Comments (5)
Not sure if this got lost in the move from indy-sdk -> indy-credx, or indy-credx -> anoncreds-rs? (@andrewwhitehead @berendsliedrecht)
from anoncreds-rs.
This was updated in anoncreds-clsignatures (hyperledger/anoncreds-clsignatures-rs#21) as credentials with missing attributes were not considered valid when it came to presentations, but they could still be issued (and processed) without an error being raised. When signing the messages there isn't any special handling for omitted messages, and I believe they would effectively be mapped to the zero scalar. Given that an integer zero is mapped to the same value, this seems ripe for abuse.
from anoncreds-rs.
@andrewwhitehead could you elaborate on why this would be abusable? If this would allow for incorrect verification, we definitely should not add this back.
Would the abuse just be that if some wants to check whether your age is non-negative (for some reason...) and the age property was not issued, it will verify anyways?
from anoncreds-rs.
This was discussed at the time the “feature” was discovered, and the general agreement was that it was a bad idea. The schema defines the attributes in a credential, and the credential definition used the schema as is. Having the credential definition alter the schema will create confusion and be difficult to manage. If you want to put a different set of attributes in a credential, then create a new schema.
from anoncreds-rs.
To illustrate a use case, take for instance the W3C Citizenship vocabulary that supports a permanent resident credential with "minimal" set of attributes and a "full" set of attributes such as maritalStatus
, marriageCertificateNumber
, and marriageLocation
. marriageCertificateNumber and marriageLocation would be optional if the person is unmarried.
I realize AnonCreds and W3C VCDM are different animals but it's likely that implementers may have similar predicaments when working with AnonCreds implementations.
Is it still reasonable to expect defining schema variants for this type of scenario?
from anoncreds-rs.
Related Issues (20)
- @hyperledger/anoncreds-nodejs invalid reference to binary v0.2.0-dev.5 HOT 1
- release assets HOT 2
- Non revocation proof cannot be parsed by Indy-SDK HOT 3
- Proofs created between AnonCreds RS and Indy SDK are different HOT 15
- Should `id` be included in AnonCreds W3C credential, or is it 'valid' to only include it in the W3C credential HOT 2
- Numbers should be included as numbers in the AnonCreds W3C VC HOT 1
- Relax DID validation on prover_did on a credential request HOT 3
- W3C CredentialSubjectId property not set correctly HOT 2
- Revocation Registry ID validation is failing HOT 6
- Data Integrity Proof Cryptosuite naming HOT 5
- Update AnonCreds Data Integrity Proof docs for the new cryptosuite value
- Initially created W3cCredential uses string for number values HOT 3
- Security best practices for verifying AnonCreds W3C VPs HOT 2
- Conversion from W3cVerifiableCredential to the legacy format fails HOT 2
- Getting an error when try to create Schema via NodeJS Wrapper HOT 2
- Revoking one credential of many, of the same type, creates failed proofs for all credentials. HOT 13
- Using index 0 for issuing a credential gives "AnoncredsError: Invalid state: Revocation index is outside of valid range" HOT 2
- iOS crashes when built in release mode HOT 4
- Schema claims are optional, but creating a proof for a credential with optional claims fails
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from anoncreds-rs.