Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: align JWT fields according to RFC and VC spec #11

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

fix: align JWT fields according to RFC and VC spec #11

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
2b6cdbd
fix: align JWT fields according to RFC and VC spec
strumswell Aug 7, 2023
e1b362f
feat: define millisecond precision
strumswell Aug 7, 2023
f170b2f
fix: should not be ms. vc spec mandates seconds
strumswell Aug 7, 2023
f8b0968
fix: wording
strumswell Aug 9, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
80 changes: 42 additions & 38 deletions specification/draft/index.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -903,91 +903,95 @@ <h3>Example DSCSA-ATP-Credential</h3>
<section>
<h3>Verifiable Presentation of DSCSA Stakeholder Credentials</h3>
<p>
Verifiable Presentations may be used to combine and present credentials. They can be packaged in such a way that
the authorship of the data is verifiable. OCI generates a Verifiable Presentation after [[vc-data-model]]
specification.
Verifiable Presentations are used to combine and present credentials. They are packaged in such a way that
the ownership of the data is verifiable. OCI generates a Verifiable Presentation after [[vc-data-model]]
specification. OCI extends the <a href="https://www.w3.org/TR/vc-data-model/#jwt-decoding">JWT Encoding</a> and
[[RFC7519]] section 4.1 by defining its own optionality and usage guidelines.
</p>
<section>
<h3>Verifiable Presentation Metadata</h3>
<table class="simple">
<tr>
<th><b>Term</b></th>
<th><b>Description</b></th>
<th><b>Full IRI</b></th>
</tr>
<tr>
<td><b>jti</b></td>
<td><b>`jti`</b></td>
<td>
This field represents the id property of the verifiable presentation being generated.
A digital wallet MAY include a `jti` field in the JWT payload. This field represents the id property of
the Verifiable Presentation.
</td>
<td>https://w3c.github.io/vc-data-model/#jwt-encoding</td>
</tr>
<tr>
<td><b>iss</b></td>
<td><b>`iss`</b></td>
<td>
Represents the holder property of the verifiable presentation being generated.
A digital wallet SHALL include an iss field in the JWT payload. This field represents the holder property
of the Verifiable Presentation and SHALL be the Verifiable Credential's subject DID.
</td>
<td>https://w3c.github.io/vc-data-model/#jwt-encoding</td>
</tr>
<tr>
<td><b>aud</b></td>
<td><b>`aud`</b></td>
<td>
Verifiable Presentation Audience. We might include PI_Verification in this field to represent that this VP
is used in this context
<br>
We might include ATP_DSCSA in this field to represent that this VP is used in this context
A digital wallet SHALL NOT include an `aud` field in the JWT payload. The recipient's DID of the JWT is
not known during presentation generation.
</td>
<td>https://w3c.github.io/vc-data-model/#jwt-encoding</td>
</tr>
<tr>
<td><b>iat</b></td>
<td><b>`iat`</b></td>
<td>
Issuance Date of the VP in EPOCH format | Used for determining whether or not the VP is valid by including
the OCI validity time frame defined in Digital Wallet Conformance Criteria
A digital wallet SHALL include an `iat` field in the JWT payload. This field represents the UNIX timestamp
of the issuance date of the Verifiable Presentation.
</td>
<td>https://w3c.github.io/vc-data-model/#jwt-encoding</td>
</tr>
<tr>
<td><b>nbf</b></td>
<td><b>`nbf`</b></td>
<td>
Issuance Date of the VC in EPOCH format
A digital wallet MAY include a `nbf` field in the JWT payload. This field represents the UNIX timestamp
of the start date of the Verifiable Presentation's validity.
</td>
<td>https://w3c.github.io/vc-data-model/#jwt-encoding</td>
</tr>
<tr>
<td><b>exp</b></td>
<td><b>`exp`</b></td>
<td>
Expiration Date of the VC in EPOCH format
A digital wallet SHALL include an `exp` field in the JWT payload. This field represents the UNIX timestamp
expiration date of the Verifiable Presentation and SHALL be five minutes later than the issuance date.
</td>
<td>https://w3c.github.io/vc-data-model/#jwt-encoding</td>
</tr>
<tr>
<td><b>vp</b></td>
<td><b>`nonce`</b></td>
<td>
Contains the Verifiable Presentation
A digital wallet SHALL include a `nonce` field in the JWT payload. This field represents a random value
that is used to prevent replay attacks.
</td>
<td>https://w3c.github.io/vc-data-model/#jwt-encoding</td>
</tr>
<tr>
<td><b>vp.type</b></td>
<td><b>`vp`</b>
</td>
<td>
A digital wallet SHALL include a `vp` object in the JWT payload. This object contains further data of
the Verifiable Presentation.
</td>
bluesteens marked this conversation as resolved.
Show resolved Hide resolved
</tr>
<tr>
<td><b>`vp.@context`</b></td>
<td>
The type property is required and expresses the type of presentation, such as VerifiablePresentation.
A digital wallet SHALL include a `@context` field in the `vp` object. This field represents the context
of the Verifiable Presentation and SHALL be set to `https://www.w3.org/2018/credentials/v1`.
</td>
<td>https://w3c.github.io/vc-data-model/#presentations-0</td>
</tr>
<tr>
<td><b>vp.verifiableCredential</b></td>
<td><b>`vp.type`</b></td>
<td>
The VerifiableCredential (including all attributes) that are represented by this VP
A digital wallet SHALL include a `type` field in the `vp` object. This field represents the type of
the Verifiable Presentation and SHALL be set to `VerifiablePresentation`.
</td>
<td>https://w3c.github.io/vc-data-model/#presentations-0</td>
</tr>
<tr>
<td><b>nonce</b></td>
<td><b>`vp.verifiableCredential`</b></td>
<td>
Contains the corrUUID for which the VP has been generated for.
A digital wallet SHALL include a `verifiableCredential` field in the `vp` object. This field contains
the embedded ATP Verifiable Credential.
</td>
Copy link
Member

@bluesteens bluesteens Aug 9, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

so, did we lose a field that contains the corrUUID? not needed anymore?

re spelling:

verifiableCredential field

pls check capitalisation. seems to be a mix here and further above.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I moved it up. That's the nonce field you probably mean. It is verifiableCredential because that's how it's spelled in the JSON object. Camel case.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah, that's the "random value" you refer to further up. will it be clear enough for wallets to understand that they need to place the corrUUID in nonce or should we be explicit?

<td>https://www.iana.org/assignments/jwt/jwt.xhtml</td>
</tr>
</table>
</section>
Expand Down