AnonCreds Credentials using the W3C Standard - implementation #271
Conversation
Artemkaaas
commented
Nov 10, 2023
Artemkaaas
commented
- W3C credential and presentation definitions: tied to AnonCreds W3C form
- Method to convert legacy credential into W3C form
- Method to convert AnonCreds W3C credential into legacy form
- Methods to issue/process a credential in W3C form
- Methods to create/verify a presentation in W3C form
- Helper methods for W3C credential
Signed-off-by: Abdulbois <[email protected]>
Signed-off-by: artem.ivanov <[email protected]>
Signed-off-by: artem.ivanov <[email protected]>
Signed-off-by: artem.ivanov <[email protected]>
Signed-off-by: artem.ivanov <[email protected]>
Signed-off-by: artem.ivanov <[email protected]>
Signed-off-by: artem.ivanov <[email protected]>
Signed-off-by: artem.ivanov <[email protected]>
Signed-off-by: artem.ivanov <[email protected]>
Signed-off-by: artem.ivanov <[email protected]>
Artemkaaas
force-pushed
the
anoncreds-wc3
branch
from
d4a2912
to
cbc46fc
Compare
Signed-off-by: artem.ivanov <[email protected]>
Signed-off-by: artem.ivanov <[email protected]>
Signed-off-by: artem.ivanov <[email protected]>
Artemkaaas
force-pushed
the
anoncreds-wc3
branch
4 times, most recently
from
9620287
to
511a669
Compare
Signed-off-by: artem.ivanov <[email protected]>
Artemkaaas
force-pushed
the
anoncreds-wc3
branch
from
511a669
to
572001a
Compare
…thod Signed-off-by: artem.ivanov <[email protected]>
Artemkaaas
changed the title
|
@Artemkaaas is this ready for review, or should it still be in draft? |
Yes. There is still some work to do internally, but in general it already provides implementation of all necessary APIs |
…cation Signed-off-by: artem.ivanov <[email protected]>
Artemkaaas
force-pushed
the
anoncreds-wc3
branch
from
309d723
to
731734f
Compare
Signed-off-by: artem.ivanov <[email protected]>
Artemkaaas
force-pushed
the
anoncreds-wc3
branch
from
5919a45
to
61f2627
Compare
Signed-off-by: artem.ivanov <[email protected]>
Artemkaaas
force-pushed
the
anoncreds-wc3
branch
from
61f2627
to
30099e0
Compare
Artemkaaas
force-pushed
the
anoncreds-wc3
branch
from
db87012
to
498b28e
Compare
Signed-off-by: artem.ivanov <[email protected]>
Signed-off-by: artem.ivanov <[email protected]>
Artemkaaas
force-pushed
the
anoncreds-wc3
branch
from
9495af1
to
142af17
Compare
| W3CCredential { | ||
| context: ANONCREDS_CONTEXTS.clone(), | ||
| type_: ANONCREDS_CREDENTIAL_TYPES.clone(), | ||
| issuance_date: Utc::now(), | ||
| proof: OneOrMany::Many(Vec::new()), | ||
| ..Default::default() | ||
| } |
There was a problem hiding this comment.
This can just be the impl Default for W3CCredential....
| } | ||
| } | ||
|
|
||
| pub fn set_id(&mut self, id: URI) { |
There was a problem hiding this comment.
Not the biggest fan of this API right now, but I am also unsure what can be done to improve it.
Artemkaaas
force-pushed
the
anoncreds-wc3
branch
from
a27d6d9
to
a26b4cc
Compare
Signed-off-by: artem.ivanov <[email protected]>
Artemkaaas
force-pushed
the
anoncreds-wc3
branch
2 times, most recently
from
93c08f1
to
410ef34
Compare
Signed-off-by: artem.ivanov <[email protected]>
Artemkaaas
force-pushed
the
anoncreds-wc3
branch
from
410ef34
to
37444c4
Compare
Signed-off-by: artem.ivanov <[email protected]>
Signed-off-by: artem.ivanov <[email protected]>
Signed-off-by: artem.ivanov <[email protected]>
Artemkaaas
force-pushed
the
anoncreds-wc3
branch
from
309306f
to
ac39a95
Compare
Signed-off-by: artem.ivanov <[email protected]>
Signed-off-by: artem.ivanov <[email protected]>
Artemkaaas
force-pushed
the
anoncreds-wc3
branch
from
b71971b
to
95b01e2
Compare
|
@andrewwhitehead @berendsliedrecht -- could you please take a final pass through this PR and, if appropriate, approve it? Thanks! |
Signed-off-by: artem.ivanov <[email protected]>
…tent with the design Signed-off-by: artem.ivanov <[email protected]>
|
|
||
| #[derive(Debug, Clone, PartialEq, Eq)] | ||
| pub enum CredentialStatusType { | ||
| AnonCredsCredentialStatusList2023, |
There was a problem hiding this comment.
Been a bit out of the loop, will this be a new revocation scheme or just a placeholder for future work?
There was a problem hiding this comment.
It refers to the same revocation schema as we used before. We need to define a new typelike AnonCredsProof2023 for credentials and AnonCredsPresentationProof2023 for presentations.
| /// # Returns | ||
| /// Error code | ||
| #[no_mangle] | ||
| pub extern "C" fn anoncreds_create_w3c_credential_offer( |
There was a problem hiding this comment.
I likely have missed some previous discussions surrounding this, but why is this method added? I have no real objection to it, just more curious.
There was a problem hiding this comment.
We discussed during one of the community group calls.
There are 6 methods for running issuance/verification flow methods in total.
We have to duplicate at least 4 of them: create_credential, process_credential, create_presentation, verify_presentation.
credential_offer and credential_request are not changed for the current moment. It's clearer to use the same set of methods for running the whole w3c credential issuance process. Also, potentially offer and request can be adjusted for W3C standard somehow in future.
| /// # Returns | ||
| /// Error code | ||
| #[no_mangle] | ||
| pub extern "C" fn anoncreds_w3c_credential_set_id( |
There was a problem hiding this comment.
Is there a specific reason why we expose these set methods over FFI? IIRC we did not do that for the anoncreds credentials, is this a nice convience for w3c specifically after conversion or something?
There was a problem hiding this comment.
We added these helper methods to provide an ability to set Non-AnonCreds Data Integrity Proof Signatures for generated W3C credential objects. So that W3C credentials may contain multiple signatures to use in future.
It's up to application whether to use these methods or add proof by itself.
src/services/issuer.rs
Outdated
| } | ||
|
|
||
| impl<'a> CLCredentialIssuer<'a> { | ||
| pub(crate) fn init( |
There was a problem hiding this comment.
Is there a specific reason why this is not just new and why does it return a Result?
There was a problem hiding this comment.
Can be updated.
CLCredentialIssuer returns Result only to be aligned with other CL helpers (like CLCredentialProver) which does more steps on the init and truly returns Result.
| ) -> Result<SubProofRequest> { | ||
| trace!("_build_sub_proof_request <<< req_attrs_for_credential: {:?}, req_predicates_for_credential: {:?}", | ||
| req_attrs_for_credential, req_predicates_for_credential); | ||
| pub(crate) struct CLCredentialProver<'a> { |
There was a problem hiding this comment.
Could it be possible to just handle this without the lifetime? Whats the reason we need a ref?
There was a problem hiding this comment.
It cannot because CLCredentialProver holds references requiring explicit lifetime definition
Signed-off-by: artem.ivanov <[email protected]>
# Conflicts: # docs/design/w3c/w3c-representation.md
|
w00t!!!! Awesome work @Artemkaaas ! Good stuff. |
