From 22e719b2ea11df9cf7a0a17cf404baece4eb511e Mon Sep 17 00:00:00 2001 From: Andor Kesselman Date: Fri, 6 Oct 2023 15:10:02 +0530 Subject: [PATCH 1/3] adding security considerations. --- spec.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/spec.md b/spec.md index 8514a09..9e0ae80 100644 --- a/spec.md +++ b/spec.md @@ -284,7 +284,20 @@ The following describes a sample profile document. } } ``` +### Security Considerations +This section describe a non-normative, non-exhaustive list of security considerations. + +#### Cryptography Suites and Libraries +_This section is non-normative._ + +Some aspects of the profile model described in this specification can be protected through the use of cryptography. It is important for implementers to understand the cryptography suites and libraries used to create and process credentials and presentations. Implementing and auditing cryptography systems generally requires substantial experience. Effective red teaming can also help remove bias from security reviews. + +#### Unsigned Profile Documents + +_This section is non-normative._ + +This specification allows profiles to be produced that do not contain signatures or proofs of any kind. These types of profiles are often useful for cases where users may not have the ability to take advantage of the cryptographic proof mechanisms. Endpoint systems should be aware that these types of profiles are not verifiable because the authorship either is not known or cannot be trusted. ### Future Work From bec44021de6ea94e31c937deab4e79882f87338c Mon Sep 17 00:00:00 2001 From: Andor Kesselman Date: Thu, 30 Nov 2023 06:12:53 -0800 Subject: [PATCH 2/3] added vc data model reference --- spec.md | 1 + 1 file changed, 1 insertion(+) diff --git a/spec.md b/spec.md index 9e0ae80..25fb8c2 100644 --- a/spec.md +++ b/spec.md @@ -316,3 +316,4 @@ provides clarity on the profile's purpose and its role within the DID ecosystem. - DID Core: https://www.w3.org/TR/did-core/ - Referenced mainly the DID Core spec. - DIDComm Messaging: https://identity.foundation/didcomm-messaging/spec/ - used for understanding how to update the service endpoint of the DID Document. +- https://www.w3.org/TR/vc-data-model/ From f5269d012a86ea0cd6a79a08107f8bfc0a384c9a Mon Sep 17 00:00:00 2001 From: Andor Kesselman Date: Thu, 30 Nov 2023 06:14:21 -0800 Subject: [PATCH 3/3] references and acknolwedgments --- spec.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec.md b/spec.md index 25fb8c2..04c6313 100644 --- a/spec.md +++ b/spec.md @@ -307,7 +307,7 @@ This pertains to defining the capabilities or services associated with the profile data. By outlining the functions embodied by the profile, this section provides clarity on the profile's purpose and its role within the DID ecosystem. -### References +### References and Acknowledgements - Initial Proposal: https://github.com/trustoverip/tswg-trust-registry-tf/discussions/96 - DID Linked Resources : @@ -316,4 +316,4 @@ provides clarity on the profile's purpose and its role within the DID ecosystem. - DID Core: https://www.w3.org/TR/did-core/ - Referenced mainly the DID Core spec. - DIDComm Messaging: https://identity.foundation/didcomm-messaging/spec/ - used for understanding how to update the service endpoint of the DID Document. -- https://www.w3.org/TR/vc-data-model/ +- https://www.w3.org/TR/vc-data-model/ : For the securtiy considerations and guidance on the profile document structure.