Feat: a new API for extended disclosure proofs

[stenreijers]

Following a discussion at the last IRMA meetup on disclosure proofs in the API with @ivard, I created a new endpoint that exposes more information about the disclosure (compatible both for signature based requests and normal disclosure based requests).

This new endpoint provides:

• A possible basis for creating W3C-VC compatible Verifiable Presentation proofs out of IRMA disclosures or signatures
• Always provides a proof whereas the current API does not provide a proof for normal disclosure based requests
• A stateless way to reference to a session and its result
• A convenient way to iterate through the revealed attributes in requested credentials

The new endpoint /session/{requestorToken}/result-extended results in a ResultExtended that provides the following properties:

• request: A stateless way to obtain request parameters
• type: Either 'signing' or 'disclosing'
• status: A status flag to see the status
• proofStatus: A status flag to see if the includes a valid proof
• nonce: The real nonce used in the proof
• credentials: An array of credentials
  • identifier: A CredentialTypeIdentifier
  • issuedAt: A unix timestamp that shows when the credential was issued
  • expiresAt: A unix-timestamp that shows when the credential will expire
  • issuer: An object containing issuer information
    • identifier: A IssuerIdentifier
  • scheme: An object containing scheme information
    • identifier: A SchemeManagerIdentifier
    • distributedKey: A boolean indicating the scheme uses a keyshare server
  • attributes: An array of attributes
    • identifier: An AttributeTypeIdentifier
    • value: The value of the attribute (or null)
    • status: The status of the attribute value
  • proof: A proof object, equal to a gabi.ProofD

An example of a successful disclosure and the corresponding JSON result from /session/{requestorToken}/result-extended:

{
  token: '01RQgu4cj0jdsTyhGMfk',
  status: 'CONNECTED',
  type: 'signing',
  proofStatus: 'VALID',
  request: { 
    identifier: 'IjIwYzgxY2JkLTYxZjktNGI1NC04NGRlLWYxOTZmNjAyMTA3NiI=',
    nonce: 'Ijg4ODg4ODg4LThmNWUtNGI0ZC1hYTA1LTk2MmNlOTBhMzA2OCI=',
    message: 'hi there'
  },
  nonce: 'Ijc4Njg1ODQ1LWNkNjEtNDQwMi1hMTI1LWI5ODQ4MjZlMWIyZSI=',
  timestamp: {
    Time: 1677839768,
    ServerUrl: 'https://irma.sidn.nl/atumd/',
    Sig: {
      Alg: 'ed25519',
      Data: 'o0YB0PVjuNGSvGVwQDhg9BuhFngaOb06dG8QBlYKLnYYKWy8quoB2oMRfVrx1YDXuqcFYm1M/B+BsdvN7ctFAA==',
      PublicKey: 'XqKPue9V0YMZuDxo6/gcaFiy314myUQECDbw1qmePYY='
    }
  },
  credentials: [
    {
      identifier: 'pbdf.gemeente.personalData',
      issuer: { identifier: 'pbdf.gemeente' },
      scheme: { identifier: 'pbdf', distributedKey: true },
      issuedAt: '2022-08-31T19:00:00-05:00',
      expiresAt: '2027-09-01T19:00:00-05:00',
      attributes: [
        {
          identifier: 'pbdf.gemeente.personalData.firstnames',
          status: 'PRESENT',
          value: 'REMOVEDFORPRIVACY'
        }
      ],
      proof: {
        c: 'VDlY98CqiU2p+8x+sf/72zOEOZBdJu2xbWCLT+Am858=',
        A: 'XQm2NyI3C1+NjFLcRv6mrPO4MGGGMwx+eRCLSnBlIClqeDi5+ooyWMBYr6xMqnU/GCY4ySpofSVUCywklitFXj0gpqxY/1le4W3+toeygudci9SkW4vEFO74PILILn72KthVeWW2MurW7TUNU637EZedUKHvxw42LvXILHgxL5oA6e/+7h6dhDONqYUxuclHo60spYtSf78I3fmc0kajADjE4tNapb3p9kJsW4WRpjD9o31gWmpFAHgB0lAeUQceHqimsbe8I/CQO+5MjZlTWKuMZYRumxe3nrcAQik6gt4JybjLgI+/tDqf6mdhUZGdhlBfJu3c6sBitHN2l+hR9w==',
        e_response: 'Y5Kxprl4B88/miubZYPuJpUbTFtMwCVGJ/dezg33izSp91V34MKDtXgkOZOX9bG84hFkTQBkwkrU82XmmmMy',
        v_response: 'Dw4x0HmFHa7RgdiBHOVeFDJQ+XxBSTGu7ffxg73pW8Za03xQXkIzpnw0qWRkUP/I7l7eUrydl0Ujs+a3SWePAuGue7LppFWlPi4cDd8A3s0D7r/LLIhORCJwbWMwHV6jhUSfaCTxJqEa0iDrrKtaouGzaXzk+d1JvWODst5w36H2129Svcrs1/w+51680R5NK2yuh9UuexDZWKg+9rCWnvJHpYouL1ClN+sLPKgXv3MTtnQWRokoB+OcCgbzHHAppBr/ljjQFCtCoX8VZHohHpp2WVFBwHhvX2mnIM8vyJVXOUKbfYQq3OZUILHIHwdA4WfKeLitv4Eey58G2b7CSV1Vmbkb9FuAxoG0BYsOU3k+464L4vFBLPI3/xMfFU2EBh8gCmJyT/o+BPnrwT7NcGi3OyYQGdqe42IDZdy3NF0tygrlfd2U9foQjK626cMvl7nEUunV+EiCEA9lIO1pLHVr1cgFsDD1iOqXyjO4qGKkyf6N/hf2raGr+pmY16AxhuRn+eNftxEv4ciCA9hqa2E=',
        a_responses: {
          '0': 'aXnwo+oF+jGFZuJviiot/JLOrvGZmJtOVZ+2IdOv9dnfjsgzscmsH0DcX1/W0BuZDRhgGaPYOAlsTfZwaGXNXR8/yYNUiERfwt5ZEi8Al/o=',
          '2': '7E5WHZnwHt8dIdUGIUZckaWwEZ6yRfThn+c+V0rKhev4syCx+rZeF/Y75orOrL6r7B5oUNsP/uexJD0WiuD7D5tdWDUywv1L7N6tejygE9I=',
          '4': 'ItplLV+eCv1O1A5t25z8KLN+5wuGwopT5Y5F+jO71cr+2M2lz/m7iyj06shBuG8jfwKhwrNDbmcekncdjAh0o2Bd1QHEMNYmqW4Pd9itX2c=',
          '5': 'q+X/twZT0LY9srah9vZCp5+xQWDhKYAKIatIM7l7jVMFWb50B9DqSzvRW4WsnMQ7bpDa0O8YuzNb61nOUHnYK+Fn69P/Rr1ijs/3RfXk0sk=',
          '6': 'G82l3uluvG2eUXnqNgN84B8a/bA7wV66pU/jCJlYleTn1n4uyddoOmt69BJ50fQ7syaQTVcTgPM6SYho8DxJVa2Wu1KVUTgslYqLmxq4evY=',
          '7': '/IyGuLj3on55nuFxd8Lrx5W1WZlYhsi3cnpRbxG1HPcKBnILur6aa8pZbOv0N3fCgU1806belh6ViItZ5joB5Q1ZZE5IwBzAeB+uAiJ1NnA=',
          '8': 'isfB9gDpFmKCiXpcXW3/bTPUMbklCevL2V6WSgwoHTtGaTCWYOcaNnwQ1yZxGTpEAGyZBpKSjWgaKNpNrr0TI6/2tFt6UxJwtwgn4sAZ5/8=',
          '9': 'IWJRkxiW3vYMRE7GcupdI8V8uToQiXNQJIr7Vbwl0lL/N0751M1q4yLr7aE/cg5kBJDtEesakpE8/k44qNA8WyFMmqZqI0YBXisBZ0krNDs=',
          '10': 'VBU3G6q3LnnmH4dSdMFULTEM+eNuOkzv6MNUqdz2pH5gbLoVxUb39IwOcT3n/P1pZWZkJxtTgJbnmQ7vcL0ogkqy9/xvbsnPhW0g4hK+O24=',
          '11': 'Qt/iLDBQQp39ayODXdBujOdbv3D7eCWbuTliEEDHjGuKi9ZsKMxuUaB+TFMSXtQ44mCDKn6LMME1cU6YRqa7iebm56nr/r2V8hbfRsrPEC4=',
          '12': 'rFgKpomENNEKbFVWKuxISNSYp2dvHk2sp1Y+ogf0VtXvxbY8fpah/O51qICmInTpHNjTcG9jK2RaHOGGzBglfl/QjukgE9PowZkqrOlP+K4=',
          '13': 'PgQ+mijA97AQE00xwqFtkOKUE5hY31rExOy2dWkg0NL5ITCUxN6bYqzajA/NTs786CE0KSS7sXo04fvhyBnE3yLiWdO7ooDyKS2usH0rekc=',
          '14': 'PuRA8RC6a3B9eOFnHl91sX7copJn+8wAWvohA0NDvbfT4WX66QJ0/4IRh1eT64aRAzhV5ZIE/IeItSoQfUHXbxbB0WZztdne5/HTEaZaYOw=',
          '15': 'jtCiqhPykrs+VPRoB3+ro1yfbYBPCFNWeGtoonon/TSixBxCW8plGwvsqiPBGoFbtOGzE/DJ/otaWF1gPPbADv7hROVZnYxqzAMYCFBKfso=',
          '16': 'EGu9uwJcuB59+QNc0ebT2FOa5ykXqnRY4F7kntJcr7nQCyLV/4uJv8vLsSqF+TfjHDM/UggY/yc1d6TD0m1jDzhwgOGukSyjGTOzoq8D0S4=',
          '17': 'fQLDD0JqOFvov0MN7lRSjdO5yJxvGTcmQrp4/HCeOwql+smnwDzuBGPznMZTWKxbHTPho4062ZoJap1dZCxi4i47SVVp2WCwUCJLulb/iHA=',
          '18': 'SGJ4KiSk5Fg2smI8iIoPskMgOmHmZoJnjXQjZlgLUKRI6xHgTDG+oCOWMZ6p6lZ6navYqMa/vSWGmnubwGou1t3KBp26v7zVta+wXSJ/J2E=',
          '19': 'SNASVVvqbf8KpdC8d9TJMiltfVvwJlLYduJoxu9MaSORB29MpxQ87icKb13yvQ2YUa5Y5A/fL+RhPp4eOKMHBXsIt9y4N91SF2IVa/XDZUA='
        },
        a_disclosed: {
          '1': 'AwAKvAEFAAODVwoDVGgGat2KoqbPp64A',
          '3': 'REMOVEDFORPRIVACY'
        }
      }
    },
    {
      identifier: 'pbdf.sidn-pbdf.email',
      issuer: { identifier: 'pbdf.sidn-pbdf' }
      scheme: { identifier: 'pbdf', distributedKey: true },
      issuedAt: '2022-02-02T18:00:00-06:00',
      expiresAt: '2023-02-01T18:00:00-06:00',
      attributes: [
        {
          identifier: 'pbdf.sidn-pbdf.email.email',
          status: 'PRESENT',
          value: 'REMOVEDFORPRIVACY'
        }
      ],
      proof: {
        c: 'VDlY98CqiU2p+8x+sf/72zOEOZBdJu2xbWCLT+Am858=',
        A: 'eZ4s+cdPrSA+5EffD0QAM0/3dxdu3ynE3R8H+E17p+dQkxNn1ec8uIRCldsq8E4UuhOxPv6fIzEX6K+PtdBQzT2enUEtUjHN300RrApAtb2nBn5OVWJ/tnyX6GdQ/v1qlTZ6ZIoYZD9SwU3AkkgnVIzNi55qxVRg9uwZGhEzEZmCljC914+drBULIKzCbQ1stNCuad8TooFA1bGeEe4TOK5w3Be0EjTRXgvxNWE5ErJ7kYlvKFtBQh4wUi1JF9T6RFC7ouSSY/9PJj4sEErcYyYhVfv94hMFPuMAK6nrMQXgmtLW8Ga7u3iBL3Az+EjqN0jA0QnKNHpLLOZLgo7tuw==',
        e_response: 'KuPWZzMBxbT5eOdXuZBDxAAZdO6/HE41WLWadYo9GgbM9Dv+ZLtvasCcMMrs/wdTK8iZlm3pKbrxjnpf10xz',
        v_response: 'AQ4bFdgHZiNG13iDNIic+gZc0pn02aUZu/XGdJWDH4ZdTpy1h7T2R+qI0XKEB2WHkRBWGc+HddqSbpXgBk3o5At+8X4b5TGUYIi9QMF6ganI0xyRYP2QixJVTnS+6p086XfbKYc1Khsd2Wv11hJqrz6pGsWeskprgKDBprnPvtXC3m7NLTpvbzY2pGU1mHGzW9lkps77NaHN1h3W4Tni9JGQONPJla2uvFO+zBTjlMZoRc3brimGm/P3CbhYS+snJ8g5RzZFIAeXK4HIOGtsh9HHdsovLCxp+l9GHxRkXo9RXWU9Aug4AdWVSum2nG0UxcrLHo1RzrYyIa/xIoqy3chB3nVgXGSp/D+CcTxzqlq/EZ5CH19BG7NbNRGclOLA4Dv38knCXF1tzcrvTHBaojfhrGHqiQvNg6ZodcDPpBUZ3Cas3wjlU+xJSSbtZGt6TNVVVaX2ImgCFdtqqEXU7NiYaPRxRG/GXsQcrJxlxXNRSkmA8bDKSDOM6OyTmM/nieZMxN3db8b7FjF8Ohc3TAQ=',
        a_responses: {
          '0': 'aXnwo+oF+jGFZuJviiot/JLOrvGZmJtOVZ+2IdOv9dnfjsgzscmsH0DcX1/W0BuZDRhgGaPYOAlsTfZwaGXNXR8/yYNUiERfwt5ZEi8Al/o=',
          '3': 'El1k12GBSnFTaA3t4Tsz9rRKVFulTLJdeq22imow/h6MnhN+J0QQ7RKGUfiJvt69uaoUuuX65TCv5NFTdUZqH/q3NstoMI6+5+l+e2/7xPI='
        },
        a_disclosed: {
          '1': 'AwAKngA0AAA8QFu1pJs7d7jUZJ7JsgaJ',
          '2': 'REMOVEDFORPRIVACY'
        }
      }
    }
  ]
}

[sietseringers]

Hi Sten,

Thanks. Apart from some minor things which I have put in some comments, the code itself looks fine.

Mostly, as some of my comments indicate, I am unsure about whether the point of this PR is to create a datastructure that can be verified independently, i.e., without trusting the IRMA server itself. I think that is very difficult to achieve, and indeed if that is the purpose of this PR then I believe it does not fully achieve it. If not, then what exactly would the verifier want with all this extra information?

[stenreijers]

• Bumped to latest version
• Refactor SessionDisclosureResult to SessionResultExtended
• API is inline with SessionResult but now with extended features
• API path now on result-extended
• Comments above processed

[stenreijers]

• Bumped branch to v0.13.3

[stenreijers]

Merged latest master commits into this feature.

@ivard Is there any progress on what you guys want to do with this PR? It has been open for over a year now.

[stenreijers]

After consultation with @ivard, I decided to close the pull request due to other priorities at my company. We will be no longer maintaining two separated branches.