Unclear which verification method is used

[awoie]

I assume that the idea is to use the authentication section and in particular any of the verification methods included in it to verify the JWT? It is not explicitly stated which part to use. We should stick with the DID spec terminology.

[csuwildcat]

Yes, this was the intent - care to add the language specifics that you feel would make this more accurate?

[OR13]

The current implementation uses the publicKey field of a DID, it SHOULD use the authentication section. The current implementation is not correct. Thanks for pointing this out.

[OR13]

we should be iterating authentication not publicKey, if the authentication value contains a key linked in the kid we are good. if it contains a pointer to a key listed in publicKey we need to use that.

[csuwildcat]

I left step 6 unspecific about how you validate the DID signature, because I wasn't sure exactly what level of detail we needed to go into. Isn't there somewhere we can just punt to in the DID spec and related references that already talks about how to validate a DID signature?

[tplooker]

@OR13 @awoie @csuwildcat I believe the latest version of this spec may address this issue?

[OR13]

I agree, spec is now up to date, but demo needs to be updated.

[csuwildcat]

So are we saying that there are no additional DID-Configuration spec changes required from present state, and that this ticket's closure now depends on only demo updates?

[OR13]

yep, we should close as soon as demo is updated.

[OR13]

^ there is some discussion on digitalbazaar/encrypted-data-vaults#5 of how other properties in the DID Document may be used, I could see future support for more specific proof purposes, but I don't think this is a blocker for the spec.

[csuwildcat]

What is the status of this? Doesn't seem like there is any impact on the spec as of now.

[OR13]

This is related to the verification discussion for VC Data Model... basically, we need to make the demo clearer, we should leave open until we resolve the proof format issues with VC Data Model.

[csuwildcat]

I still don't understand the spec impact - are you saying we need to specify something on our side that deviates from whatever the DID spec itself describes?

[OR13]

no, we need to make sure we follow the did spec... and the vc data model spec:

https://www.w3.org/TR/vc-data-model/#proof-formats

https://www.w3.org/TR/vc-data-model/#proofs-signatures-0

[OR13]

The did spec uses the authentication and assertionMethod sections for proof purposes, we need to ensure they are both used correctly regardless of the proof format (JWT/ LD Proof)

[OR13]

For linked data proofs, the answer to this question is assertionMethod, IMO, that should also be the answer for the JWT Proof format. However, I suspect that won't work out of the box with libraries like did-jwt-vc.

@awoie for the JWT Proof Format, is the relationship between assertionMethod and authentication meant to be the same as it is for linked data proofs?

The way I read the spec: https://www.w3.org/TR/vc-data-model/#proofs-signatures-0

It sounds like only assertionMethod is meant to be used with VCs.

[OR13]

implemented assertionMethod is the one required.