亲爱的本体社区伙伴们:
新年快乐!
自去年5月本体研究院公众号开通以来,我们以本体技术为起点,和大家探讨了很多技术干货与行业洞见,感谢各位伙伴们一直以来的关注与支持!新的一年,我们将继续坚持踏实稳健的技术路线,在稳步推动技术进展的同时,为大家带来更有价值的硬核内容。
在之前的科普文中,我们曾探讨过可验证凭证是如何防止欺诈的,本期我们将继续为大家带来可验证凭证方面的研究进展。本文源自 Rebooting Web of Trust 组织在 RWOT IX — Prague, 2019会议上的论文《Blockcerts V3 Proposal》的部分章节,主要介绍 Open Badges 和 Blockcerts Schema 以及两者之间的区别。
原文:
https://github.com/WebOfTrustInfo/rwot9-prague/blob/master/final-documents/BlockcertsV3.md
作者:
Anthony Ronning,Wong Wai Chung
1. 摘要
随着可验证凭证的相关标准开始形成,各种不同的“类可验证凭证” 数据结构需要进行必要的更改,以利用 W3C 等技术社区制定和不断审查的规则集。本文的目的是确定所需的所有更改,以使 Blockcerts 符合可验证凭证(Verifiedable Credentials,VC)和去中心化标识(Decentralized Identifiers,DIDs)标准,并扩展结合使用区块链与可验证凭证的其他好处。本文旨在为此作一些解释,以便创建正式规范。
本文针对多个属性提出了多种实施选项,目的是使我们能够与 Blockcerts / Verifiable Credential 社区互动,并找出最合适的方案。
图 | 网络
2. 可验证凭证模式
可验证凭证是一种数据模型,已由 W3C 进行定义并作为推荐规范发布。它试图代表与物理凭证相同的信息,同时达到防篡改的特性和更高的可信赖性。可验证凭证解决了我们社会中未来的考虑因素,这些因素正日益数字化,包括(但不限于)保护隐私的目标。
图 | 网络
下面是一个可验证凭证的最小可行示例:
{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://w3id.org/openbadges/v2"
],
"id": "https://example.org/beths-robotics-badge.json",
"type": ["VerifiableCredential", "OpenBadgesV2"],
"issuer": "https://example.org/organization.json",
"issuanceDate": "2016-12-31T23:59:59Z",
"credentialSubject": {
"id": "https://example.org/recipient-id.json",
"roboticsForBeginners": {
"id": "https://example.org/organization.json",
"name": [{
"value": "Awesome Robotics Badge",
"lang": "en",
"description": "For doing awesome things with robots that people think is pretty great.",
}]
}
},
"proof": {
"type": "RsaSignature2018",
"created": "2017-06-18T21:19:10Z",
"proofPurpose": "assertionMethod",
"verificationMethod": "https://example.edu/issuers/keys/1",
"jws": "eyJhbGciOiJSUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..TCYt5X
sITJX1CxPCT8yAV-TVkIEq_PbChOMqsLfRoPsnsgw5WEuts01mq-pQy7UJiN5mgRxD-WUc
X16dUEMGlv50aqzpqh4Qktb3rk-BuQy72IFLOqV0G_zS245-kronKb78cPN25DGlcTwLtj
PAYuNzVBAh4vGHSrQyHUdBBPM"
}
}
3. Open Badges & Blockcerts Schema
3.1
Open Badges
目前,Blockcerts 是对 Open Badges 的扩展,Open Badges 最初是由 Mozilla Foundation 开发的规范和开放技术标准。高校和 Microcredential 平台广泛采用 Open Badges 作为成果发布的一种方式,使收件人可以在“backpacks”中保存和收集成果。使用区块链作为 Open Badges 的扩展的好处是提供不变性和存在性证明。
以下是一个标准的 Open Badge 示例:
{
"@context": "https://w3id.org/openbadges/v2",
"type": "Assertion",
"id": "https://example.org/beths-robotics-badge.json",
"recipient": {
"type": "email",
"hashed": true,
"salt": "deadsea",
"identity": "sha256$c7ef86405ba71b85acd8e2e95166c4b111448089f2e1599f42fe1bba46e865c5"
},
"issuedOn": "2016-12-31T23:59:59Z",
"badge": {
"id": "https://example.org/robotics-badge.json",
"type": "BadgeClass",
"name": "Awesome Robotics Badge",
"description": "For doing awesome things with robots that people think is pretty great.",
"image": "https://example.org/robotics-badge.png",
"criteria": "https://example.org/robotics-badge.html",
"issuer": {
"type": "Profile",
"id": "https://example.org/organization.json",
"name": "An Example Badge Issuer",
"image": "https://example.org/logo.png",
"url": "https://example.org",
"email": "steved@example.org",
}
},
"verification": {
"type": "hosted"
}
}
一个 Open Badge 可以分为三部分:断言(assertion)、徽章(badge)和颁发者(issuer)。
断言:
{
"@context": "https://w3id.org/openbadges/v2",
"type": "Assertion",
"id": "https://example.org/beths-robotics-badge.json",
"recipient": {
"type": "email",
"hashed": true,
"salt": "deadsea",
"identity": "sha256$c7ef86405ba71b85acd8e2e95166c4b111448089f2e1599f42fe1bba46e865c5"
},
"image": "https://example.org/beths-robot-badge.png",
"evidence": "https://example.org/beths-robot-work.html",
"issuedOn": "2016-12-31T23:59:59Z",
"badge": "https://example.org/robotics-badge.json",
"verification": {
"type": "hosted"
}
}
Assertion.badge 解析为以下内容:
徽章:
{
"@context": "https://w3id.org/openbadges/v2",
"type": "BadgeClass",
"id": "https://example.org/robotics-badge.json",
"type": "BadgeClass",
"name": "Awesome Robotics Badge",
"description": "For doing awesome things with robots that people think is pretty great.",
"image": "https://example.org/robotics-badge.png",
"criteria": "https://example.org/robotics-badge.html",
"issuer": "https://example.org/organization.json",
}
Assertion.badge.issuer 解析为以下内容:
颁发者:
{
"@context": "https://w3id.org/openbadges/v2",
"type": "Profile",
"id": "https://example.org/organization.json",
"name": "An Example Badge Issuer",
"image": "https://example.org/logo.png",
"url": "https://example.org",
"email": "steved@example.org",
}
3.2
Blockcerts
Blockcerts 也遵循此模型,但具有一些其它字段,可让其由区块链锚定。
下面是一个 Blockcerts 的示例:
{
"@context": [
"https://w3id.org/openbadges/v2",
"https://w3id.org/blockcerts/v2.1"
],
"type": "Assertion",
"id": "urn:uuid:bbba8553-8ec1-445f-82c9-a57251dd731c",
"badge": {
"id": "urn:uuid:82a4c9f2-3588-457b-80ea-da695571b8fc",
"type": "BadgeClass",
"name": "Certificate of Accomplishment",
"image": "data:image/png;base64,...",
"description": "Lorem ipsum dolor sit amet, mei docendi concludaturque ad, cu nec partem graece. Est aperiam consetetur cu, expetenda moderatius neglegentur ei nam, suas dolor laudem eam an.",
"criteria": {
"narrative": "Nibh iriure ei nam, modo ridens neglegentur mel eu. At his cibo mucius."
},
"issuer": {
"id": "https://www.blockcerts.org/samples/2.0/issuer-testnet.json",
"type": "Profile",
"name": "University of Learning",
"url": "https://www.issuer.org",
"email": "contact@issuer.org",
"revocationList": "https://www.blockcerts.org/samples/2.0/revocation-list-testnet.json",
"image": "data:image/png;..."
}
},
"recipient": {
"hashed": false,
"identity": "eularia@landroth.org",
"type": "email"
},
"recipientProfile": {
"type": [
"RecipientProfile",
"Extension"
],
"publicKey": "ecdsa-koblitz-pubkey:mtr98kany9G1XYNU74pRnfBQmaCg2FZLmc",
"name": "Eularia Landroth"
},
"issuedOn": "2017-06-29T14:58:57.461422+00:00",
"verification": {
"publicKey": "ecdsa-koblitz-pubkey:msBCHdwaQ7N2ypBYupkp6uNxtr9Pg76imj",
"type": [
"MerkleProofVerification2017",
"Extension"
]
},
"signature": {
"type": [
"MerkleProof2017",
"Extension"
],
"targetHash": "637ec732fa4b7b56f4c15a6a12680519a17a9e9eade09f5b424a48eb0e6f5ad0",
"merkleRoot": "f029b45bb1a7b1f0b970f6de35344b73cccd16177b4c037acbc2541c7fc27078",
"anchors": [
{
"sourceId": "d75b7a5bdb3d5244b753e6b84e987267cfa4ffa7a532a2ed49ad3848be1d82f8",
"type": "BTCOpReturn",
"chain": "bitcoinMainnet"
}
],
"proof": [
{
"right": "11174e220fe74de907d1107e2a357e41434123f2948fc6b946fbfd7e3e3eecd1"
}
]
}
}
Blockcerts 示例与 Open Badge 示例两者之间除了在布局/元数据上的细微差别之外,模式(即在 Blockcerts 扩展中的)主要区别如下:
RecipientProfile
参考链接:
https://www.blockcerts.org/schema/2.0/recipientSchema.json
"recipientProfile": {
"type": [
"RecipientProfile",
"Extension"
],
"publicKey": "ecdsa-koblitz-pubkey:mtr98kany9G1XYNU74pRnfBQmaCg2FZLmc",
"name": "Eularia Landroth"
}
RecipientProfile 允许证书接受者的额外信息, 这些信息可以用来生成拥有该证书的强申明。除了本示例中的 name 和 publicKey 属性之外,此模式中还有一个保留字段 id,将来作为 DID 使用。
Verification
参考链接:
https://github.com/IMSGlobal/cert-schema/blob/master/docs/open_badge_v2_extensions.md
"verification": {
"publicKey": "ecdsa-koblitz-pubkey:msBCHdwaQ7N2ypBYupkp6uNxtr9Pg76imj",
"type": [
"MerkleProofVerification2017",
"Extension"
]
}
在此示例中,verification 是一个带有 MerkleProofVerification2017 扩展的 Open Badge VerificationObject,以允许公开颁发者的 publicKey。在 Blockcerts 的验证步骤中使用它来确保颁发者的公钥与使用此凭证创建区块链交易的公钥匹配。
Signature
参考链接:
https://www.blockcerts.org/schema/2.0/merkleProof2017Schema.json
"signature": {
"type": [
"MerkleProof2017",
"Extension"
],
"targetHash": "637ec732fa4b7b56f4c15a6a12680519a17a9e9eade09f5b424a48eb0e6f5ad0",
"merkleRoot": "f029b45bb1a7b1f0b970f6de35344b73cccd16177b4c037acbc2541c7fc27078",
"anchors": [
{
"sourceId": "d75b7a5bdb3d5244b753e6b84e987267cfa4ffa7a532a2ed49ad3848be1d82f8",
"type": "BTCOpReturn",
"chain": "bitcoinMainnet"
}
],
"proof": [
{
"right": "11174e220fe74de907d1107e2a357e41434123f2948fc6b946fbfd7e3e3eecd1"
}
]
}
Signature 属性遍历所有 Merkle 证明,这些 Merkle 证明和区块链上的某个 Merkle 根一起用来验证某个 hash 值。有关此过程的更多信息,请访问 MerkleProof2017 规范:
https://w3c-dvcg.github.io/lds-merkleproof2017/
Issuer
Issuer 中的大多数属性直接来自 Open Badges 规范。一个 Blockcerts 的“Issuer Profile”示例如下:
{
"@context": [
"https://w3id.org/openbadges/v2",
"https://w3id.org/blockcerts/v2"
],
"type": "Profile",
"id": "https://www.blockcerts.org/samples/2.0/issuer-testnet.json",
"name": "University of Learning",
"url": "https://www.issuer.org",
"introductionURL": "https://www.issuer.org/intro/",
"publicKey": [
{
"id": "ecdsa-koblitz-pubkey:msBCHdwaQ7N2ypBYupkp6uNxtr9Pg76imj",
"created": "2017-06-29T14:48:03.814936+00:00"
}
],
"revocationList": "https://www.blockcerts.org/samples/2.0/revocation-list-testnet.json",
"image": "data:image/png;base64,iVBORw0KGgo...",
"email": "contact@issuer.org"
}
验证一个 Blockcert 时,将检查 Issuer 以确保其公钥将 Blockcert 锚定到区块链上。在此检查之后,将检查 revocationList 以确保颁发者尚未撤销它们的凭证。
IntroductionURL
IntroductionURL 是 Blockcerts 中的字段,Open Badge Issuer 中没有该字段。它用于客户端(例如,Blockcerts 钱包)进行 POST API 调用,以将其公钥传输给颁发者,以便他们可以将密钥包括在 Blockcerts 的 RecipientProfile 中。
可以在此处找到用于 Blockcerts 的确切模式的更多信息:
https://www.blockcerts.org/schema/2.0/context.json
常规信息请戳:
https://github.com/blockchain-certificates/cert-schema/blob/master/docs/schema-2.md
通过让颁发者使用 DID,可以改进基于 URL 的“Issuer Profile”。关于此问题的更多信息我们将会在接下来的连载内容里为大家阐述。
4. 结语
本期我们主要为大家介绍了 Open Badges 和 Blockcerts Schema 以及两者之间的区别。下一期我们将继续探讨 Blockerts 是如何作为可验证凭证来实现的,敬请关注哦!