Add mechanism to cryptographically secure non-credential VP properties (contexts etc)

[dmitrizagidulin]

(Extracting from issue #1265, as requested on the previous call.)
Verifiable Presentations need a way to cryptographically secure externally linked resources (such as @contexts) that is similar to the VC relatedResources/digestSRI mechanism.

[dmitrizagidulin]

My proposal - we add the relatedResources field to the VP data model. (That is, extend the domain of the relatedResources field to be either VC or VP.)

[OR13]

this is not an issue for vc-jose-cose, additional claims can be present, and if not understood they are ignored.

in the context of rdf, they get assigned "issuer dependent terms".

[OR13]

@dmitrizagidulin that functionality is still supported by what I said... and it still needs to be interpreted consistently by issuers and verifiers to be useful.

[dmitrizagidulin]

@OR13 I agree that schema-wise, it's not an issue for jose/cose serializations. However, we should still highlight its use in VPs, so that verifiers interpret it consistently

[iherman]

The issue was discussed in a meeting on 2023-11-28

• no resolutions were taken

View the transcript

1.2. Add mechanism to cryptographically secure non-credential VP properties (contexts etc) (issue vc-data-model#1360)

See github issue vc-data-model#1360.

Dmitri Zagidulin: We want to be able to lock these down cryptographically.
… We have only added this for verifiable credentials.
… But not for related resources.
… We need to do this for VPs.

Brent Zundel: Can the solution be as simple as saying "this section also refers to VPs".

Manu Sporny: Do you mean "related resources"?
… I can volunteer to write a PR for this.

Joe Andrieu: correct. id we need to secure contexts we should do that. arbitrary resources is a layer violation.

Phillip Long: pdl-asu has joined #vcwg-special.

Joe Andrieu: happy to review pr.

[msporny]

PR #1370 has been raised to address this issue. This issue will be closed once issue #1370 has been merged.

[msporny]

PR #1370 has failed to gain consensus.