From a22d1f7d47fb7be959c8285d14fa2a85c6503fb6 Mon Sep 17 00:00:00 2001 From: Ivan Herman Date: Wed, 27 Dec 2023 14:35:56 +0100 Subject: [PATCH 1/6] Add initial set of JOSE diagrams. --- diagrams/vc-jwt.drawio | 166 ++++++++++++++++ diagrams/vc-jwt.svg | 313 ++++++++++++++++++++++++++++++ diagrams/vp-jwt.drawio | 232 ++++++++++++++++++++++ diagrams/vp-jwt.svg | 428 +++++++++++++++++++++++++++++++++++++++++ index.html | 133 ++++++++++--- 5 files changed, 1247 insertions(+), 25 deletions(-) create mode 100644 diagrams/vc-jwt.drawio create mode 100644 diagrams/vc-jwt.svg create mode 100644 diagrams/vp-jwt.drawio create mode 100644 diagrams/vp-jwt.svg diff --git a/diagrams/vc-jwt.drawio b/diagrams/vc-jwt.drawio new file mode 100644 index 000000000..92cdacaeb --- /dev/null +++ b/diagrams/vc-jwt.drawio @@ -0,0 +1,166 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/diagrams/vc-jwt.svg b/diagrams/vc-jwt.svg new file mode 100644 index 000000000..d04f39a10 --- /dev/null +++ b/diagrams/vc-jwt.svg @@ -0,0 +1,313 @@ + + + + + +
+
+
+ + + JWS (Decoded) + + +
+
+
+ + JWS (Decoded) + + + + + + +
+
+
+ Header +
+
+
+ + Header + + + + +
+
+
+ Payload +
+
+
+ + Payload   + + + + +
+
+
+ Signature +
+
+
+ + Signature + + + + + + + + + +
+
+
+ + + verifiable credential graph +
+ (serialized in JSON) +
+ + +
+
+
+ + verifiable credential... + + + + +
+
+
+ + + Example University + + +
+
+
+ + Example University + + + + +
+
+
+ + + 2010-01-01T10:37.24Z + + +
+
+
+ + 2010-01-01T10:37.24Z + + + + +
+
+
+ + + Example Alumni Credential + + +
+
+
+ + Example Alumni Credent... + + + + +
+
+
+ + + Credential123 + + +
+
+
+ + Credential123 + + + + +
+
+
+ + + Pat + + +
+
+
+ + Pat + + + + + +
+
+
+ type +
+
+
+ + type + + + + + +
+
+
+ type +
+
+
+ + type + + + +
+
+
+ validFrom +
+
+
+ + validFrom  + + + + + +
+
+
+ issuer +
+
+
+ + issuer + + + + + +
+
+
+ credentialSubject +
+
+
+ +  credentialSubject  + + + + + +
+
+
+ alumniOf +
+
+
+ + alumniOf + + + + + +
+
+
+ DtEhU3ljbEg8L38VWAfUA... +
+
+
+ + DtEhU3ljbEg8L38VWAfUA... + + + + + +
+
+
+ + kid: https://example.com/keys/#1234 + +
+
+
+ + kid: https://example.com/keys/#12... + + + + +
+
+
+ + alg: E384 + +
+
+
+ + alg: E384 + + + + +
+
+
+ + cty: vc+ld+json + +
+
+
+ + cty: vc+ld+json + + diff --git a/diagrams/vp-jwt.drawio b/diagrams/vp-jwt.drawio new file mode 100644 index 000000000..39efa44ed --- /dev/null +++ b/diagrams/vp-jwt.drawio @@ -0,0 +1,232 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/diagrams/vp-jwt.svg b/diagrams/vp-jwt.svg new file mode 100644 index 000000000..047795328 --- /dev/null +++ b/diagrams/vp-jwt.svg @@ -0,0 +1,428 @@ + + + + + +
+
+
+ + + JWT (Decoded) + + +
+
+
+ + JWT (Decoded) + + + + + + +
+
+
+ Header +
+
+
+ + Header + + + + +
+
+
+ Payload +
+
+
+ + Payload   + + + + +
+
+
+ Signature +
+
+
+ + Signature + + + + + + + + + +
+
+
+ XaOOh4ljklxH7L99RTVSfOl... +
+
+
+ + XaOOh4ljklxH7L99RTVSfOl... + + + + + +
+
+
+ + kid: https://example.com/keys/#1234 + +
+
+
+ + kid: https://example.com/keys/#12... + + + + +
+
+
+ + alg: E384 + +
+
+
+ + alg: E384 + + + + +
+
+
+ + cty: vp+ld+json + +
+
+
+ + cty: vp+ld+json + + + + + + +
+
+
+ + + verifiable presentation graph +
+ (serialized in JSON) +
+ + +
+
+
+ + verifiable presentation gr... + + + + + +
+
+
+ + + Presentation ABC + + +
+
+
+ + Presentation ABC + + + + +
+
+
+ + + VerifiablePresentation + + +
+
+
+ + VerifiablePresentation + + + + +
+
+
+ + + DoNotArchive + + +
+
+
+ + DoNotArchive + + + + + +
+
+
+ termsOfUse +
+
+
+ +  termsOfUse  + + + + + +
+
+
+ type +
+
+
+ +  type  + + + + + +
+
+
+ verifiableCredential +
+
+
+ + verifiableCredential + + + + +
+
+
+ + + Example University + + +
+
+
+ + Example University + + + + +
+
+
+ + + 2010-01-01T10:37.24Z + + +
+
+
+ + 2010-01-01T10:37.24Z + + + + +
+
+
+ + + Example Alumni Credential + + +
+
+
+ + Example Alumni Creden... + + + + +
+
+
+ + + Credential123 + + +
+
+
+ + Credential123 + + + + +
+
+
+ + + Pat + + +
+
+
+ + Pat + + + + + +
+
+
+ type +
+
+
+ + type + + + + + +
+
+
+ type +
+
+
+ + type + + + +
+
+
+ validFrom +
+
+
+ + validFrom  + + + + + +
+
+
+ issuer +
+
+
+ + issuer + + + + + +
+
+
+ credentialSubject +
+
+
+ +  credentialSubject  + + + + + +
+
+
+ alumniOf +
+
+
+ + alumniOf + + + + +
+
+
+ + + verifiable credential graph +
+ (serialized in JSON) +
+ + +
+
+
+ + verifiable credential grap... + + diff --git a/index.html b/index.html index 8947e8811..aec068fa8 100644 --- a/index.html +++ b/index.html @@ -768,15 +768,18 @@

Credentials

above shows the basic components of a [=verifiable credential=], but abstracts the details about how [=claims=] are organized into information [=graphs=], which are then organized into -[=verifiable credentials=]. below shows a -more complete depiction of a [=verifiable credential=], which is normally -composed of at least two information [=graphs=]. The first [=graph=] -(the [=verifiable credential graph=], in this case the [=default graph=]) -expresses the [=verifiable credential=] itself, which contains credential -metadata and other [=claims=]. The second [=graph=] -(the proof graph of the [=verifiable credential=], which is a -named graph) expresses the digital proof, which is, in this case, a -digital signature. +[=verifiable credentials=]. +

+

+ below shows a more complete depiction of a +[=verifiable credential=] using an [=embedded proof=] based on [[?VC-DATA-INTEGRITY]]. +It is composed of at least two information [=graphs=]. +The first [=graph=] (the [=verifiable credential graph=], in this case the [=default graph=]) +expresses the [=verifiable credential=] itself through credential metadata and other [=claims=]. +The second [=graph=], referred to by the proof property, is the [=proof graph=] +of the [=verifiable credential=], and is a separate [=named graph=]. +The [=proof graph=] expresses the digital proof, which is, in this case, a digital +signature.

@@ -796,7 +799,39 @@

Credentials

parenthetical remark '(the default graph)', the verifiable credential proof graph is annotated with the parenthetical remark '(a named graph)'.">
-Information graphs associated with a basic verifiable credential. +Information graphs associated with a basic verifiable credential, using an [=embedded proof=] +based on [[[VC-DATA-INTEGRITY]]] [[?VC-DATA-INTEGRITY]]. +
+
+ +

+ below shows the same [=verifiable credential=] + as , but using an [=enveloping proof=] based on [[?VC-JOSE-COSE]]. + The payload contains a single information graph, namely the the [=verifiable credential graph=] + containing credential metadata and other [=claims=]. +

+ +
+ Diagram with, on the left, + a box, labeled as 'JWT (Decoded)', and with three textual labels + stacked vertically, namely 'Header', 'Payload', and 'Signature'. + The 'Header' label is connected, with an arrow, to a separate rectangle + on the right hand side containing three text fields: 'kid: https://example.com/keys/#1234', + 'alg: E384', and 'cty: vc+ld+json'. + The 'Payload' label of the left side is connected, with an arrow, to a separate rectangle, + containing a single graph. + The rectangle has a label: 'verifiable credential graph (serialized in JSON)' + The claims in the graph include 'Credential 123' as a subject + with 4 properties: 'type' of value 'ExampleAlumniCredential', + 'issuer' of 'Example University', 'validFrom' of '2010-01-01T19:23:24Z', and + 'credentialSubject' of 'Pat', who also has an 'alumniOf' property with value of + 'Example University'. + Finally, the 'Signature' label on the left side is connected, with an + arrow, to a separate rectangle, containing a single text field: + 'DtEhU3ljbEg8L38VWAfUA...'. +
+ Information graphs associated with a basic verifiable credential, using an [=enveloping proof=] + based on [[[VC-JOSE-COSE]]] [[?VC-JOSE-COSE]].
@@ -859,20 +894,24 @@

Presentations

below shows a more complete depiction of a -[=verifiable presentation=], which is normally composed of at least four -information [=graphs=]. The first of these [=graphs=], the -[=verifiable presentation graph=] (which is the [=default graph=]), -expresses the [=verifiable presentation=] itself, and contains presentation -metadata. The `verifiableCredential` property in the verifiable -presentation graph refers to one or more [=verifiable credentials=], each -being one of the second information [=graphs=], i.e., a self-contained -[=verifiable credential graph=] which in turn contains credential metadata -and other claims. Each of these graphs are separate [=named graphs=]. The -third information [=graph=], the verifiable credential [=proof graph=], -expresses the credential graph proof, which is usually a digital signature. The -fourth information [=named graph=], the presentation [=proof graph=], -expresses the presentation's digital proof, which is usually a digital -signature. +[=verifiable presentation=] using an embedded proof +based on [[?VC-DATA-INTEGRITY]]. +It is composed of at least four information [=graphs=]. +The first of these [=graphs=], the [=verifiable presentation graph=] +(which is the [=default graph=]), expresses the [=verifiable presentation=] +itself through presentation metadata. +The verifiable presentation refers, via the verifiableCredential property, +to a [=verifiable credential=]. +This credential is a self-contained [=verifiable credential graph=] containing +credential metadata and other [=claims=]. +This credential refers to a verifiable credential [=proof graph=] via a proof property, +expressing the proof of the credential (usually a digital signature). +This [=verifiable credential graph=], linked to the [=proof graph=], constitute +the second and third information graphs, respectively, and are both separate [=named graphs=]. +The presentation also refers, via the proof property, to +the fourth information [=named graph=], namely the presentation's [=proof graph=]. +This presentation proof graph represents the digital signature of the verifiable presentation graph, +the credential graph, and the proof graph linked from the credential graph.

@@ -893,14 +932,58 @@

Presentations

'p2KaZ...8Fj3K='. This graph is annotated with the parenthetical remark '(a named graph)'">
-Information graphs associated with a basic verifiable presentation. +Information graphs associated with a basic verifiable presentation using an [=embedded proof=] +based on [[[VC-DATA-INTEGRITY]]] [[?VC-DATA-INTEGRITY]].
+

+ below shows the same [=verifiable presentation=] + as , but using an [=enveloping proof=] based on [[?VC-JOSE-COSE]]. + The payload contains only two information graphs: the [=verifiable presentation graph=] + expressing the [=verifiable presentation=] itself through presentation metadata, + and the corresponding [=verifiable credential graph=], referred to by + the verifiableCredential property. + The verifiable credential graph contains credential metadata and other claims. +

+ +
+ Diagram with, on the left, + a box, labeled as 'JWT (Decoded)', and with three textual labels + stacked vertically, namely 'Header', 'Payload', and 'Signature'. + The 'Header' label is connected, with an arrow, to a separate rectangle + on the right side of the diagram containing three text + fields: 'kid: https://example.com/keys/#1234', 'alg: E384', and 'cty: vp+ld+json'. + The 'Payload' label of the left side is connected, with an arrow, to a separate rectangle, + consisting of two related graphs (stacked vertically) connected + by a an arrow labeled 'verifiableCredential'. + The two graphs have each a label 'verifiable presentation graphs (serialized in JSON)' and + 'verifiable credential graph (serialized in JSON)', respectively. + The top graph in the rectangle has and object 'Presentation ABC' with 3 properties: 'type' + of value VerifiablePresentation, 'termsOfUse' of value 'Do Not Archive'. + The bottom graph includes 'Credential 123' as a subject + with 4 properties: 'type' of value ExampleAlumniCredential, + 'issuer' of Example University, 'validFrom' of 2010-01-01T19:23:24Z, and + credentialSubject of Pat, who also has an 'alumniOf' property with value of + 'Example University'. + Finally, the 'Signature' label on the left side is connected, with an + arrow, to a separate rectangle, containing a single text field: + 'XaOOh4ljklxH7L99RTVSfOl...'. +
+ Information graphs associated with a basic verifiable presentation, using an [=enveloping proof=] + based on [[[VC-JOSE-COSE]]] [[?VC-JOSE-COSE]]. +
+
+ +

It is possible to have a [=presentation=], such as a business persona, which draws on multiple [=credentials=] about different [=subjects=] that are often, but not required to be, related. +This is achieved by using the verifiableCredential property to +refer to multiple verifiable credentials. In the [=embedded proof=] case this means adding several verifiable credential +graphs, each with its own, separate proof graph; the number of information graphs becomes then six, eight, etc. +In the [=enveloping proof=] case the additional verifiable credential graphs are added to the same payload.

From 9c81a5d5b4186938358ad4d0bf89eb2cfe5a9983 Mon Sep 17 00:00:00 2001 From: Ivan Herman Date: Thu, 28 Dec 2023 09:04:11 +0100 Subject: [PATCH 2/6] Fix grammar in JWT diagram descriptions. Co-authored-by: Ted Thibodeau Jr --- index.html | 59 +++++++++++++++++++++++++++--------------------------- 1 file changed, 29 insertions(+), 30 deletions(-) diff --git a/index.html b/index.html index aec068fa8..8b7a9d3e5 100644 --- a/index.html +++ b/index.html @@ -774,11 +774,11 @@

Credentials

below shows a more complete depiction of a [=verifiable credential=] using an [=embedded proof=] based on [[?VC-DATA-INTEGRITY]]. It is composed of at least two information [=graphs=]. -The first [=graph=] (the [=verifiable credential graph=], in this case the [=default graph=]) -expresses the [=verifiable credential=] itself through credential metadata and other [=claims=]. -The second [=graph=], referred to by the proof property, is the [=proof graph=] +The first of these information [=graphs=], the [=verifiable credential graph=] (which is the [=default graph=]), +expresses the [=verifiable credential=] itself, through [=credential=] metadata and other [=claims=]. +The second information [=graph=], referred to by the proof property, is the [=proof graph=] of the [=verifiable credential=], and is a separate [=named graph=]. -The [=proof graph=] expresses the digital proof, which is, in this case, a digital +The [=proof graph=] expresses the digital proof, which, in this case, is a digital signature.

@@ -807,8 +807,8 @@

Credentials

below shows the same [=verifiable credential=] as , but using an [=enveloping proof=] based on [[?VC-JOSE-COSE]]. - The payload contains a single information graph, namely the the [=verifiable credential graph=] - containing credential metadata and other [=claims=]. + The payload contains a single information graph, that being the [=verifiable credential graph=] + containing [=credential=] metadata and other [=claims=].

@@ -818,13 +818,13 @@

Credentials

The 'Header' label is connected, with an arrow, to a separate rectangle on the right hand side containing three text fields: 'kid: https://example.com/keys/#1234', 'alg: E384', and 'cty: vc+ld+json'. - The 'Payload' label of the left side is connected, with an arrow, to a separate rectangle, + The 'Payload' label on the left side is connected, with an arrow, to a separate rectangle, containing a single graph. The rectangle has a label: 'verifiable credential graph (serialized in JSON)' The claims in the graph include 'Credential 123' as a subject - with 4 properties: 'type' of value 'ExampleAlumniCredential', - 'issuer' of 'Example University', 'validFrom' of '2010-01-01T19:23:24Z', and - 'credentialSubject' of 'Pat', who also has an 'alumniOf' property with value of + with 4 properties: 'type' with value 'ExampleAlumniCredential', + 'issuer' with value 'Example University', 'validFrom' with value '2010-01-01T19:23:24Z', and + 'credentialSubject' with value 'Pat', who also has an 'alumniOf' property with value 'Example University'. Finally, the 'Signature' label on the left side is connected, with an arrow, to a separate rectangle, containing a single text field: @@ -897,21 +897,20 @@

Presentations

[=verifiable presentation=] using an embedded proof based on [[?VC-DATA-INTEGRITY]]. It is composed of at least four information [=graphs=]. -The first of these [=graphs=], the [=verifiable presentation graph=] +The first of these information [=graphs=], the [=verifiable presentation graph=] (which is the [=default graph=]), expresses the [=verifiable presentation=] -itself through presentation metadata. -The verifiable presentation refers, via the verifiableCredential property, +itself through [=presentation=] metadata. +The [=verifiable presentation=] refers, via the verifiableCredential property, to a [=verifiable credential=]. -This credential is a self-contained [=verifiable credential graph=] containing -credential metadata and other [=claims=]. -This credential refers to a verifiable credential [=proof graph=] via a proof property, -expressing the proof of the credential (usually a digital signature). -This [=verifiable credential graph=], linked to the [=proof graph=], constitute -the second and third information graphs, respectively, and are both separate [=named graphs=]. -The presentation also refers, via the proof property, to -the fourth information [=named graph=], namely the presentation's [=proof graph=]. -This presentation proof graph represents the digital signature of the verifiable presentation graph, -the credential graph, and the proof graph linked from the credential graph. +This [=credential=] is a self-contained [=verifiable credential graph=] containing [=credential=] metadata and other [=claims=]. +This [=credential=] refers to a [=verifiable credential=] [=proof graph=] via a proof property, +expressing the proof (usually a digital signature) of the [=credential=]. +This [=verifiable credential graph=], and its linked [=proof graph=], constitute +the second and third information [=graphs=], respectively, and each is a separate [=named graph=]. +The [=presentation=] also refers, via the proof property, to +the [=presentation=]'s [=proof graph=], which is the fourth information [=graph=] (another [=named graph=]). +This [=presentation=] [=proof graph=] represents the digital signature of the [=verifiable presentation graph=], +the [=verifiable credential graph=], and the [=proof graph=] linked from the [=verifiable credential graph=].

@@ -932,7 +931,7 @@

Presentations

'p2KaZ...8Fj3K='. This graph is annotated with the parenthetical remark '(a named graph)'">
-Information graphs associated with a basic verifiable presentation using an [=embedded proof=] +Information [=graphs=] associated with a basic [=verifiable presentation=] that is using an [=embedded proof=] based on [[[VC-DATA-INTEGRITY]]] [[?VC-DATA-INTEGRITY]].
@@ -941,10 +940,10 @@

Presentations

below shows the same [=verifiable presentation=] as , but using an [=enveloping proof=] based on [[?VC-JOSE-COSE]]. The payload contains only two information graphs: the [=verifiable presentation graph=] - expressing the [=verifiable presentation=] itself through presentation metadata, + expressing the [=verifiable presentation=] itself through presentation metadata; and the corresponding [=verifiable credential graph=], referred to by the verifiableCredential property. - The verifiable credential graph contains credential metadata and other claims. + The [=verifiable credential graph=] contains [=credential=] metadata and other [=claims=].

@@ -970,7 +969,7 @@

Presentations

arrow, to a separate rectangle, containing a single text field: 'XaOOh4ljklxH7L99RTVSfOl...'.">
- Information graphs associated with a basic verifiable presentation, using an [=enveloping proof=] + Information graphs associated with a basic [=verifiable presentation=] that is using an [=enveloping proof=] based on [[[VC-JOSE-COSE]]] [[?VC-JOSE-COSE]].
@@ -981,9 +980,9 @@

Presentations

draws on multiple [=credentials=] about different [=subjects=] that are often, but not required to be, related. This is achieved by using the verifiableCredential property to -refer to multiple verifiable credentials. In the [=embedded proof=] case this means adding several verifiable credential -graphs, each with its own, separate proof graph; the number of information graphs becomes then six, eight, etc. -In the [=enveloping proof=] case the additional verifiable credential graphs are added to the same payload. +refer to multiple [=verifiable credentials=]. When using an [=embedded proof=], this means adding one or more [=verifiable credential graphs=], +each with its own, separate [=proof graph=]; the number of information [=graphs=] thus becomes six, eight, etc. +When using an [=enveloping proof=], the additional [=verifiable credential graphs=] are added to the same payload.

From fbb36451b8dacc8fbfa6215743d30e2175432493 Mon Sep 17 00:00:00 2001 From: Ivan Herman Date: Mon, 8 Jan 2024 17:02:17 +0100 Subject: [PATCH 3/6] Fix more issues in diagram descriptions. --- diagrams/vc-jwt.drawio | 52 +++++++---- diagrams/vc-jwt.svg | 204 +++++++++++++++++++++++++---------------- diagrams/vp-jwt.drawio | 63 ++++++++----- diagrams/vp-jwt.svg | 146 +++++++++++++++++++---------- index.html | 14 +-- 5 files changed, 306 insertions(+), 173 deletions(-) diff --git a/diagrams/vc-jwt.drawio b/diagrams/vc-jwt.drawio index 92cdacaeb..446eb275b 100644 --- a/diagrams/vc-jwt.drawio +++ b/diagrams/vc-jwt.drawio @@ -1,13 +1,13 @@ - + - + - + - + @@ -16,10 +16,10 @@ - + - + @@ -37,7 +37,7 @@ - + @@ -145,20 +145,38 @@ - - + + - - + + + + + + + + + + + + + + + + + + + + - - + + - - + + - - + + diff --git a/diagrams/vc-jwt.svg b/diagrams/vc-jwt.svg index d04f39a10..f14b34338 100644 --- a/diagrams/vc-jwt.svg +++ b/diagrams/vc-jwt.svg @@ -1,28 +1,28 @@ - - - + + + -
+
- JWS (Decoded) + SD-JWT (Decoded)
- JWS (Decoded) + SD-JWT (Decoded) - - - + + + -
+
Header @@ -30,12 +30,12 @@
- Header + Header - + -
+
Payload @@ -43,12 +43,12 @@
- Payload   + Payload   - + -
+
Signature @@ -56,17 +56,17 @@
- Signature + Signature - - - - - - + + + + + + -
+
@@ -81,12 +81,12 @@
- verifiable credential... + verifiable credential... - + -
+
@@ -98,12 +98,12 @@
- Example University + Example University - + -
+
@@ -115,12 +115,12 @@
- 2010-01-01T10:37.24Z + 2010-01-01T10:37.24Z - + -
+
@@ -132,12 +132,12 @@
- Example Alumni Credent... + Example Alumni Credent... - + -
+
@@ -149,12 +149,12 @@
- Credential123 + Credential123 - + -
+
@@ -166,13 +166,13 @@
- Pat + Pat - - + + -
+
type @@ -180,13 +180,13 @@
- type + type - - + + -
+
type @@ -194,11 +194,11 @@
- type + type -
+
validFrom @@ -206,13 +206,13 @@
- validFrom  + validFrom  - - + + -
+
issuer @@ -220,13 +220,13 @@
- issuer + issuer - - + + -
+
credentialSubject @@ -234,13 +234,13 @@
-  credentialSubject  +  credentialSubject  - - + + -
+
alumniOf @@ -248,13 +248,13 @@
- alumniOf + alumniOf - - + + -
+
DtEhU3ljbEg8L38VWAfUA... @@ -262,43 +262,76 @@
- DtEhU3ljbEg8L38VWAfUA... + DtEhU3ljbEg8L38VWAfUA... - - + + -
+
- kid: https://example.com/keys/#1234 + kid: aB8J-_Z
- kid: https://example.com/keys/#12... + kid: aB8J-_Z - + -
+
+
+
+ + iss: https://example.com + +
+
+
+ + iss: https://example.com + + + + +
- alg: E384 + alg: ES384 + +
+
+
+ + alg: ES384 + + + + +
+
+
+ + iat: + + 1704690029 +
- alg: E384 + iat: 1704690029 - + -
+
@@ -308,6 +341,21 @@
- cty: vc+ld+json + cty: vc+ld+json + + + + +
+
+
+ + typ: vc+ld-json+sd-jwt + +
+
+
+ + typ: vc+ld-json+sd-jwt diff --git a/diagrams/vp-jwt.drawio b/diagrams/vp-jwt.drawio index 39efa44ed..2fd2a8336 100644 --- a/diagrams/vp-jwt.drawio +++ b/diagrams/vp-jwt.drawio @@ -1,13 +1,13 @@ - + - + - + - + @@ -45,22 +45,7 @@ - - - - - - - - - - - - - - - - + @@ -223,9 +208,45 @@ - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/diagrams/vp-jwt.svg b/diagrams/vp-jwt.svg index 047795328..789145da2 100644 --- a/diagrams/vp-jwt.svg +++ b/diagrams/vp-jwt.svg @@ -1,5 +1,5 @@ - - + + @@ -8,14 +8,14 @@
- JWT (Decoded) + SD-JWT (Decoded)
- JWT (Decoded) + SD-JWT (Decoded) @@ -76,52 +76,6 @@ XaOOh4ljklxH7L99RTVSfOl... - - - - -
-
-
- - kid: https://example.com/keys/#1234 - -
-
-
- - kid: https://example.com/keys/#12... - - - - -
-
-
- - alg: E384 - -
-
-
- - alg: E384 - - - - -
-
-
- - cty: vp+ld+json - -
-
-
- - cty: vp+ld+json - @@ -425,4 +379,96 @@ verifiable credential grap... + + + + +
+
+
+ + kid: aB8J-_Z + +
+
+
+ + kid: aB8J-_Z + + + + +
+
+
+ + iss: https://example.com + +
+
+
+ + iss: https://example.c... + + + + +
+
+
+ + alg: ES384 + +
+
+
+ + alg: ES384 + + + + +
+
+
+ + iat: + + 1704690029 +
+
+
+ + iat: 1704690029 + + + + +
+
+
+ + cty: vp+ld+json + +
+
+
+ + cty: vp+ld+json + + + + +
+
+
+ + typ: vp+ld-json+sd-jwt + +
+
+
+ + typ: vp+ld-json+sd-jwt + diff --git a/index.html b/index.html index 8b7a9d3e5..46a3bec0f 100644 --- a/index.html +++ b/index.html @@ -806,18 +806,18 @@

Credentials

below shows the same [=verifiable credential=] - as , but using an [=enveloping proof=] based on [[?VC-JOSE-COSE]]. + as , but using JOSE based on [[?VC-JOSE-COSE]]. The payload contains a single information graph, that being the [=verifiable credential graph=] containing [=credential=] metadata and other [=claims=].

Diagram with, on the left, - a box, labeled as 'JWT (Decoded)', and with three textual labels + a box, labeled as 'SD-JWT (Decoded)', and with three textual labels stacked vertically, namely 'Header', 'Payload', and 'Signature'. The 'Header' label is connected, with an arrow, to a separate rectangle - on the right hand side containing three text fields: 'kid: https://example.com/keys/#1234', - 'alg: E384', and 'cty: vc+ld+json'. + on the right hand side containing six text fields: 'kid: aB8J-_Z', + 'alg: ES384', and 'cty: vc+ld+json', iss: https://example.com, iat: 1704690029, and typ: vc+ld+json+sd-jwt The 'Payload' label on the left side is connected, with an arrow, to a separate rectangle, containing a single graph. The rectangle has a label: 'verifiable credential graph (serialized in JSON)' @@ -951,8 +951,8 @@ <h3>Presentations</h3> a box, labeled as 'JWT (Decoded)', and with three textual labels stacked vertically, namely 'Header', 'Payload', and 'Signature'. The 'Header' label is connected, with an arrow, to a separate rectangle - on the right side of the diagram containing three text - fields: 'kid: https://example.com/keys/#1234', 'alg: E384', and 'cty: vp+ld+json'. + on the right hand side containing six text fields: 'kid: aB8J-_Z', + 'alg: ES384', and 'cty: vc+ld+json', iss: https://example.com, iat: 1704690029, and typ: vp+ld+json+sd-jwt The 'Payload' label of the left side is connected, with an arrow, to a separate rectangle, consisting of two related graphs (stacked vertically) connected by a an arrow labeled 'verifiableCredential'. @@ -970,7 +970,7 @@ <h3>Presentations</h3> 'XaOOh4ljklxH7L99RTVSfOl...'.
Information graphs associated with a basic [=verifiable presentation=] that is using an [=enveloping proof=] - based on [[[VC-JOSE-COSE]]] [[?VC-JOSE-COSE]]. + based on JOSE [[?VC-JOSE-COSE]].
From b31a220e92e1c44ce5c8837aff76e74090b9298c Mon Sep 17 00:00:00 2001 From: Ivan Herman Date: Wed, 10 Jan 2024 10:31:49 +0100 Subject: [PATCH 4/6] Example diagrams multiple credentials (#1407) * Created the new diagrams * Invalid term * Added the reference and explanations to the text * Apply suggestions from code review Co-authored-by: Ted Thibodeau Jr * Manually added Ted's changes on the alt text. --------- Co-authored-by: Ted Thibodeau Jr --- diagrams/vp-graph-mult-creds.drawio | 635 ++++++++++++++ diagrams/vp-graph-mult-creds.svg | 1197 +++++++++++++++++++++++++++ index.html | 63 +- 3 files changed, 1885 insertions(+), 10 deletions(-) create mode 100644 diagrams/vp-graph-mult-creds.drawio create mode 100644 diagrams/vp-graph-mult-creds.svg diff --git a/diagrams/vp-graph-mult-creds.drawio b/diagrams/vp-graph-mult-creds.drawio new file mode 100644 index 000000000..530c6de87 --- /dev/null +++ b/diagrams/vp-graph-mult-creds.drawio @@ -0,0 +1,635 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/diagrams/vp-graph-mult-creds.svg b/diagrams/vp-graph-mult-creds.svg new file mode 100644 index 000000000..1ea8d470f --- /dev/null +++ b/diagrams/vp-graph-mult-creds.svg @@ -0,0 +1,1197 @@ + + + + + +
+
+
+ + + Presentation ABC + + +
+
+
+ + Presentation ABC + + + + +
+
+
+ + + VerifiablePresentation + + +
+
+
+ + VerifiablePresentation + + + + +
+
+
+ + + DoNotArchive + + +
+
+
+ + DoNotArchive + + + + + +
+
+
+ termsOfUse +
+
+
+ +  termsOfUse  + + + + + +
+
+
+ type +
+
+
+ +  type  + + + + + +
+
+
+ verifiableCredential +
+
+
+ + verifiableCredential + + + + + +
+
+
+ proof +
+
+
+ + proof + + + + +
+
+
+ + + verifiable presentation graph +
+ (the default graph) +
+ + +
+
+
+ + verifiable presentation gra... + + + + + +
+
+
+ + + Signature 8920 + + +
+
+
+ + Signature 8920 + + + + + +
+
+
+ type +
+
+
+ +  type  + + + +
+
+
+ verificationMethod +
+
+
+ + verificationMethod + + + + + +
+
+
+ created +
+
+
+ +  created + + + + + +
+
+
+ type +
+
+
+ +  type  + + + + + +
+
+
+ nonce +
+
+
+ + nonce  + + + + + +
+
+
+ proofValue +
+
+
+ + proofValue + + + + +
+
+
+ + + Example University Public Key 11 + + +
+
+
+ + Example University P... + + + + +
+
+
+ + + 2024-01-02T12:43.56Z + + +
+
+
+ + 2024-01-02T12:43.56Z + + + + +
+
+
+ + + Data Integrity Proof + + +
+
+
+ + Data Integrity Proof + + + + +
+
+
+ + + hasdkyruod87j + + +
+
+
+ + hasdkyruod87j + + + + +
+
+
+ + + zpweJHoan87 + + +
+
+
+ + zpweJHoan87 + + + + +
+
+
+ + + verifiable presentation proof graph +
+ (a named graph) +
+ + +
+
+
+ + verifiable presentation proof graph... + + + + + +
+
+
+ verifiableCredential +
+
+
+ + verifiableCredential + + + + + + +
+
+
+ + + Signature 456 + + +
+
+
+ + Signature 456 + + + + +
+
+
+

+ + + Example University Public Key 7 + + +

+
+
+
+ + Example Unive... + + + + +
+
+
+ + + 2022-06-18T21:19.10Z + + +
+
+
+ + 2022-06-18T21:19... + + + + +
+
+
+ + + Data Integrity Proof + + +
+
+
+ + Data Integrity... + + + + +
+
+
+ + + 34dj239dsj328 + + +
+
+
+ + 34dj239dsj328 + + + + +
+
+
+ + + zBavE110…3JT2pq + + +
+
+
+ + zBavE110…3JT2pq + + + + + +
+
+
+ + verificationMethod + +
+
+
+ + verificationMethod + + + + + +
+
+
+ + created + +
+
+
+ +  created + + + + + +
+
+
+ + type + +
+
+
+ +   type   + + + + + +
+
+
+ + nonce + +
+
+
+ + nonce  + + + + + +
+
+
+ + proofValue + +
+
+
+ + proofValue  + + + + +
+
+
+

+ + + + verifiable credential proof graph + +
+ + (a named graph) + +
+ + +

+
+
+
+ + verifiable credential proo... + + + + +
+
+
+

+ + + verifiable credential graph +
+ (a named graph) +
+ + +

+
+
+
+ + verifiable cred... + + + + +
+
+
+ + + Example University + + +
+
+
+ + Example Unive... + + + + +
+
+
+ + + 2010-01-01T10:37.24Z + + +
+
+
+ + 2010-01-01T10:37... + + + + +
+
+
+

+ + + Example Alumni Credential + + +

+
+
+
+ + Example Alumni... + + + + +
+
+
+ + + Credential123 + + +
+
+
+ + Credential123 + + + + +
+
+
+ + + Pat + + +
+
+
+ + Pat + + + + + +
+
+
+ + type + +
+
+
+ + type + + + + + +
+
+
+ + validFrom + +
+
+
+ +  validFrom  + + + + + +
+
+
+ + issuer + +
+
+
+ + issuer + + + + + +
+
+
+ + credentialSubject + +
+
+
+ +   credentialSubject   + + + + + +
+
+
+ + alumniOf + +
+
+
+ + alumniOf + + + + + +
+
+
+ + proof + +
+
+
+ + proof + + + + + + +
+
+
+ + + Signature 789 + + +
+
+
+ + Signature 789 + + + + +
+
+
+

+ + + Example University Public Key 7 + + +

+
+
+
+ + Example Unive... + + + + +
+
+
+ + + 2024-01-01T10:50.10Z + + +
+
+
+ + 2024-01-01T10:50... + + + + +
+
+
+ + + Data Integrity Proof + + +
+
+
+ + Data Integrity... + + + + +
+
+
+ + + 45jhei78j0ei + + +
+
+
+ + 45jhei78j0ei + + + + +
+
+
+ + + zHbNml98dnao + + +
+
+
+ + zHbNml98dnao + + + + + +
+
+
+ + verificationMethod + +
+
+
+ + verificationMethod + + + + + +
+
+
+ + created + +
+
+
+ +  created + + + + + +
+
+
+ + type + +
+
+
+ +   type   + + + + + +
+
+
+ + nonce + +
+
+
+ + nonce  + + + + + +
+
+
+ + proofValue + +
+
+
+ + proofValue  + + + + +
+
+
+

+ + + + verifiable credential proof graph + +
+ + (a named graph) + +
+ + +

+
+
+
+ + verifiable credential proo... + + + + +
+
+
+

+ + + verifiable credential graph +
+ (a named graph) +
+ + +

+
+
+
+ + verifiable cred... + + + + +
+
+
+ + + Example University + + +
+
+
+ + Example Unive... + + + + +
+
+
+ + + 2024-01-01T10:37.24Z + + +
+
+
+ + 2024-01-01T10:37... + + + + +
+
+
+

+ + + Example Alumni Credent + + + ial + + +

+
+
+
+ + Example Alumni... + + + + +
+
+
+ + + Credential456 + + +
+
+
+ + Credential456 + + + + +
+
+
+ + + Ted + + +
+
+
+ + Ted + + + + + +
+
+
+ + type + +
+
+
+ + type + + + + + +
+
+
+
+
+
+
+ + + + +
+
+
+ + validFrom + +
+
+
+ +  validFrom   + + + + + +
+
+
+ + issuer + +
+
+
+ + issuer + + + + + +
+
+
+ + credentialSubject + +
+
+
+ +   credentialSubject   + + + + + +
+
+
+ + alumniOf + +
+
+
+ + alumniOf + + + + + +
+
+
+ + proof + +
+
+
+ + proof + + diff --git a/index.html b/index.html index 46a3bec0f..a6355b6c9 100644 --- a/index.html +++ b/index.html @@ -892,7 +892,7 @@

Presentations

[=verifiable credentials=] are organized into information [=graphs=], which are then organized into [=verifiable presentations=].

-

+

below shows a more complete depiction of a [=verifiable presentation=] using an embedded proof based on [[?VC-DATA-INTEGRITY]]. @@ -924,11 +924,11 @@

Presentations

graph is connected, through 'verifiableCredential', to the part of the figure which is identical to Figure 6, except that the verifiable credential graph is annotated to be a named graph instead of a default graph. -The verifiable presentation proof graph, has and object with 'Signature 8910' -with 5 properties: 'type' of DataIntegrityProof, 'verificationMethod' of Example -Presenter Public Key 11, 'created' of 2018-01-15T12:43:56Z, 'challenge' of -d28348djsj3239, a 'nonce' of 'd28348djsj3239', and 'proofValue' of -'p2KaZ...8Fj3K='. This graph is annotated with the parenthetical remark '(a +The verifiable presentation proof graph has an object with 'Signature 8910' +with 5 properties: 'type' with value 'DataIntegrityProof'; 'verificationMethod' with value 'Example +Presenter Public Key 11'; 'created' with value '2018-01-15T12:43:56Z'; +'nonce' with value 'd28348djsj3239'; and 'proofValue' with value +'zp2KaZ...8Fj3K='. This graph is annotated with the parenthetical remark '(a named graph)'">
Information [=graphs=] associated with a basic [=verifiable presentation=] that is using an [=embedded proof=] @@ -976,13 +976,13 @@

Presentations

-It is possible to have a [=presentation=], such as a business persona, which +It is possible to have a [=presentation=], such as a collection of university credentials, which draws on multiple [=credentials=] about different [=subjects=] that are often, but not required to be, related. This is achieved by using the verifiableCredential property to -refer to multiple [=verifiable credentials=]. When using an [=embedded proof=], this means adding one or more [=verifiable credential graphs=], -each with its own, separate [=proof graph=]; the number of information [=graphs=] thus becomes six, eight, etc. -When using an [=enveloping proof=], the additional [=verifiable credential graphs=] are added to the same payload. +refer to multiple [=verifiable credentials=]. +See , a variant of above, +for more details.

@@ -7146,6 +7146,49 @@

application/vp+ld+json

+
+

Additional Diagrams

+ +

+ below is a variant of : + a [=verifiable presentation=] referring to two [=verifiable credentials=], and using embedded proofs + based on [[?VC-DATA-INTEGRITY]]. + Each [=verifiable credential graph=] is connected to + its own separate [=proof graph=]; the verifiableCredential property is used + to connect the [=verifiable presentation=] to the [=verifiable credential graphs=]. + The [=presentation=] [=proof graph=] represents the digital signature of the [=verifiable presentation graph=], + both [=verifiable credential graphs=], and the [=proof graphs=] linked from the [=verifiable credential graphs=]. + The complete [=verifiable presentation=] + consists, in this case, of six information [=graphs=]. +

+ +
+ Diagram with a + 'verifiable presentation graph' on top, connected via a 'proof' to + a 'verifiable presentation proof graph' on the bottom. The verifiable + presentation graph has an object, 'Presentation ABC', with 3 properties: 'type' + with value 'VerifiablePresentation'; 'termsOfUse' with value 'Do Not Archive'; + and two instances of 'verifiableCredential', detailed below. This + graph is annotated with a parenthetical remark, '(the default graph)'. This + graph is connected, through 'verifiableCredential', to the part of the figure + that consists two variants of Figure 6 (one is identical; the other has + minor differences in the labels referring to validity dates, the name of the person, + and the values for the nonce and the signature), + except that these verifiable credential graphs are + annotated to be named graphs instead of a default graph. + The verifiable presentation proof graph has an object labeled 'Signature 8920' + with 5 properties: 'type' with value 'DataIntegrityProof'; 'verificationMethod' with value 'Example + Presenter Public Key 11'; 'created' with value '2024-01-02T12:43:56Z'; 'nonce' with value 'hasdkyruod87j'; + and 'proofValue' with value 'zpewJHoan87='. This graph is annotated with the parenthetical remark '(a + named graph)' +
+ A variant of : information [=graphs=] associated with a [=verifiable presentation=] + referring to two + verifiable credentials, using an [=embedded proof=] based on [[[VC-DATA-INTEGRITY]]] [[?VC-DATA-INTEGRITY]]. +
+
+
+

Revision History

From a2a7d3f86ba49b593b40d9aff29e43fa075a17a7 Mon Sep 17 00:00:00 2001 From: Ivan Herman Date: Wed, 10 Jan 2024 12:30:56 +0100 Subject: [PATCH 5/6] Update diagrams with Enveloped VC language. --- diagrams/vp-graph-mult-creds.drawio | 6 +- diagrams/vp-graph-mult-creds.svg | 6 +- diagrams/vp-jwt-mult-creds.drawio | 238 +++++++++++++++ diagrams/vp-jwt-mult-creds.svg | 442 ++++++++++++++++++++++++++++ diagrams/vp-jwt.drawio | 254 ++++++---------- diagrams/vp-jwt.svg | 351 ++++++++-------------- index.html | 81 +++-- 7 files changed, 958 insertions(+), 420 deletions(-) create mode 100644 diagrams/vp-jwt-mult-creds.drawio create mode 100644 diagrams/vp-jwt-mult-creds.svg diff --git a/diagrams/vp-graph-mult-creds.drawio b/diagrams/vp-graph-mult-creds.drawio index 530c6de87..50930badf 100644 --- a/diagrams/vp-graph-mult-creds.drawio +++ b/diagrams/vp-graph-mult-creds.drawio @@ -1,6 +1,6 @@ - + - + @@ -190,7 +190,7 @@ - + diff --git a/diagrams/vp-graph-mult-creds.svg b/diagrams/vp-graph-mult-creds.svg index 1ea8d470f..8bde40160 100644 --- a/diagrams/vp-graph-mult-creds.svg +++ b/diagrams/vp-graph-mult-creds.svg @@ -312,10 +312,10 @@ zpweJHoan87 - + -
+
@@ -330,7 +330,7 @@
- verifiable presentation proof graph... + verifiable presentation proof graph... diff --git a/diagrams/vp-jwt-mult-creds.drawio b/diagrams/vp-jwt-mult-creds.drawio new file mode 100644 index 000000000..8f04c8016 --- /dev/null +++ b/diagrams/vp-jwt-mult-creds.drawio @@ -0,0 +1,238 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/diagrams/vp-jwt-mult-creds.svg b/diagrams/vp-jwt-mult-creds.svg new file mode 100644 index 000000000..d44f9606f --- /dev/null +++ b/diagrams/vp-jwt-mult-creds.svg @@ -0,0 +1,442 @@ + + + + + +
+
+
+ + + SD-JWT (Decoded) + + +
+
+
+ + SD-JWT (Decoded) + + + + + + +
+
+
+ Header +
+
+
+ + Header + + + + +
+
+
+ Payload +
+
+
+ + Payload   + + + + +
+
+
+ Signature +
+
+
+ + Signature + + + + + + + + + +
+
+
+ cYjaSdfIoJH45NIqw3MYnasGIba... +
+
+
+ + cYjaSdfIoJH45NIqw3MYnasGIba... + + + + + +
+
+
+ + kid: aB8J-_Z + +
+
+
+ + kid: aB8J-_Z + + + + +
+
+
+ + iss: https://example.com + +
+
+
+ + iss: https://example.c... + + + + +
+
+
+ + alg: ES384 + +
+
+
+ + alg: ES384 + + + + +
+
+
+ + iat: + + 1704690029 +
+
+
+ + iat: 1704690029 + + + + +
+
+
+ + cty: vp+ld+json + +
+
+
+ + cty: vp+ld+json + + + + +
+
+
+ + typ: vp+ld-json+sd-jwt + +
+
+
+ + typ: vp+ld-json+sd-jwt + + + + + + +
+
+
+ + + verifiable presentation graph +
+ (serialized in JSON) +
+ + +
+
+
+ + verifiable presentation gr... + + + + +
+
+
+ + + Presentation ABC + + +
+
+
+ + Presentation ABC + + + + +
+
+
+ + + VerifiablePresentation + + +
+
+
+ + VerifiablePresentation + + + + +
+
+
+ + + DoNotArchive + + +
+
+
+ + DoNotArchive + + + + + +
+
+
+ termsOfUse +
+
+
+ +  termsOfUse  + + + + + +
+
+
+ type +
+
+
+ +  type  + + + + + +
+
+
+ verifiableCredential +
+
+
+ + verifiableCredential + + + + + +
+
+
+ + + EnvelopedVerifiableCredential + + +
+
+
+ + EnvelopedVerifiable... + + + + +
+
+
+ + + data:application/vc+ld+json+sd-jwt;QzVjV...RMjU + + +
+
+
+ + data:application/vc+ld+json+sd-jw... + + + + + +
+
+
+ + type + +
+
+
+ + type + + + + +
+
+
+ + + enveloped verifiable credential graph +
+ (serialized in JSON) +
+ + +
+
+
+ + enveloped verifia... + + + + + +
+
+
+ + + EnvelopedVerifiableCredential + + +
+
+
+ + EnvelopedVerifiable... + + + + +
+
+
+ + + data:application/vc+ld+json+sd-jwt;RkOyT...KjOl + + +
+
+
+ + data:application/vc+ld+json+sd-jwt... + + + + + +
+
+
+ + type + +
+
+
+ + type + + + + +
+
+
+ + + enveloped verifiable credential graph +
+ (serialized in JSON) +
+ + +
+
+
+ + enveloped verifia... + + + + + +
+
+
+ verifiableCredential +
+
+
+ + verifiableCredential + + diff --git a/diagrams/vp-jwt.drawio b/diagrams/vp-jwt.drawio index 2fd2a8336..e21e3c426 100644 --- a/diagrams/vp-jwt.drawio +++ b/diagrams/vp-jwt.drawio @@ -1,11 +1,11 @@ - + - + - + @@ -19,10 +19,10 @@ - + - + @@ -37,7 +37,7 @@ - + @@ -45,49 +45,85 @@ - - + + - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - + + - + + + + + + + - - + + - + - - + + - - + + - - + + - - + + - - + + - - + + - + @@ -95,10 +131,10 @@ - + - - + + @@ -106,10 +142,10 @@ - + - - + + @@ -117,135 +153,39 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + - - - + + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + - - + + - - + + + + + + + + + + + + - - + + diff --git a/diagrams/vp-jwt.svg b/diagrams/vp-jwt.svg index 789145da2..8b3c644dc 100644 --- a/diagrams/vp-jwt.svg +++ b/diagrams/vp-jwt.svg @@ -1,5 +1,5 @@ - - + + @@ -17,8 +17,8 @@ SD-JWT (Decoded) - - + + @@ -32,10 +32,10 @@ Header - + -
+
Payload @@ -43,12 +43,12 @@
- Payload   + Payload   - + -
+
Signature @@ -56,17 +56,17 @@
- Signature + Signature - - - - - - + + + + + + -
+
XaOOh4ljklxH7L99RTVSfOl... @@ -74,228 +74,193 @@
- XaOOh4ljklxH7L99RTVSfOl... + XaOOh4ljklxH7L99RTVSfOl... - - - + + -
-
+
+
- - - verifiable presentation graph -
- (serialized in JSON) -
- + + kid: aB8J-_Z
- verifiable presentation gr... + kid: aB8J-_Z - - + -
-
+
+
- - Presentation ABC - + iss: https://example.com
- Presentation ABC + iss: https://example.c... - + -
-
+
+
- - VerifiablePresentation - + alg: ES384
- VerifiablePresentation + alg: ES384 - + -
-
+
+
- - DoNotArchive - + iat: + 1704690029
- DoNotArchive - - - - - -
-
-
- termsOfUse -
-
-
- -  termsOfUse  - - - - - -
-
-
- type -
-
-
- -  type  + iat: 1704690029 - - + -
-
-
- verifiableCredential +
+
+
+ + cty: vp+ld+json +
- verifiableCredential + cty: vp+ld+json - + -
-
+
+
- - Example University - + typ: vp+ld-json+sd-jwt
- Example University + typ: vp+ld-json+sd-jwt - + + + -
+
- - - 2010-01-01T10:37.24Z + + + verifiable presentation graph +
+ (serialized in JSON) +
- 2010-01-01T10:37.24Z + verifiable presentation gr... - + + -
+
- Example Alumni Credential + Presentation ABC
- Example Alumni Creden... + Presentation ABC - + -
+
- Credential123 + VerifiablePresentation
- Credential123 + VerifiablePresentation - + -
+
- Pat + DoNotArchive
- Pat + DoNotArchive - - + + -
+
- type + termsOfUse
- type +  termsOfUse  - - + + -
+
type @@ -303,71 +268,31 @@
- type +  type  + + -
+
- validFrom -
-
-
- - validFrom  - - - - - -
-
-
- issuer -
-
-
- - issuer - - - - - -
-
-
- credentialSubject -
-
-
- -  credentialSubject  - - - - - -
-
-
- alumniOf + verifiableCredential
- alumniOf + verifiableCredential - + -
+
- verifiable credential graph + enveloped verifiable credential graph
(serialized in JSON)
@@ -377,98 +302,52 @@
- verifiable credential grap... - - - - - -
-
-
- - kid: aB8J-_Z - -
-
-
- - kid: aB8J-_Z - - - - -
-
-
- - iss: https://example.com - -
-
-
- - iss: https://example.c... - - - - -
-
-
- - alg: ES384 - -
-
-
- - alg: ES384 + enveloped verifiable credent... - + -
-
+
+
- iat: + EnvelopedVerifiableCredential - 1704690029
- iat: 1704690029 + EnvelopedVerifiableCredential - + -
-
+
+
- cty: vp+ld+json + data:application/vc+ld+json+sd-jwt;QzVjV...RMjU
- cty: vp+ld+json + data:application/vc+ld+json+sd-jwt;QzVjV...RMjU - + + -
-
-
- - typ: vp+ld-json+sd-jwt - +
+
+
+ + type +
- typ: vp+ld-json+sd-jwt + type diff --git a/index.html b/index.html index a6355b6c9..064cc124b 100644 --- a/index.html +++ b/index.html @@ -776,7 +776,7 @@

Credentials

It is composed of at least two information [=graphs=]. The first of these information [=graphs=], the [=verifiable credential graph=] (which is the [=default graph=]), expresses the [=verifiable credential=] itself, through [=credential=] metadata and other [=claims=]. -The second information [=graph=], referred to by the proof property, is the [=proof graph=] +The second information [=graph=], referred to by the proof property, is the proof graph of the [=verifiable credential=], and is a separate [=named graph=]. The [=proof graph=] expresses the digital proof, which, in this case, is a digital signature. @@ -942,8 +942,11 @@

Presentations

The payload contains only two information graphs: the [=verifiable presentation graph=] expressing the [=verifiable presentation=] itself through presentation metadata; and the corresponding [=verifiable credential graph=], referred to by - the verifiableCredential property. - The [=verifiable credential graph=] contains [=credential=] metadata and other [=claims=]. + the `verifiableCredential` property. + The [=verifiable credential graph=] contains a single + `EnvelopedVerifiableCredential` instance + referring, via a `data:` URL [[RFC2397]], to the verifiable credential secured via + an [=enveloping proof=] shown on .

@@ -956,21 +959,19 @@

Presentations

The 'Payload' label of the left side is connected, with an arrow, to a separate rectangle, consisting of two related graphs (stacked vertically) connected by a an arrow labeled 'verifiableCredential'. - The two graphs have each a label 'verifiable presentation graphs (serialized in JSON)' and + The two graphs have each a label 'verifiable presentation graph (serialized in JSON)' and 'verifiable credential graph (serialized in JSON)', respectively. The top graph in the rectangle has and object 'Presentation ABC' with 3 properties: 'type' of value VerifiablePresentation, 'termsOfUse' of value 'Do Not Archive'. - The bottom graph includes 'Credential 123' as a subject - with 4 properties: 'type' of value ExampleAlumniCredential, - 'issuer' of Example University, 'validFrom' of 2010-01-01T19:23:24Z, and - credentialSubject of Pat, who also has an 'alumniOf' property with value of - 'Example University'. + The bottom graph includes 'data:application/vc+ld+json+sd-jwt;QzVjV...RMjU' as a subject + with a single property: 'type' of value `EnvelopedVerifiableCredential`. Finally, the 'Signature' label on the left side is connected, with an arrow, to a separate rectangle, containing a single text field: 'XaOOh4ljklxH7L99RTVSfOl...'.">
Information graphs associated with a basic [=verifiable presentation=] that is using an [=enveloping proof=] - based on JOSE [[?VC-JOSE-COSE]]. + based on JOSE [[?VC-JOSE-COSE]]. The `data:` URL refers to + the [=verifiable credential=] shown on .
@@ -979,10 +980,9 @@

Presentations

It is possible to have a [=presentation=], such as a collection of university credentials, which draws on multiple [=credentials=] about different [=subjects=] that are often, but not required to be, related. -This is achieved by using the verifiableCredential property to -refer to multiple [=verifiable credentials=]. -See , a variant of above, -for more details. +This is achieved by using the `verifiableCredential` property to +refer to multiple [=verifiable credentials=]. +See Appendix for more details.

@@ -7147,17 +7147,17 @@

application/vp+ld+json

-

Additional Diagrams

+

Additional Diagrams for Verifiable Presentations

-

+

below is a variant of : - a [=verifiable presentation=] referring to two [=verifiable credentials=], and using embedded proofs - based on [[?VC-DATA-INTEGRITY]]. - Each [=verifiable credential graph=] is connected to + a [=verifiable presentation=] referring to two [=verifiable credentials=], and using embedded proofs + based on [[?VC-DATA-INTEGRITY]]. + Each [=verifiable credential graph=] is connected to its own separate [=proof graph=]; the verifiableCredential property is used to connect the [=verifiable presentation=] to the [=verifiable credential graphs=]. - The [=presentation=] [=proof graph=] represents the digital signature of the [=verifiable presentation graph=], - both [=verifiable credential graphs=], and the [=proof graphs=] linked from the [=verifiable credential graphs=]. + The [=presentation=] [=proof graph=] represents the digital signature of the [=verifiable presentation graph=], + both [=verifiable credential graphs=], and the [=proof graphs=] linked from the [=verifiable credential graphs=]. The complete [=verifiable presentation=] consists, in this case, of six information [=graphs=].

@@ -7187,6 +7187,45 @@

Additional Diagrams

verifiable credentials, using an [=embedded proof=] based on [[[VC-DATA-INTEGRITY]]] [[?VC-DATA-INTEGRITY]]. + +

+ below shows the same [=verifiable presentation=] + as , but using an [=enveloping proof=] based on [[?VC-JOSE-COSE]]. + Each [=verifiable credential graph=] contains a single + `EnvelopedVerifiableCredential` instance, + referring, via a data: URL [[RFC2397]], to a verifiable credential secured via + an [=enveloping proof=]. +

+ +
+ Diagram with, on the left, + a box, labeled as 'JWT (Decoded)', and with three textual labels + stacked vertically, namely 'Header', 'Payload', and 'Signature'. + The 'Header' label is connected, with an arrow, to a separate rectangle + on the right hand side containing six text fields: 'kid: aB8J-_Z', + 'alg: ES384', and 'cty: vc+ld+json', iss: https://example.com, iat: 1704690029, and typ: vp+ld+json+sd-jwt + The 'Payload' label of the left side is connected, with an arrow, to a separate rectangle, + consisting of three related graphs (stacked vertically) connected + by two arrows labeled 'verifiableCredential' starting from the top graph and connecting it + to the two other graphs, respectively. The top graph has a label + 'verifiable presentation graph (serialized in JSON)'; the other two are both labeled by + 'verifiable credential graph (serialized in JSON)'. + The top graph in the rectangle has and object 'Presentation ABC' with 3 properties: 'type' + of value VerifiablePresentation, 'termsOfUse' of value 'Do Not Archive'. + One of the the bottom graphs includes 'data:application/vc+ld+json+sd-jwt;QzVjV...RMjU' as a subject + with a single property: 'type' of value `EnvelopedVerifiableCredential`. + The last bottom graph is identical other, except for the subject which is labeled as + 'data:application/vc+ld+json+sd-jwt;RkOyT...KjOl'. + Finally, the 'Signature' label on the left side is connected, with an + arrow, to a separate rectangle, containing a single text field: + 'cYjaSdfIoJH45NIqw3MYnasGIba...'. +
+ A variant of : information [=graphs=] associated with a [=verifiable presentation=] + referring to two verifiable credentials using [=enveloping proofs=] based on JOSE [[?VC-JOSE-COSE]]. +
+
+ +
From 88183bf61069a8eb28017aac525340896b47b505 Mon Sep 17 00:00:00 2001 From: Ivan Herman Date: Wed, 10 Jan 2024 17:35:28 +0100 Subject: [PATCH 6/6] Fix JWT media types. Co-authored-by: Ted Thibodeau Jr --- diagrams/vc-jwt.drawio | 2 +- diagrams/vc-jwt.svg | 4 ++-- diagrams/vp-jwt-mult-creds.drawio | 2 +- diagrams/vp-jwt-mult-creds.svg | 4 ++-- diagrams/vp-jwt.drawio | 2 +- diagrams/vp-jwt.svg | 4 ++-- 6 files changed, 9 insertions(+), 9 deletions(-) diff --git a/diagrams/vc-jwt.drawio b/diagrams/vc-jwt.drawio index 446eb275b..11e6f8983 100644 --- a/diagrams/vc-jwt.drawio +++ b/diagrams/vc-jwt.drawio @@ -175,7 +175,7 @@ - + diff --git a/diagrams/vc-jwt.svg b/diagrams/vc-jwt.svg index f14b34338..b9ecb45ee 100644 --- a/diagrams/vc-jwt.svg +++ b/diagrams/vc-jwt.svg @@ -350,12 +350,12 @@
- typ: vc+ld-json+sd-jwt + typ: vc+ld+json+sd-jwt
- typ: vc+ld-json+sd-jwt + typ: vc+ld+json+sd-jwt diff --git a/diagrams/vp-jwt-mult-creds.drawio b/diagrams/vp-jwt-mult-creds.drawio index 8f04c8016..3f65351cc 100644 --- a/diagrams/vp-jwt-mult-creds.drawio +++ b/diagrams/vp-jwt-mult-creds.drawio @@ -78,7 +78,7 @@ - + diff --git a/diagrams/vp-jwt-mult-creds.svg b/diagrams/vp-jwt-mult-creds.svg index d44f9606f..f5aefd1de 100644 --- a/diagrams/vp-jwt-mult-creds.svg +++ b/diagrams/vp-jwt-mult-creds.svg @@ -160,13 +160,13 @@
- typ: vp+ld-json+sd-jwt + typ: vp+ld+json+sd-jwt
- typ: vp+ld-json+sd-jwt + typ: vp+ld+json+sd-jwt diff --git a/diagrams/vp-jwt.drawio b/diagrams/vp-jwt.drawio index e21e3c426..c0dd2a257 100644 --- a/diagrams/vp-jwt.drawio +++ b/diagrams/vp-jwt.drawio @@ -78,7 +78,7 @@ - + diff --git a/diagrams/vp-jwt.svg b/diagrams/vp-jwt.svg index 8b3c644dc..008bf0425 100644 --- a/diagrams/vp-jwt.svg +++ b/diagrams/vp-jwt.svg @@ -160,13 +160,13 @@
- typ: vp+ld-json+sd-jwt + typ: vp+ld+json+sd-jwt
- typ: vp+ld-json+sd-jwt + typ: vp+ld+json+sd-jwt