Add display hints to data model, for example: information to use a Web Component #42
Comments
dlongley
added
privacy-tracker
|
We need to talk to Web App Sec about how we can sandbox third party Web Components that are used to display Verifiable Claims ... so we can prevent them from using the network (and potentially other things). |
|
Rendering a claim would involve additional items in the dm i think, to mark natural language (and there are security implications, making sure the text alternative is a correct translation). |
|
Potentially related: https://w3c.github.io/webcomponents/spec/custom/ |
dlongley
changed the title
dlongley
changed the title
|
Other security issues include showing displays to users that do not accurately represent the verifiable credential. |
|
cc: @stonematt, @ottonomy, @kimdhamilton |
|
This issue seems like it's at risk for not being included in 1.0. Someone needs to propose some spec text or an example where we specify a display template / package. If we don't have something by CR, we'll have to close this issue. |
|
+1 for closing this issue. |
|
I don't think we can deal with this in 1.0 -- we should close it or mark it as future work if that's a thing we're doing. |
|
We discussed this on the call and decided to defer this to V2. It's just a placeholder for that |
|
The issue was discussed in a meeting on 2021-08-11
View the transcript4.3. Add display hints to data model, for example: information to use a Web Component (issue vc-data-model#42)See github issue #42. Wayne Chang: dlongley can you talk about this one Dave Longley: we've already said this may be part of V2 Wayne Chang: we can move that to V2
Wayne Chang: add roles to data model for next draft sounds V2
Manu Sporny: we've tried really hard to keep the language constrained, we don't want to open that up again. I think we should close.
Wayne Chang: I'm fine with closing, any objections? |
brentzundel
added
relevant?
and removed
privacy-tracker
|
There is a proposal for rendering VCs here: https://github.com/WebOfTrustInfo/rwot11-the-hague/blob/master/advance-readings/rendering-verifiable-credentials.md |
|
Also a wallet rendering proposal here: https://github.com/decentralized-identity/wallet-rendering |
|
The issue was discussed in a meeting on 2022-08-10
View the transcript4.5. Define v2 context (issue vc-data-model#42)See github issue vc-data-model#42. Kristina Yasuda: Looks like there is agreement to close this issue. Dave, any context?. Dave Longley: We decided to defer this to 2.0, and I believe we should do this work. We should add name, description, etc. to the data model. There are further things about rendering hints, etc..
Phil Archer: I think it's relevant too. In GS1 issued VCs we want to include some human-readable information.
Kristina Yasuda: Will keep the issue open. |
|
Progress was made at RWoT. Progress snapshot available here: https://github.com/WebOfTrustInfo/rwot11-the-hague/blob/master/draft-documents/rendering-vcs-snapshot-9-27-22.md |
|
closing as a duplicate of #928 |
We should consider having something in the data model that specifies how to display a credential in a consistent way, for example, a link to a Web Component for rendering a verifiable claim/credential. This would allow independent displayers of VCs to be able to pull in custom components for rendering claims/credentials in specific and consistent ways.
Note that there are privacy concerns related to this -- as when displayers request custom component HTML it will leak information (i.e. that the displayer wants to display that particular type of VC ... and we need to be careful that this doesn't uniquely identify someone). There are also security issues -- users getting fooled by displays that misrepresent the credential information.
The text was updated successfully, but these errors were encountered: