diff --git a/CHIPs/chip-0018.md b/CHIPs/chip-0018.md new file mode 100644 index 00000000..e4b4778a --- /dev/null +++ b/CHIPs/chip-0018.md @@ -0,0 +1,71 @@ +CHIP Number | 0018 +:-------------|:---- +Title | KYC-VC Proof Structure +Description | A standard for formatting metadata proofs specifically for Know Your Customer Verifiable Credentials on Chia's blockchain +Author | [E-ming Saung](https://github.com/esaung) +Editor | [Dan Perry](https://github.com/danieljperry) +Comments-URI | [PR #67](https://github.com/Chia-Network/chips/pull/67) +Status | Stagnant +Category | Process +Sub-Category | Other +Created | 2023-04-25 +Requires | [0016](https://github.com/Chia-Network/chips/pull/65), [0017](https://github.com/Chia-Network/chips/pull/66) +Replaces | None +Superseded-By | None + +## Abstract +[CHIP-17](https://github.com/Chia-Network/chips/pull/66) (VC Structure) provides an off-chain metadata structure for Chia VCs. This CHIP adds an additional metadata structure specifically for KYC-VC proofs. + +## Definitions +Throughout this document, we'll use the following terms: +* **Must, required, shall** – These words indicate an absolute requirement of the specification +* **Must not, shall not** – These phrases indicate an absolute prohibition of the specification +* **Should, recommended** – These words indicate something that is not a requirement of the specification, but the implications of not following it should be carefully considered beforehand +* **Should not, not recommended** – These phrases indicate something that is not a prohibition of the specification, but the implications of following it should be carefully considered beforehand +* **May** – This word indicates something that is optional. Interoperability between implementations must not be broken because of the choice to implement, or not to implement, this feature + +## Motivation +While the VC Structure CHIP contains the requirement for at least one proof mechanism, along with the details necessary to evaluate that proof, it does not specify what that mechanism or those details are. + +This CHIP adds onto the VC Structure CHIP by providing a comprehensive list of proofs that may be used for KYC VCs. It is meant to be used as a standalone structure for KYC VCs, beginning with the structure laid out in CHIP-17. + +## Backwards Compatibility +This CHIP does not introduce any backward incompatibilities. + +## Rationale +This CHIP was created separately from the VC Structure CHIP so that other types of VCs will be able to use their own sets of proofs without breaking the structure of the VCs themselves. This modular design should help to future-proof the structure of Chia VCs while maintaining W3C conformance. + +Note that this CHIP begins with a copy of the structure from CHIP-17. If that CHIP is replaced in the future, this CHIP can either be replaced accordingly with a new KYC VC structure, or it can remain in place as-is. + +## Specification +CHIP-17 contains the option of including a `values` property of type `object`. + +For KYC VCs, each proof must be a (key, value) pair, where both `key` and `value` are strings. + +Note 1: The default proofs checker Chialisp puzzle specified in the Restricted CATs CHIP requires the proofs to be `(key, value)` pairs, where the `key` is a string and the `value` is a boolean. However, the off-chain metadata format specified in this CHIP requires both `key` and `value` to be strings. This format was chosen in order to maintain W3C conformance. + +Note 2: For consistency, all values that refer to countries should be taken from the [Decoding table of ISO 3166-1 alpha-2 codes](https://www.iso.org/obp/ui/#iso:pub:PUB500001:en). + +The following table is a standardized list of proofs that are optional to be used with the `values` object. Additional proofs not listed here may also be used: + +| Key | Possible Values | Description | +|:---------------------|:---------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `over_18` | "true", "false" | Whether the holder is over the age of 18 | +| `nationality` | "US", "FR", etc | The holder's primary nationality | +| `nationality_2` | "US", "FR", etc | The holder's secondary nationality (for dual citizens) | +| `residency` | "US", "FR", etc | The primary country where the holder currently resides | +| `non_ofac_sanctions` | "true", "false" | "true" if the holder is _not_ listed on the United States Office of Foreign Assets Control's (OFAC) [Specially Designated Nationals](https://ofac.treasury.gov/specially-designated-nationals-and-blocked-persons-list-sdn-human-readable-lists) database, "false" otherwise | +| `non_tsdb` | "true", "false" | "true" if the holder is _not_ listed on the United States Federal Bureau of Investigation's (FBI) [Terrorist Screening Database](https://en.wikipedia.org/wiki/Terrorist_Screening_Database), "false" otherwise | + +## Reference Implementation +See the [Additional Assets](#additional-assets) section of this CHIP. + +## Security +The format presented in this CHIP is intended to be conformant with the [W3C Verifiable Credentials Data Model](https://www.w3.org/TR/vc-data-model). As of this writing, this CHIP has yet to be registered with the W3C, so there is a risk that it will not be deemed conformant with the aformentioned Data Model. + +## Additional Assets +* JSON Schema dialect: [assets/chip-0018/schema.json](/assets/chip-0018/schema.json) +* Example off-chain metadata file: [assets/chip-0018/example.json](/assets/chip-0018/example.json) + +## Copyright +Copyright and related rights waived via [CC0](https://creativecommons.org/publicdomain/zero/1.0/). diff --git a/assets/chip-0018/example.json b/assets/chip-0018/example.json new file mode 100644 index 00000000..eece84a6 --- /dev/null +++ b/assets/chip-0018/example.json @@ -0,0 +1,53 @@ +{ + "@context": [ + "https://www.w3.org/2018/credentials/v1", + "https://raw.githubusercontent.com/Chia-Network/chips/main/assets/chip-0018/schema.json" + ], + "id": "http://example.edu/credentials/3732", + "format": "CHIP-0018", + "type": [ + "VerifiableCredential", + "KYCCredential" + ], + "credentialSubject": { + "id": "did:chia:1dqpypv6ysru7czlm6vy4vestcjh2ajevp76lgq45yuxsmyw7u5yqxv8fzy" + }, + "issuer": "https://example.com/", + "issuanceDate": "2023-01-01T12:00:00Z", + "evidence": [{ + "id": "https://example.edu/evidence/f2aeec97-fc0d-42bf-8ca7-0548192d4231", + "type": ["DocumentVerification"], + "verifier": "https://example.edu/issuers/14", + "evidenceDocument": "DriversLicense", + "subjectPresence": "Remote", + "documentPresence": "Photocopy" + }], + "proof": { + "type": "Signature", + "created": "2023-03-03T12:00:00Z", + "verificationMethod": "https://example.edu/issuers/14#key-1", + "proofPurpose": "KYCCredential", + "proofValue": "0xa61c48269f197a391472791dc409e71e5a8ccd419eb66007699346cd29f7f665691485c63333d88778e2bb37751ec33717c14ffe8b0b8291ce961e0652921a335ada6bf375e7c5d4ae646140646323de893623ccca04d66ce5023217b4ecff43", + "values": { + "over_18": "true", + "nationality": "US", + "residency": "FR" + } + }, + "expirationDate": "2028-03-03T12:00:00Z", + "credentialStatus": { + "id": "https://example.edu/status/24", + "type": "KYCCredential" + }, + "termsOfUse": [{ + "type": "IssuerPolicy", + "id": "http://example.com/policies/credential/4", + "profile": "http://example.com/profiles/credential", + "prohibition": [{ + "assigner": "https://example.edu/issuers/14", + "assignee": "AllVerifiers", + "target": "http://example.edu/credentials/3732", + "action": ["Archival"] + }] + }] +} diff --git a/assets/chip-0018/schema.json b/assets/chip-0018/schema.json new file mode 100644 index 00000000..ae58481d --- /dev/null +++ b/assets/chip-0018/schema.json @@ -0,0 +1,73 @@ +{ + "$id": "https://raw.githubusercontent.com/Chia-Network/chips/main/assets/chip-0017/schema.json", + "$schema": "https://json-schema.org/draft/2020-12/schema", + "title": "CHIP-0018", + "description": "Chia KYC Verifiable Credentials Structure", + "type": "object", + "KYCCredential": { + "credentialSchema": { + "@context": { + "@version": 1.1, + "@protected": true, + + "id": "@id", + "type": "@type", + + "cred": "https://www.w3.org/2018/credentials#", + + "JsonSchemaValidator2018": "cred:JsonSchemaValidator2018" + }, + "@id": "cred:credentialSchema", + "format": "CHIP-0018", + "@type": "@id", + "credentialSubject": {"@id": "cred:credentialSubject", "@type": "@id"}, + "issuer": {"@id": "cred:issuer", "@type": "@id"}, + "issuanceDate": {"@id": "cred:issuanceDate", "@type": "xsd:dateTime"}, + + "evidence": { + "@id": "cred:evidence", + "@type": "@id" + }, + + "proof": { + "@type": "@vocab", + "created": {"@id": "cred:created", "@type": "xsd:dateTime"}, + "verificationMethod": {"@id": "sec:verificationMethod", "@type": "@id"}, + "proofPurpose": { + "@id": "sec:proofPurpose", + "@type": "@vocab", + "@context": { + "@version": 1.1, + "@protected": true, + + "id": "@id", + "type": "@type", + + "sec": "https://w3id.org/security#", + + "assertionMethod": {"@id": "sec:assertionMethod", "@type": "@id", "@container": "@set"}, + "authentication": {"@id": "sec:authenticationMethod", "@type": "@id", "@container": "@set"} + } + }, + "proofValue": "sec:proofValue", + "values": { + "type": [ + "string", + "string" + ] + } + }, + "expirationDate": { + "@id": "cred:expires", + "@type": "xsd:dateTime"} + }, + "credentialStatus": { + "@id": "@id", + "@type": "@type" + }, + "termsOfUse": { + "@id": "cred:termsOfUse", + "@type": "@id" + } + } +} \ No newline at end of file