>verifiable
credential</a> without requiring use of the confidence method, or use a
different mechanism to increase their confidence about whether, for
example, the <a>holder</a> is the same <a>entity</a> the issuer made
<a>claims</a> about in the <a>verifiable credential</a>. Such a decision
can impact the <a>verifier</a>'s liability or lack thereof if not
specified by other means such as a <code>termsOfUse</code> policy.
</p>
<div class="note">
<p>
For example, an <a>issuer</a> can include a confidence method based on public
key cryptography in the <a>verifiable credential</a>. A <a>holder</a> can
demonstrate they are able to generate and include a <a>proof</a> with a
cryptographic signature in the <a>verifiable presentation</a> that will verify
against the verification key expressed in the confidence method in the
embedded <a>verifiable credential</a>.
</p>
<p>
A <a>verifier</a> can validate that the <a>holder</a> controls,
or has been designated the ability to use, a confidence method
by verifying the <a>proof</a> of the <a>verifiable
presentation</a> using the information in the confidence method. The
confidence method can include the verification key, or the type of the
confidence method can define that the verification key is to be inferred from
other <a>properties</a> in the <a>verifiable credential</a>, such as the
<code>credentialSubject.id</code>.
</p>
</div>
<dl>
<dt><dfn>confidenceMethod</dfn></dt>
<dd>
<dd>
<p>
If present, the value of the <code>confidenceMethod</code> <a>property</a> is
one or more confidence methods. Each confidence method is bound to one or more
claims in the <a>verifiable credential</a>, and provides enough information for a
<a>verifier</a> to determine whether the <a>holder</a> can generate a
<a>verifiable presentation</a> to increase the <a>verifier's</a> confidence
that they are the same <a>entity</a> referenced by the confidence method.
This is referred to as satisfying the confidence method. It is required that
the <a>issuer</a> verifies the <a>holder</a> can satisfy each
<code>confidenceMethod</code> the <a>issuer</a> includes in the
<a>claims</a> of the <a>verifiable credential</a>s they issue.
</p>
<p>
Each confidence method MUST specify its <code>type</code> and MAY specify an
<code>id</code>. The precise <a>properties</a> and semantics of each
confidence method are determined by the specific
<code>confidenceMethod</code> type definition.
</p>
</dd>
</dl>
<p>
The following example demonstrates a confidence method based on proving
possession of a cryptographic key. The corresponding public key is a
type-specific property of the confidence method.
</p>
<pre class="example nohighlight"
title="Usage of the confirmationMethod property of type VerificationKeyConfirmation">
{
"@context": [
"https://www.w3.org/ns/credentials/v2",
"https://www.w3.org/ns/credentials/examples/v2"
],
"id": "http://example.edu/credentials/3732",
"type": ["VerifiableCredential", "UniversityDegreeCredential"],
"issuer": "https://example.edu/issuers/14",
"validFrom": "2010-01-01T19:23:24Z",
"credentialSubject": {
<span class="highlight">"confidenceMethod": [{
"type": "VerificationKeyConfirmation",
"publicKeyJwk": {
"crv": "Ed25519",
"x": "VCpo2LMLhn6iWku8MKvSLg2ZAoC-nlOyPVQaO3FxVeQ",
"kty": "OKP",
"kid": "_Qq0UL2Fq651Q0Fjd6TvnYE-faHiOpRlPVQcY_-tA4A"
}
},{
"type": "VerificationKeyConfirmation",
"publicKeyMultibase": "zH3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
}]</span>,
"degree": {
"type": "BachelorDegree",
"name": "Bachelor of Science and Arts"
}
},
"proof": { <span class="comment">...</span> }
}
</pre>
<p class="note">
A confidence method can express various metadata such as the <a>issuer</a>'s
level of confidence that the <a>holder</a> is the entity referenced by a
<a>subject</a> of the <a>verifiable credential</a>, specific form factors or
mechanisms of authenticators, and/or references to other <a>verifiable credentials</a>
or versioned trust frameworks. For example, an <a>issuer</a> can make a
<a>claim</a> about a confidence method that is based on a cryptographic key
pair, but to produce a signature using that key, the <a>holder</a> has to unlock
a device using multi-factor authentication.
</p>
</section>
<section id="conformance">
<p class="issue" title="TBD">
Add conformance section
</p>
</section>
<section>
<h2>Security Considerations</h2>
<p class="issue" title="TBD">
Add security considerations section
</p>
</section>
<section class="normative">
<h1>The Registry</h1>
<section class="normative">
<h1>Confidence Methods</h1>
<p>
This table summarizes the Confidence Method specifications currently
in development. The table lists the method name, associated specification,
authors, stability of the specification, and conformance test suite
(if applicable).
</p>
<table class="simple">
<thead>
<tr>
<th>Method Name</th>
<th>Specification</th>
<th>Authors</th>
<th>Stability</th>
<th>Test Suite</th>
</tr>
</thead>
<tbody>
<tr>
<td>
VerificationKeyConfirmation
</td>
<td>
This document
</td>
<td>
Oliver Terbu
</td>
<td>
Experimental
</td>
<td>
None
</td>
</tr>
</tbody>
</table>
</section>
</section>
</body>
</html>