This specification provides a mechanism for the use of JSON Schemas with Verifiable Credentials. A significant part of the integrity of a Verifiable Credential comes from the ability to structure its contents so that all three parties — issuer, holder, verifier — may have a consistent mechanism of trust in interpreting the data that they are provided with. We introducing a new data model for an object to facilitate backing Credentials with JSON Schemas that we call a Credential Schema.
We encourage contributions meeting the Contribution Guidelines. While we prefer the creation of issues
and Pull Requests in the GitHub repository, discussions may also occur on the public-credentials mailing list.
Test Suite
A docker-based test suite for the specification can be found here. All implementers are encouraged to add to the test suite.
Now that VCs can have a credential schema, its time to describe how it is used.
I think its natural to validate an incoming payload against the schema before issuing it, this is similar to the use of JSON Schema as middleware in http servers.
For credentials that are not planning on using JSON-LD, this schema checking should probably happen before emitting the credential and before consuming it. This use case is less clear to me.
The spec requires specifying a version for schemas. I'd like to propose to remove versioning.
Here's how the approach would work:
Schemas may mutate.
Mutation to schemas must be backwards compatible (e.g. adding a new field).
Changes that break backwards compatibility must create a new schema.
The main advantages of a versionless schema spec are:
Removes the need of a required field.
No need to do dependency resolution during implementation. (e.g. the question of "is 1.0.3 allowed in the specified 1.0.* ? ")
There are some disadvantages as well:
You won't be able to specify things like "All schemas of type x between 0.0.1 and 3.0.1 are allowed". I argue that such a disadvantage isn't that bad, because you can have a new schema for all major revisions. In the previous example, it would be "Accept the following schemas: schema_x_v0, schema_x_v1, schema_x_v2, schema_x_v3".
This is similar to approaches taken with REST apis, where the whole api is versioned, but the request schemas aren't.
Would love to hear thoughts. I admit I'm not clear on what the use cases of versioning look like so far, so feedback is more than welcome.
In my view, that is wrong. The issuer-dependent namespace (resulting from the @vocab introduced in the VCDM @context as a "fall-back") was not meant to express core properties.
This specification is on standard track, and therefore the terms should be placed as terms (to be more precise, RDF Classes, because they are instances of type statements) alongside the VCDM terms. This means the correct URL-s should be
We should add some of the learnings from the aries community on this topic to the spec, and allow for https uris, it will be easier to validate while the spec evolves, and of course any https uri can be converted to did uri using the service endpoint.
This [term definition](https://www.w3.org/TR/json-ld/#dfn-term-definition) is https://www.w3.org/ns/credentials/issuer-dependent#JsonSchema.
JsonSchema is used for validation of W3C Verifiable Credentials, based on the latest version of the living standard.
An [issuer](https://www.w3.org/TR/did-core/#identifiers) MAY include a [credentialSchema](https://www.w3.org/TR/vc-data-model/#data-schemas) of [type](https://www.w3.org/TR/json-ld/#specifying-the-type) [JsonSchema](https://transmute-industries.github.io/vc-json-schema/#dfn-jsonschema).
When reviewing the Security and Privacy considerations, it is important to first be aware of the Security and Privacy Considerations for Verifiable Credentials:
The information epxosed to web sites or other parties includes all information in the JSON Schema, and the wrapping verifiable credential, if the type CredentialSchema2023 is used. The JSON schema and its optional associated credential are necessary to be exposed so that any recipient of a verifiable credential using VC JSON Schema can accurately validate that the credential is conformant with the data shape defined by the schema. If the schema is packaged as a credential, that credential's data is necessary to be exposed for integrity verification, and the communication of other data such as authorship information, and credential status.
What information does your spec expose to the first party that the first party cannot currently easily determine.
To the first party the spec exposes a JSON Schema and optionally a Verifiable Credential if the CredentialSchema2023 type is used. Neither of these values could be determined without their inclusion in the credentialSchema property of a verifiable credential.
Without exposure of a VC JSON Schema the first party (a verifiable credential holder) will not be able to perform a static validity check on any given verifiable credential. This static validity check is useful in enforcing that certain properties are present and of a certain shape (e.g. match a regular expression, are of a correct JSON data type). A first party such as a verifiable credential holder has an interest in determining whether the data they recieve will be considered valid by any third party.
What information does your spec expose to third parties that third parties cannot currently easily determine.
To the third party the spec exposes a JSON Schema and optionally a Verifiable Credential if the CredentialSchema2023 type is used. Neither of these values could be determined without their inclusion in the credentialSchema property of a verifiable credential.
Without exposure of a VC JSON Schema the third party (a verifiable credential verifier) will not be able to perform a static validity check on any given verifiable credential. This static validity check is useful in enforcing that certain properties are present and of a certain shape (e.g. match a regular expression, are of a correct JSON data type). A third party such as a verifiable credential verifier has an interest in determining whether the data they recieve is considered valid.
What potentially identifying information does your spec expose to the first party that the first party can already access (i.e., what identifying information does your spec duplicate or mirror).
No information is duplicated to the first party.
What potentially identifying information does your spec expose to third parties that third parties can already access.
No information is duplicated to the third party except for in the case of collusion between third parties, where VC JSON Schema values could be shared.
Yes. Data schemas are encouraged to use the additionalProperties feature of JSON Schemas, as noted in our specification. This encourages putting a minimal amount of data in each JSON Schema.
Any time there is an opportunity for a document's inclusion there is a risk for exposure of PII. There is nothing prohibiting a JSON Schema from including PII whilst still maintaining compliance with a given JSON Schema specification. The concerns here match those outlined in the VC Data Model itself. We have an issue open to track improving our language in this area.
Any time there is an opportunity for a document's inclusion there is a risk for exposure of sensitive information. There is nothing prohibiting a JSON Schema from including PII whilst still maintaining compliance with a given JSON Schema specification. The concerns here match those outlined in the VC Data Model itself. We have an issue open to track improving our language in this area.
Each VC JSON Schema is identified with an id or $id property as per the associated JSON Schema specification. If the type CredentialSchema2023 is used, a new identifier for the given verifiable credential will be create. Exposure of these identifiers to the web is entirely dependent on any recipient of the document(s) publishing or making them available on the web.
The questionnaire focuses on the browser security model as well as interactive user agents for the Web. While it asks important questions related to that context, it is difficult to map these questions to the usage of data schemas for a data model such as the VC Data Model.
Problem: two schemas with the same properties in different order, with all other properties constant, shouldn't be seen as different schemas. Can we canonicalize the schema?
Simply, at Workday, we've forced the alphabetization of the schema. Looking to hear what other's think.
The DID Spec and the VC Data Model both have mandatory @context fields, which make it clear that these documents may support JSON-LD.
It seems likely that we should do the same thing here.
However, I have started with the assumption that those wishing to use these vc-json-schema documents do not understand JSON-LD nor will they tolerate extra parameters that are only required for JSON-LD interop.
Since we provide a demonstration of both ways to do things, its clearly possible to signal your intent to use JSON-LD by using the @context version, or not.
Our largest hurdle for this work item is being able to normatively reference JSON Schema.
JSON Schema has broad usage and industry adoption but isn't a standard in the eyes of the W3C, yet.
The latest draft of JSON Schema is being standardized in the IETF, though this make take some time, too much time for us to hit our REC goal. We can non-normatively refer to older versions of the spec. But I believe we need to normatively refer to at least one version of JSON Schema (@msporny@OR13 correct me if I'm wrong).
I believe our first step should be reaching out to contacts at the W3C and seeing if we can gain an exception for normatively referencing JSON Schema. I'm not certain how this process works. @iherman can you please advise sensible next steps?
is there a latest rendered draft for JSON schema validation publish?
why is the JSON schema validation only applied to the credentialSubject rather than the top-level VC object--note, one could extend the top-level VC object as well.
W3C specification is under active development and is subject to change, we have diverged from that model with several "forks" that are fully outlined in this specification.
Is there a summary of these "forks"? I wasn't entirely sure of the "fork" list after reading the document.
The non JSON-LD example relies on a signature suite that should be hosted and documented somewhere else.
Its also worth noting that the the signature suite approach taken for the non jsonld version is entirely custom, and not well documented or supported by existing VC libraries.
We need to construct an example which does not use JSON-LD, and document the necessary steps for other signatures to be created.
We also need to do the same for JSON-LD... I feel it may be easier to do the JSON-LD version first, since its basically an issue of just using an off the shelf library.
The specification listed above is a method to define a JSON Schema for static validation of a verifiable credential. A JSON Schema and its validation are intended to be machine-readable, though they are also constructed and used by human beings.
JSON Schemas, by design, are not intended to be internationalizable, since they are used for strict static validation of data. An implementer may choose to translate a JSON Schema, or make it available in a variety of languages; however, these would be considered distinct JSON Schemas. When packaging VC JSON Schemas as verifiable credentials, implementers are encouraged to follow the guidance listed in the VC Data Model.
We believe that these specifications, in general, do not create accessibility concerns, but are curious to know if we have overlooked some aspect of how these technologies will be used that will create accessibility issues.
The following self-review question categories were analyzed and resulted in the following answers:
The technology DO NOT allow for visual rendering of content
The technology DO NOT provide author control over color
The technologies DO NOT provide features to accept user input
The technologies DO NOT provide user interaction features
The technologies DO NOT define document semantics
The technologies DO NOT provide time-based visual media
The technologies DO NOT provide audio
The technologies DO NOT allow time limits
The technologies DO allow text content
The technologies DO NOT create objects that don't have an inherent text representation
The technologies DO NOT provide content fallback mechanisms, whether text or other formats
The technologies DO NOT provide visual graphics
The technologies DO NOT provide internationalization support
The technologies DO NOT define accessible alternative features
The technologies DO NOT provide content directly for end-users
The technologies DO NOT define an API
The technologies DO NOT define a transmission protocol
It would also be helpful to the reader to see how did:work:MDP8AsFhHzhwUvGNuYkX7T;id=06e126d1-fa44-4882-a243-1e326fbe21db;version=1.0
resolved to the schema in Example 10.
If the spec (or its implementation) contains any natural language text that will be read by a human (this includes error messages or other UI text, JSON strings, etc, etc),ensure that there’s metadata about and support for basic things such as language and text direction. Also check the detailed guidance for Language and Text direction.
Not applicable
JSON Schemas are JSON text intended primarily for machines to read, since they are used for strict static validation of data. Language and text direction concerns are addressed by the noted specification documents for JSON Schema itself. When packaging VC JSON Schemas as verifiable credentials, implementers are encouraged to follow the guidance listed in the VC Data Model.
If the spec (or its implementation) allows content authors to produce typographically appealing text, either in its own right, or in association with graphics.take into account the different typographic styles used around the world (for things such as line-breaking, text justification, emphasis or other text decorations, text selection and units, etc.) Also check the detailed guidance for Typographic support.
Not applicable
This specification is for machine-readable JSON processing without transformation and thus does not provide the features described in the paragraph above.
If the spec (or its implementation) allows the user to point into text, creates text fragments, concatenates text, allows the user to select or step through text (using a cursor or other methods), etc.make allowances for the ways different scripts handle units of text. Also check the detailed guidance for Text-processing.
Not applicable
This specification is for machine-readable JSON processing without transformation and thus does not provide the features described in the paragraph above.
If the spec (or its implementation) allows searching or matching of text, including syntax and identifiersunderstand the implications of normalisation, case folding, etc. Also check the detailed guidance for Text-processing.
Not applicable
Text searching and matching is the primary feature which JSON Schema provides. The documents provided in the specification note JSON Schema language which states this according to a specific version of a JSON Schema specification.
If the spec (or its implementation) sorts textensure that it does so in locally relevant ways. Also check the detailed guidance for Text-processing.
Not applicable
This specification is for machine-readable JSON processing without transformation and thus does not provide the features described in the paragraph above.
If the spec (or its implementation) captures user inputensure that it also captures metadata about language and text direction, and that it accommodates locale-specific input methods.
Not applicable
This specification is for machine-readable JSON processing without transformation and thus does not provide the features described in the paragraph above.
If the spec (or its implementation) deals with time in any way that will be read by humans and/or crosses time zone boundariesensure that it will represent time as expected in locales around the world, and manage the relationship between local and global/absolute time. Also check the detailed guidance for Local dates, times and formats.
Not applicable
This specification is for machine-readable JSON processing without transformation and thus does not provide the features described in the paragraph above.
If the spec (or its implementation) allows any character encoding other than UTF-8.make sure you have a convincing argument as to why, and then ensure that the character encoding model is correct. Also check the detailed guidance for Characters.
Not applicable
All character encoding for all JSON Schemas, which utilize JSON, use UTF-8 for text encoding.
If the spec (or its implementation) defines markupensure support for internationalisation features and avoid putting human-readable text in attribute values or plain-text elements. Also check the detailed guidance for Markup & syntax.
Not applicable
This specification is for machine-readable JSON processing without transformation and thus does not provide the features described in the paragraph above.
If the spec (or its implementation) deals with names, addresses, time & date formats, etcensure that the model is flexible enough to cope with wide variations in format, levels of data, etc. Also check the detailed guidance for Local dates, times and formats.
Not applicable
This specification is for machine-readable JSON processing without transformation and thus does not provide the features described in the paragraph above.
If the spec (or its implementation) describes a format or data that is likely to need localization.ensure that there’s an approach in place which allows effective storage and labelling of, and access to localised alternatives for strings, text, images, etc.
Not applicable
JSON Schemas, by design, are not intended to be internationalizable, since they are used for strict static validation of data. An implementer may choose to translate a JSON Schema, or make it available in a variety of languages; however, these would be considered distinct JSON Schemas. When packaging VC JSON Schemas as verifiable credentials, implementers are encouraged to follow the guidance listed in the VC Data Model.
If the spec (or its implementation) makes any reference to or relies on any cultural normsensure that it can be adapted to suit different cultural norms around the world (ranging from depictions of people or gestures, to expectations about gender roles, to approaches to work and life, etc).
Not applicable
This specification is for machine-readable JSON processing without transformation and thus does not provide the features described in the paragraph above.
In this way a single VC JSON Schema can embed multiple schemas in a single document which apply to the same (or perhaps different) part(s) of a credential.
The spec does not yet provide guidance on nesting, which could pose an issue during validation.
Consider a credential representing a CredentialSchema2023. That credential could have a credentialSchema property where the type is also CredentialSchema2023, and so on, and so on... This could lead to an endless validation loop.
I propose adding language to specify that when using CredentialSchema2023 the associated VC must not have a credentialSchema property.
[JSON-LD] is the most prominent alternative, though it does not provide the same functionality in regards to strict data validation
In particular, the latter should be changed to refer to the RDF Shape languages (SHACL and SHEX), which provide data validation features comparable to JSON Schema
I'm not certain how we reference the test suite. We can likely start it alongside the code in this repository, but we may have reasons for separating it out.