mirror of
https://github.com/Decentralized-ID/decentralized-id.github.io.git
synced 2025-01-02 11:06:22 -05:00
139 lines
37 KiB
Plaintext
139 lines
37 KiB
Plaintext
|
# List
|
|||
|
W3C did-core Decentralized Identifiers (DIDs) V1.0 https://www.w3.org/TR/did-core/ core
|
|||
|
W3C did-spec-registries DID Specification Registries https://w3c.github.io/did-spec-registries core
|
|||
|
W3C security-vocab The Security Vocabulary https://w3c-ccg.github.io/security-vocab core
|
|||
|
W3C Ed25519-signature-2018 Ed25519 Signature 2018 https://w3c-ccg.github.io/lds-ed25519-2018 core
|
|||
|
W3C EcdsaSecp256k1-signature-2019 Ecdsa Secp256k1 Signature 2019 https://w3c-ccg.github.io/lds-ecdsa-secp256k1-2019 core
|
|||
|
W3C RSA-signaturesuite-2018 RSA Signature Suite 2018 https://w3c-ccg.github.io/lds-rsa2018 core
|
|||
|
W3C did-resolution Decentralized Identifier Resolution https://w3c-ccg.github.io/did-resolution core
|
|||
|
W3C did-method-key The did:key Method https://w3c-ccg.github.io/did-method-key non-core
|
|||
|
W3C DIF did-method-peer Peer DID Method Specification https://identity.foundation/peer-did-method-spec non-core
|
|||
|
W3C Sovrin did-method-sovrin Sovrin DID Method Specification https://sovrin-foundation.github.io/sovrin/spec/did-method-spec-template.html non-core
|
|||
|
W3C did-method-web did:web Method Specification https://w3c-ccg.github.io/did-method-web non-core
|
|||
|
W3C JSON-LD A JSON-based Serialization for Linked Data https://www.w3.org/TR/json-ld11 non-core
|
|||
|
W3C XSD-Part2-Datatypes XML XSD<53> Part 2: Datatypes https://www.w3.org/TR/xmlschema11-2/ non-core
|
|||
|
W3C vc-data-model Verifiable Credentials Data Model https://www.w3.org/TR/vc-data-model core
|
|||
|
W3C vc-use-cases Verifiable Credentials Use Cases https://www.w3.org/TR/vc-use-cases core
|
|||
|
W3C vc-imp-guide Verifiable Credentials Implementation Guidelines 1.0 https://w3c.github.io/vc-imp-guide core
|
|||
|
W3C vc-extension-registry Verifiable Credentials Extension Registry https://w3c-ccg.github.io/vc-extension-registry core
|
|||
|
W3C vc-status-rl-2020 Revocation List 2020 https://w3c-ccg.github.io/vc-status-rl-2020/ core
|
|||
|
W3C vc-json-schemas Verifiable CRedentials JSON Schema Spec https://w3c-ccg.github.io/vc-json-schemas core
|
|||
|
W3C vp-request-spec Verifiable Presentation Request Specification https://w3c-ccg.github.io/vp-request-spec core
|
|||
|
W3C CHAPI Credential Handler API https://w3c-ccg.github.io/credential-handler-api core
|
|||
|
W3C credential-management Credential Management Level 1 https://www.w3.org/TR/credential-management-1 non-core
|
|||
|
W3C secure-contexts Secure Contexts https://www.w3.org/TR/secure-contexts non-core
|
|||
|
W3C service-workers-1 Service Workers 1 https://www.w3.org/TR/service-workers-1 non-core
|
|||
|
W3C ldp-bbs2020 BBS+ Signatures 2020 https://w3c-ccg.github.io/ldp-bbs2020 core
|
|||
|
W3C ld-proofs Linked Data Proofs https://w3c-ccg.github.io/ld-proofs core
|
|||
|
W3C ld-cryptosuite-registry Linked Data Cryptographic Suite Registry https://w3c-ccg.github.io/ld-cryptosuite-registry core
|
|||
|
https://kantarainitiative.org/confluence/collector/pages.action?key=WA&src=sidebar-pages https://kantarainitiative.org/confluence/collector/pages.action?key=WA&src=sidebar-pages
|
|||
|
https://dpvcg.github.io/dpv/#Representative https://dpvcg.github.io/dpv/#Representative
|
|||
|
Primer Data Privacy Vocabulary (DPV) https://w3c.github.io/dpv/primer/#core-taxonomy
|
|||
|
DIF well-known-did Well Known DID Configuration https://identity.foundation/.well-known/resources/did-configuration core
|
|||
|
DIF presentation-exchange Presentation Exchange https://identity.foundation/presentation-exchange core
|
|||
|
DIF didcomm-messaging DidComm Messaging https://identity.foundation/didcomm-messaging/spec core
|
|||
|
DIF did-comm-messaging-guide DIDComm Messaging Implementer's Guide https://identity.foundation/didcomm-messaging/guide core
|
|||
|
DIF EcdsaSecp256k1-recoverysignature-2020 EcdsaSecp256k1RecoverySignature2020 https://identity.foundation/EcdsaSecp256k1RecoverySignature2020 core
|
|||
|
IETF multibase Multibase Data Format https://datatracker.ietf.org/doc/html/draft-multiformats-multibase-03 non-core
|
|||
|
IETF JWK JSON Web Key https://tools.ietf.org/html/rfc7517 non-core
|
|||
|
IETF Timestamps Date and Time on the Internet: Timestamps https://tools.ietf.org/html/rfc3339 non-core
|
|||
|
IETF JWT JSON Web Token https://tools.ietf.org/html/rfc7519 non-core
|
|||
|
IETF JWS JSON Web Signtaures https://tools.ietf.org/html/rfc7515 non-core
|
|||
|
IETF hashlinks Cryptograohic Hyperlinks https://tools.ietf.org/html/draft-sporny-hashlink-06 non-core
|
|||
|
IETF Token Binding Token Binding Protocol https://tools.ietf.org/html/rfc8471 non-core
|
|||
|
IETF ZLIB ZLIB Compressed Data Format Spec v3.3 https://tools.ietf.org/html/rfc1950 non-core
|
|||
|
IETF Base 64 Base16, Base32, Base 64 Data Encodings https://tools.ietf.org/html/rfc4648 non-core
|
|||
|
IETF JWM JSON Web Message https://tools.ietf.org/id/draft-looker-jwm-01.html non-core
|
|||
|
IETF JWA JSON Web Algorithms https://tools.ietf.org/html/rfc7518 non-core
|
|||
|
IETF JWS-unencoded-payload JSON Web Signature (JWS) Unencoded Payload Option https://tools.ietf.org/html/rfc7797 non-core
|
|||
|
IETF jwk-thumbprint JSON Web Key (JWK) Thumbprint https://tools.ietf.org/html/rfc7638 non-core
|
|||
|
Web Interface Definition Language This standard defines an interface definition language, Web IDL, that can be used to describe interfaces that are intended to be implemented in web browsers. This standard defines an interface definition language, Web IDL, that can be used to describe interfaces that are intended to be implemented in web browsers. Web IDL is an IDL variant with a number of features that allow the behavior of common script objects in the web platform to be specified more readily. How interfaces described with Web IDL correspond to constructs within ECMAScript execution environments is also detailed here.
|
|||
|
Concretely, Web IDL provides a syntax for specifying the surface APIs of web platform objects, as well as ECMAScript bindings that detail how those APIs manifest as ECMAScript constructs. This ensures common tasks, such as installing global properties, processing numeric inputs, or exposing iteration behavior, remain uniform across web platform specifications: such specifications describe their interfaces using Web IDL, and then use prose to specify API-specific details. https://webidl.spec.whatwg.org/ non-core
|
|||
|
DIF BBS+ Signature Scheme BBS is a digital signature scheme categorized as a form of short group signature that supports several unique properties. Notably, the scheme supports signing multiple messages whilst producing a single output digital signature. Through this capability, the possessor of a signature is able to generate proofs that selectively disclose subsets of the originally signed set of messages, whilst preserving the verifiable authenticity and integrity of the messages. Furthermore, these proofs are said to be zero-knowledge in nature as they do not reveal the underlying signature; instead, what they reveal is a proof of knowledge of the undisclosed signature. https://identity.foundation/bbs-signature/draft-irtf-cfrg-bbs-signatures.html core MATTR CFRG
|
|||
|
CCG RDF Dataset Normalization RDF [RDF11-CONCEPTS] describes a graph-based data model for making claims about the world and provides the foundation for reasoning upon that graph of information. At times, it becomes necessary to compare the differences between sets of graphs, digitally sign them, or generate short identifiers for graphs via hashing algorithms. This document outlines an algorithm for normalizing RDF datasets such that these operations can be performed. https://www.w3.org/TR/rdf-canon/ non-core
|
|||
|
ITU-T SG17 - Kantara initiative and ITU-T SG 17 https://www.itu.int/en/ITU-T/studygroups/2017-2020/17/Pages/default.aspx
|
|||
|
TrustFramework DIACC https://diacc.ca/trust-framework/
|
|||
|
NIST TrustFramework 800-63-3 https://pages.nist.gov/800-63-3/
|
|||
|
NGI TrustRegistry TRAIN https://www.ngi.eu/funded_solution/essi_ioc_38/
|
|||
|
# Assorted
|
|||
|
OMG ISSUES RFI FOR DISPOSABLE SELF-SOVEREIGN IDENTITY STANDARD https://www.omg.org/news/releases/pr2021/01-21-21.htm This RFI aims to gain a better understanding of the self-sovereign identity space. In particular, the Blockchain PSIG is exploring the potential for standards setting in the area of contextually constrained or ‘disposable’ self-sovereign identity arrangements, building on top of existing W3C standards for self-sovereign identity [DID] and verifiable credentials [VC]. The aim of this RFI is to determine whether new standards for this specific aspect of self-sovereign identity are necessary, desirable and timely, and are not already being developed elsewhere. (The RFI) The Object Management Group® (OMG®) is an international, open membership, not-for-profit technology standards consortium, founded in 1989. OMG standards are driven by vendors, end-users, academic institutions and government agencies. OMG Task Forces develop enterprise integration standards for a wide range of technologies and an even wider range of industries. OMG
|
|||
|
DIF Agent Frameworks & Infrastructure (“Layer 2”) https://identity.foundation/faq/#agent-frameworks-infrastructure-layer-2 Agents
|
|||
|
IDCommons Mobile Agent Development FAQ https://iiw.idcommons.net/1L/_Mobile_Agent_Development_FAQ - What’s the best place to start creating your own mobile agent?<br>- How do you get updates once you ship your first version?<br>- Do I actually have to support a fork for every mobile agent I create?<br>- Do I need to use a Mediator? Horacio Nunez Agents
|
|||
|
Schema.org Schema.org is ten! http://blog.schema.org/2021/06/schemaorg-is-ten.html Schema.org was founded on the idea of making it easier and simpler for the ordinary, everyday sites that make up the web to use machine-readable data, and for that data to enable an ecosystem of applications used by millions of people. While it's hard to predict exactly what the next decade will bring, if we can all keep these founding concerns in mind as we improve, refine and curate our growing collection of schemas, we'll be doing our part to continue improving the web. Schema.org
|
|||
|
Phil Windley JSON is Robot Barf https://www.windley.com/archives/2021/09/json_is_robot_barf.shtml Windley JSON has its place. But I think we're overusing it in places where a good notation would serve us better. JSON
|
|||
|
Blockcerts Blockcerts V3 release https://community.blockcerts.org/t/blockcerts-v3-release/3022 The main change is the alignment with the [W3C Verifiable Credentials specification 3](https://www.w3.org/TR/vc-data-model/). Regarding the standard itself metadata and display are entering the default standard. metadata comes in replacement of metadataJson and remains a stringified JSON that will allow consumers to register specific data which are too unique for issuances to be defined in the context.<br> <br>display brings in [a little bit of novelty 2](https://github.com/blockchain-certificates/cert-schema/blob/master/cert_schema/3.0/displaySchema.json#L6) images or pdfs, in addition to the more classic HTML. Blockcerts
|
|||
|
Julien Fraichot Blockcerts v3 release, a Verifiable Credentials implementation https://lists.w3.org/Archives/Public/public-credentials/2021Dec/0051.html I am excited to share with you today the release of [Blockcerts](https://www.blockcerts.org/) V3. As you may already know the earlier versions of Blockcerts were architected by Kim H. Duffy through Learning Machine and leveraged the Open Badge standard.<br> <br>We have followed through with the initial [ideas established at RWOT 9 in Prague in December 2019, to align Blockcerts with the Verifiable Credential specification](https://github.com/WebOfTrustInfo/rwot9-prague/blob/master/final-documents/BlockcertsV3.md). Julien Fraichot Blockcerts
|
|||
|
XSL Labs: Your Data Belongs to You https://www.xsl-labs.io/whitepaper/white_paper_en.pdf The SDI technology constitutes a very important example of decentralized counter-power to the web giants. The SDI maintains to keep the practicality of a unique identifier while guaranteeing the security of the data and the user's sovereignty over it XSL SDI
|
|||
|
Better and more secure methods for API authentication https://iiw.idcommons.net/1D/_Better_and_more_secure_methods_for_API_authentication Michael Lodder https://docs.google.com/p>resentation/d/1UO25DzVmq25ya2S4_tV5UKTSP6NtBggln9vP1TEXSzE/edit Goal of the Oberon protocol when building an API:<br><br>* Super effective: no separate session token to required for accessing the API; very fast to issue and verify tokens; 128 bytes required per message<br>* Privacy preserving<br>* No new crypto, uses BLS signature keys and Pointecheval saunders Construction Oberon protocol
|
|||
|
Trusted Timestamping Part 3: Family of Standards https://medium.com/finema/trusted-timestamping-part-3-family-of-standards-f0c89a5e97ab Nunnaphat Songmanee Finema Timestamping
|
|||
|
Trusted Timestamping Part 1: Scenarios https://medium.com/finema/trusted-timestamping-part-1-scenarios-9bf4a7cc2364 Timestamping
|
|||
|
Trusted Timestamping Part 2: Process and Safeguards https://medium.com/finema/trusted-timestamping-part-2-process-and-safeguards-f75286a0c370 Timestamping
|
|||
|
Nat has a presentation https://nat.sakimura.org/2021/09/14/announcing-gain/
|
|||
|
https://www.linkedin.com/groups/12559000/ GAIN
|
|||
|
JSON Web Proofs BoF at IETF 114 in Philadelphia https://self-issued.info/?p=2286
|
|||
|
Chair Slides https://datatracker.ietf.org/meeting/114/materials/slides-114-jwp-json-web-proofs-chair-drafts-00 Karen O’Donoghue, John Bradley JWP
|
|||
|
The need: Standards for selective disclosure and zero-knowledge proofs https://datatracker.ietf.org/meeting/114/materials/slides-114-jwp-the-need-standards-for-selective-disclosure-and-zero-knowledge-proofs-00 Mike Jones JWP
|
|||
|
What Would JOSE Do? Why re-form the JOSE working group to meet the need? https://datatracker.ietf.org/meeting/114/materials/slides-114-jwp-the-need-standards-for-selective-disclosure-and-zero-knowledge-proofs-00 Mike Jones JWP
|
|||
|
A Look Under the Covers: The JSON Web Proofs specifications https://datatracker.ietf.org/meeting/114/materials/slides-114-jwp-json-web-proofs-initial-drafts-00 Jeremie Miller JWP
|
|||
|
ONDC: An Open Network for Ecommerce https://www.windley.com/archives/2022/08/ondc_an_open_network_for_ecommerce.shtml Phil Windley ONDC
|
|||
|
Open Network for Digital Commerce https://en.wikipedia.org/wiki/Open_Network_for_Digital_Commerce is a non-profit established by the Indian government to develop open ecommerce. The goal is to end platform monopolies in ecommerce using an open protocol called [Beckn](https://developers.becknprotocol.io/). I'd never heard of Beckn before. From the reaction on the VRM mailing list, not many there had either. ONDC
|
|||
|
C2PA Specifications https://c2pa.org/specifications/specifications/1.0/index.html native support for VC’s for use in identification C2PA
|
|||
|
# Authorization
|
|||
|
FedId CG at W3C and GNAP https://lists.w3.org/Archives/Public/public-credentials/2022Jan/0065.html I asked them whether they considered GNAP via slack.\n\n > https://w3ccommunity.slack.com/archives/C02355QUL73/p1641585415001900 They are chartered here: [https://fedidcg.github.io/](https://fedidcg.github.io/)\n\nTo look at AuthN that breaks when browser primitives are removed.\n\nThey are currently focused on OIDC, SAML, WS-Fed.\n\nThe reason I asked them was in relation to the questions we have discussed regarding "What can GNAP replace".\n\nClearly GNAP can replace OAuth, but I think you both have now confirmed that GNAP does not replace OIDC, or federated identity... Orie Steele Authorization GNAP
|
|||
|
Grant Negotiation and Authorization Protocol (GNAP) https://oauth.net/gnap/ Authorization GNAP
|
|||
|
A GNAP Editors' Use of GitHub Issues https://aaronparecki.com/2020/11/25/4/gnap-github-issues The editors met yesterday to discuss the issues that were pulled out of the previous draft text and document a process for how to resolve these and future issues. We would like to explain how we plan on using labels on GitHub issues to keep track of discussions and keep things moving. Authorization GNAP
|
|||
|
A Genesis of the GNAP working group with Dick Hardt of SignIn.org https://auth0.com/blog/identity-unlocked-explained-episode-6/ The decision was made to create a new group apart from OAuth, and Dick clarifies that the GNAP working group does not feel constrained by existing technology; GNAP does not need to be backward-compatible, but Dick still hopes that the transition to GNAP will be smooth for those who use it. Auth0 Podcast *Identity Unlocked* Vittorio Bertocci Authorization GNAP
|
|||
|
Filling in the GNAP https://medium.com/@justinsecurity/filling-in-the-gnap-a032453eaf8c Justin Richer identity protocol writer and implementer extraordinaire has a very excellent post explaining the new GNAP and all the things that lead to it, including OAuth, OpenID, TxAuth, OAuth3, and OAuth.XYZ. This protocol is a big deal and will be important. It’s just beginning the journey through IETF (Internet Engineering Task Force) the main standards body of the internet. Authorization GNAP
|
|||
|
Self-Sovereign Communities of Self-Sovereign Agents https://iiw.idcommons.net/10H/_Self-Sovereign_Communities_of_Self-Sovereign_Agents Minimal Demo: [https://adriang.xyz/](https://adriang.xyz/) Use Card Number 4242 4242 4242 4242 04/22 123 (don’t use a real email address because it will be stored in Stripe.) Adrian Gropper The first phase of the foundation demos GNAP control over a trivial health record consisting of just a biometric health card. * [Demo sequence diagram](https://github.com/HIEofOne/Trustee-Community/wiki) Authorization GNAP
|
|||
|
OAuth2.0 and VCs https://lists.w3.org/Archives/Public/public-credentials/2021Apr/0152.html I would like to share with you a paper we have written and it will be presented at [IEEE ICCCN 2021](http://www.icccn.org/). You can find the paper here [https://arxiv.org/abs/2104.11515](https://arxiv.org/abs/2104.11515) We tried to couple OAuth 2.0 flows with JWT/JWS and VCs in order to implement capabilities-based access control. Our goal was to show gains with minimal changes. Some things that might be of interest:\n > \n > - We used Proof-of-Possession Key Semantics for JSON Web Tokens (RFC 7800) instead of credentialSubject `id`\n > - We used OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP),([https://datatracker.ietf.org/doc/draft-ietf-oauth-dpop/](https://datatracker.ietf.org/doc/draft-ietf-oauth-dpop/)) for proving VC ownership\n > - We discuss how Revocation list 2020 has better privacy properties compared to RFC 7662 (which can be used for examining the status of an access token) Nikos Fotiou Authorization OAuth
|
|||
|
101 Session: OAuth2 https://iiw.idcommons.net/2B/_101_Session:_OAuth2 Aaron Parecki Authorization OAuth
|
|||
|
OAuth 2.0 Simplified https://aaronparecki.com/oauth-2-simplified/ In 2017, I published a longer version of this guide as a book, available on [oauth.com](https://oauth.com/) as well as [a print version](https://oauth2simplified.com). The book guides you through building an OAuth server, and covers many details that are not part of the spec. I published this book in conjunction with [Okta](https://developer.okta.com/). is a guide to OAuth 2.0 focused on writing clients that gives a clear overview of the spec at an introductory level. Authorization OAuth
|
|||
|
https://speakerdeck.com/aaronpk/oauth-101-internet-identity-workshop-xxxi https://speakerdeck.com/aaronpk/oauth-101-internet-identity-workshop-xxxi Authorization OAuth
|
|||
|
How OAuth Works https://www.youtube.com/watch?v=g_aVPdwBTfw&list=PLRyLn6THA5wN05b3qJ6N0OpL3YbritKI- Authorization OAuth
|
|||
|
12 videos Authorization OAuth
|
|||
|
TMI BFF: OAuth Token Mediating and session Information Backend For Frontend https://iiw.idcommons.net/23B/_TMI_BFF:_OAuth_Token_Mediating_and_session_Information_Backend_For_Frontend OAuth, Javascript, Backend Infrastructure\n >\n >When there is an alternative, it is more secure to keep tokens out of the browser.\n >\n >Specifically talking about clients which are divided between a front end or javascript app, and backend supporting systems specifically for that/those apps\n >\n >Questions on whether this would also apply equivalently to native apps, which may have different capabilities and infrastructure requirements. It likely does work, but\n >\n >OAuth in the browser can be complicated and ASs don’t necessarily provide sufficient security features, support web interaction\n >\n >Bespoke workarounds acquiring tokens on the backend and passing to the frontend. Implementers may have security issues and not understand how to map best current practices\n >\n >TMI BFF\n >\n >1. Backend gets and stores tokens, javascript frontend gets a cookie\n >2. Request to backend for access (scopes, potentially resource)\n >3. Backend returns the token, requests new token with appropriate scope, etc.\n >\n >* [...]\n >\n >What is the scope - acquiring a token for direct API access, not necessarily prescriptive for BFF architectures which put all API interactions through BFF. (DW) raised issue that simply converting OAuth calls in a remote party to local API calls protected by a cookie disables some security protections provided by OAuth tokens (XSRF), so some sort of BFF best practices may be needed to prevent footguns. Vittorio Bertocci & Brian Campbell (but mostly Vittorio) Authorization OAuth
|
|||
|
Public Review Period for Two Proposed SSE Implementer’s Drafts https://openid.net/2021/06/07/public-review-period-for-two-proposed-sse-implementers-drafts/ openid oauth Authorization OAuth
|
|||
|
Matt Flynn: Information Security | Identity & Access Mgmt. http://360tek.blogspot.com/2021/06/bell-labs-colonial-pipeline-and-multi.html Authorization OAuth
|
|||
|
Introducing: The OAuth 2 Game https://auth0.com/blog/introducing-the-oauth-2-game/ It features two dice, one for grants and another for application types. Throw the dice and consult the instructions to discover whether the combination of grant and application type you obtained happens to be a good one! Play a few times, and before you know it, you’ll be familiar with the most common combinations! Authorization OAuth
|
|||
|
The Nuts and Bolts of OAuth 2.0 https://aaronparecki.com/2020/12/22/14/oauth > 3.5 hours of video content, quizzes, as well as interactive exercises with a guided learning tool to get you quickly up to speed on OAuth, OpenID Connect, PKCE, best practices, and tips for protecting APIs with OAuth. Aaron Parecki Authorization OAuth
|
|||
|
VC HTTP Authorization Conversation https://lists.w3.org/Archives/Public/public-credentials/2021Jun/0009.html Authorization OAuth
|
|||
|
Adrian Gropper The diversity of our community is a plus. To begin a conversation on VC access controls, I suggest this short intro to the differences between OAuth 2.0 and GNAP: OAuth
|
|||
|
https://www.ietf.org/archive/id/draft-ietf-gnap-core-protocol-05.html#name-compared-to-oauth-20 https://www.ietf.org/archive/id/draft-ietf-gnap-core-protocol-05.html#name-compared-to-oauth-20 My goal is to arrive at a shared understanding of what would be minimum needed to support both OAuth2 and GNAP for securing access to a VC. Authorization OAuth
|
|||
|
Hygiene for a computing pandemic: separation of VCs and ocaps/zcaps https://lists.w3.org/Archives/Public/public-credentials/2020Dec/0028.html - You *could* implement zcap-ld on top of VCs…\n - However, you're actually squishing together what should be a separation of concerns in a way that will become *unhygienic*. Like a lack of proper biological hygiene, the result is sickness in our computing systems.\n - The observation of "these things seem so similar though!" is true, but you can already make that claim even if you're just looking at the linked data proofs layer. VCs and zcap-ld diverge from there for two very separate purposes: what is said, and what is done. Authorization
|
|||
|
CCG Call about ZCaps and OCaps https://w3c-ccg.github.io/meetings/2021-01-13/audio.ogg This week’s CCG teleconference had a great discussion about object capabilities\n\n> Alan Karp: I've been doing capabilities since I reinvented them in 1996 and I want to make sure we get it right, because when newbies start to use them there are plenty of mistakes that can be made\n> \n> [...]\n> A capability or an OCAP is an unforgeable, transferable, permission to use the thing it designates ... it combines designation with authorization https://w3c-ccg.github.io/meetings/2021-01-13/ Authorization
|
|||
|
Building capability-based data security for Ceramic https://blog.ceramic.network/capability-based-data-security-on-ceramic/ The 3Box Labs team recently published [a new standard for creating capability containers](https://github.com/ChainAgnostic/CAIPs/pull/74) for accessing decentralized data to the [Chain Agnostic Standards Alliance](https://github.com/ChainAgnostic/CASA). Capability containers are an approach for managing advanced data security and permissions, commonly referred to as “Object Capabilities” or “OCAPs.” Authorization
|
|||
|
The impact of self-sovereign identity on the cybersecurity world https://blog.avast.com/impact-of-self-sovereign-identity-on-cybersecurity Authorization
|
|||
|
The Challenging New World of Privacy & Security https://youtu.be/JmlvOKg_dS4?t=780) Atlanta Innovation Forum (Enterprise Authorization
|
|||
|
featuring folks from MSFT, GSM, and Michael Becker. The video looks at the range of risks present in managing identity assets. Its focus is coming from the enterprise-level perspective.
|
|||
|
a few thoughts about zcaps https://lists.w3.org/Archives/Public/public-credentials/2021Apr/0036.html I was reading zcaps draft, as well as related work, mostly macaroons ([https://research.google/pubs/pub41892/](https://research.google/pubs/pub41892/).\n \n Something that I found confusing about capability documents is that they do not make clear the actions they concern. For example from this[https://w3c-ccg.github.io/zcap-ld/#example-1](https://w3c-ccg.github.io/zcap-ld/#example-1) it is not clear that this is a capability for "driving a car". Nikos Fotiou Authorization
|
|||
|
https://lists.w3.org/Archives/Public/public-credentials/2021Apr/0037.html We are still trying to figure out how to explain these things to people.Capabilities-based systems are not a new concept; they're decades old at this point. The challenge has always been in communicating why they're useful and have a place in modern security systems.\n\nThe Encrypted Data Vault work uses zcaps, and it's there that we're trying hard to explain to developers how to use it: Authorization
|
|||
|
https://identity.foundation/confidential-storage/#introduction https://identity.foundation/confidential-storage/#introduction Authorization
|
|||
|
The "Verifiable" Economy [was RE: a few thoughts about zcaps] https://lists.w3.org/Archives/Public/public-credentials/2021Apr/0047.html After ruminating on ZCAPs, VCs, DIDs, and DID Documents over Easter dinner, it occurred to me that we're on the verge of creating a model for a "verifiable" economy... Michael Herman (Trusted Digital Web Authorization
|
|||
|
Capability Authorization-enabled Decentralized Object Model [was RE: The "Verifiable" Economy [was RE: a few thoughts about zcaps]] https://lists.w3.org/Archives/Public/public-credentials/2021Apr/0062.html I see all of this converging into a Capability Authorization-enabled Decentralized Object Model. “More news at 11…” Michael Herman (Trusted Digital Web Authorization
|
|||
|
The ezcap library https://lists.w3.org/Archives/Public/public-credentials/2021Apr/0038.html Now might be a good time to announce some open source tooling a few of us have been working on related to zcaps that is being created to simplify the developer experience when developing with zcaps. - Manu Sporny Authorization
|
|||
|
ezcap (pronounced "Easy Cap") https://github.com/digitalbazaar/ezcap An easy to use, opinionated Authorization Capabilities (zcap) client library for the browser and Node.js. Authorization
|
|||
|
ucan-wg https://github.com/ucan-wg Authorization
|
|||
|
Lightweight Credentials for Offers with UCAN https://blog.fission.codes/lightweight-credentials-ucan/ these are the types of use cases that we think can be created and enabled across the web as an open, interoperable standard. And some of it crosses into the work we're doing as [part of the Decentralized Identity Foundation](https://blog.fission.codes/fission-demo-day-may-2021/), too. Authorization
|
|||
|
# Complementary
|
|||
|
aries-rfcs/0646-bbs-credentials#drawbacks https://github.com/hyperledger/aries-rfcs/tree/main/features/0646-bbs-credentials#drawbacks
|
|||
|
Zero-Knowledge Proofs Do Not Solve the Privacy-Trust Problem of Attribute-Based Credentials: What if Alice Is Evil? https://ieeexplore.ieee.org/document/9031545 IEEE
|
|||
|
User Controlled Authorization Network https://github.com/ucan-wg/spec/ and how it contrasts with decentralized approaches\n - APAC/ASEAN Community Call now a colloaborative initative between DIF and ToIP, launched Thursday 26th May 2022, kicking off with an IIW34 recap. ([Recording](https://us02web.zoom.us/rec/share/5FW6hVoZc1kVJiFL4NNCRZg7625h-1UsC1xCY8Mb7cLXQpO2yDW566woLoA5IZA.MUVPrrNr_k3PXxDl)\n A couple weeks ago Amber Case came and spoke about “[Calm Technology](https://www.youtube.com/watch?v=Ngyfa4_NuPI)” at the TOIP Human Experience Working Group ([HXWG](https://wiki.trustoverip.org/display/HOME/Human+Experience+Working+Group) Authorization
|
|||
|
What’s next for BBS+ LD-Proofs? https://iiw.idcommons.net/13B/_What%27s_next_for_BBS+_LD-Proofs%3F Brent Zundel Complimentary BBS
|
|||
|
BBS+ Signatures 2020 https://w3c-ccg.github.io/ldp-bbs2020/ - What’s next for BBS+ LD-Proofs?\n > - Implementation in Aries ([https://iiw.animo.id/](https://iiw.animo.id/), Used in SVIP Plugfest\n > - Implementation of BBS+ in Ursa, Core of higher level implementations\n > - Features\n > - Selective Disclosure\n > - Signature blinding\n > - Blinded messages (private holder binding)\n > - BBS+ LD Proofs uses this BBS+ scheme, MATTR provided spec\n > - Combine privacy features with semantic world\n > - Draft spec: [https://github.com/w3c-ccg/ldp-bbs2020/](https://github.com/w3c-ccg/ldp-bbs2020/)\n > - What needs to be refined?\n > - Private holder binding ([https://github.com/w3c-ccg/ldp-bbs2020/issues/37](https://github.com/w3c-ccg/ldp-bbs2020/issues/37)\n > - Do not bind to link secret, bind to keypair. Make keypair per credential\n > - How to participate?\n > - Read the draft BBS+ LD-Proofs spec\n > - Hardware security binding?\n > - Not possible with BLS yet?\n > - Is post-quantum secure?\n > - No. Pairing-based signatures are not post-quantum secure\n > \n > Next steps:\n > \n > - PRs for Issues 10 and 37 plus editorial pass to wrap up ldp-bbs2020\n > - Brent will do PR for 37 [https://github.com/w3c-ccg/ldp-bbs2020/issues/37](https://github.com/w3c-ccg/ldp-bbs2020/issues/37),\n > - Timo will do PR for 10 [https://github.com/w3c-ccg/ldp-bbs2020/issues/10](https://github.com/w3c-ccg/ldp-bbs2020/issues/10).\n > - Invite everyone to suggest editorial changes\n > - Create WG at DIF for Crypto - first work item BBS+\n > - Tobias will work with Rouven to get that started, [https://github.com/decentralized-identity/org/blob/master/working-group-lifecycle.md](https://github.com/decentralized-identity/org/blob/master/working-group-lifecycle.md)\n > - Brent and Tobias will work together to draft a charter\n > \n > Future steps:\n > \n > - Possible working group, or addition to DIF C&C WG for work on ldp-bbs2021 Complimentary BBS
|
|||
|
The Power of a Secret https://trbouma.medium.com/the-power-of-a-secret-c9fa6a404ea3 What had been discovered by Whitfield Diffie and Martin Hellman (and also Jame Ellis), is changing the world as we know it. It’s been only 43 years. Yes, that seems like an ice-age ago, but in the grand scheme of history, it is only a wink. Complimentary BBS
|
|||
|
Beyond JWS: BBS as a new algorithm with advanced capabilities utilizing JWP https://datatracker.ietf.org/meeting/114/materials/slides-114-jwp-beyond-jws-bbs-00 Tobias Looker Complimentary BBS
|
|||
|
SelfSovereignIdentity_memes https://twitter.com/SSI_by_memes/status/1578045600833994755 Currently, everyone waiting for [#AIP2](https://twitter.com/hashtag/AIP2), which enables [#BBS](https://twitter.com/hashtag/BBS)+ [#Signature](https://twitter.com/hashtag/Signature) in #SSI. Companies already implemented in their products, such as [@trinsic_id](https://twitter.com/trinsic_id) and [@mattrglobal](https://twitter.com/mattrglobal). But ZKP [#predicates](https://twitter.com/hashtag/predicates) are not supported by BBS+, so no ZKP age verification possible. Back to [#AnonCreds](https://twitter.com/hashtag/AnonCreds)? Complimentary BBS
|
|||
|
Anonymous Credential Part 3: BBS+ Signature https://medium.com/finema/anonymous-credential-part-3-bbs-signature-26797721ca74 Compared to the CL signature, the BBS+ signature has much shorter keys and signatures for a comparable level of security. As a result, the BBS+ signature enables fast implementation for anonymous credentials. It can be used in combination with signature proof of knowledge to hide some of credential attributes/messages in a zero-knowledge fashion.\n\n > The BBS+ signature will also soon be available in [Finema](https://finema.co/)’s Identity Wallet! We are excited to see how this technology will make an impact to the society in the coming years. Complimentary BBS
|
|||
|
aries-rfcs/0646-bbs-credentials#drawbacks https://github.com/hyperledger/aries-rfcs/tree/main/features/0646-bbs-credentials#drawbacks Complimentary BBS
|
|||
|
What BBS+ Means For Verifiable Credentials https://www.youtube.com/watch?v=dXlRIrrb9f4 In a recent Evernym blog post, [we discussed why BBS+ LD-Proofs](https://www.evernym.com/blog/bbs-verifiable-credentials/) are the privacy-preserving VC format that everyone should implement. In this webinar….\n > - A brief history of verifiable credential formats, and how a lack of convergence makes scale and interoperability an ongoing challenge\n > - How BBS+ Signatures are the breakthrough that combine the best of the JSON-LD and ZKP formats, while still allowing for selective disclosure and non-trackability\n > - The path forward: What remains to be done to fully converge on the BBS+ format Evernym Complimentary BBS
|
|||
|
BBS+ Credential Exchange in Hyperledger Aries https://iiw.idcommons.net/11E/_BBS+_Credential_Exchange_in_Hyperledger_Aries https://iiw.animo.id Complimentary BBS
|
|||
|
Advanced DIDComm Messaging https://github.com/WebOfTrustInfo/rwot11-the-hague/blob/master/advance-readings/advanced-didcomm-messaging.md in order for DIDComm to provide a potential replacement for commonly used chat protocols like WhatsApp (Extensible Messaging and Presence Protocol (XMPP)), Telegram (MTProto), or Signal (Signal Protocol), it needs to support modern chat features we use everyday By: Karim Stekelenburg (Animo Solutions) -- karim@animo.id Date: 18-07-2022 Version: 0.1 Complimentary BBS
|
|||
|
BBS+ Signatures 2020 https://w3c-ccg.github.io/ldp-bbs2020/ > - What’s next for BBS+ LD-Proofs?\n > - Implementation in Aries ([https://iiw.animo.id/](https://iiw.animo.id/), Used in SVIP Plugfest Complimentary BBS
|
|||
|
Regarding CBOR-LD Web Transports https://lists.w3.org/Archives/Public/public-credentials/2021Apr/0100.html I pushed up this small demo showing how to transport JSON-LD as CBOR-LD over QR Code and Web NFC. Orie Steele (Saturday, 10 April) Complimentary CBOR
|
|||
|
transmute-industries/cbor-ld-web-transports https://github.com/transmute-industries/cbor-ld-web-transports Complimentary CBOR
|
|||
|
CBOR-LD stabilization (was: Re: Regarding CBOR-LD Web Transports) https://lists.w3.org/Archives/Public/public-credentials/2021Apr/0127.html Digital Bazaar has a few updates to share with the community.\n > \n > 1. With a huge thank you to Dave Longley, a new version of the CBOR-LD library, with generalized and stable algorithms, and that works in the browser and node.js, has been released:\n > \n > [https://github.com/digitalbazaar/cborld](https://github.com/digitalbazaar/cborld)\n > \n > 2. We have split out the CBOR-LD command line interface into a separate project:\n > Manu Sporny (Wednesday, 21 April)\n > [https://github.com/digitalbazaar/cborld-cli/tree/initial](https://github.com/digitalbazaar/cborld-cli/tree/initial)\n > \n > 1. DB has released a CBOR-LD to QR Code image library for encoding and decoding Verifiable Presentations:\n > \n > [https://github.com/digitalbazaar/vpqr](https://github.com/digitalbazaar/vpqr)\n > \n > 1. After some consultation with Mattr and Transmute, we've settled on a base32 alphanumeric QR Code encoding that is 10% more space efficient than base64url byte mode. This is important because this format is compatible with hundreds of QR Code readers on the market. Every QR Code reader that we've tested has worked with this new format. Complimentary CBOR
|
|||
|
Mike Jones shares that CBOR is officially a specification at IETF https://self-issued.info/?p=2136 The Concise Binary Object Representation (CBOR), as specified in RFC 7049, is a data format whose design goals include the possibility of extremely small code size, fairly small message size, and extensibility without the need for version negotiation. woohoo! and it is a key part of [ISO’s mDL standard](https://www.iso.org/committee/45144.html) (date fields must use it). https://www.rfc-editor.org/rfc/rfc8943 Complimentary CBOR
|
|||
|
DHS SVIP PlugFest 2021 – Paper & Digital Vaccination Credentials https://youtu.be/fEBNGj377Vc Complimentary CBOR
|
|||
|
Second demo video using a different potential flow: [https://www.youtube.com/watch?v=fEBNGj377Vc](https://www.youtube.com/watch?v=fEBNGj377Vc)\n\nPaper VC’s are hard to bring to parity with “digital VC’s”. The biggest issue is binding subject to holder and verifying that. There were also callouts on how do you prevent replication.\n \n Traditionally, QR codes with the entire VC can be put onto a piece of paper. We proposed compression on those QR codes using CBOR-LD that reduces size of codes by 50%.\n \n Alternative ways include adding VC’s into NFC chips and adding the NFC identifier as a claim to the VC preventing duplication. There is a cost overhead to this compared to paper but is a cost potentially worth occurring. Complimentary CBOR
|
|||
|
Concise Binary Object Representation https://cbor.io/ Complimentary CBOR
|