- Authors: Brent Zundel [email protected], Ken Ebert [email protected], Alexander Shcherbakov [email protected]
- Start Date: 2019-11-01
- Status: PROPOSED
- Status Date: 2019-11-01
- Status Note: part of Rich Schema work
The proposed schemas are JSON-LD objects. This allows credentials issued according to the proposed schemas to have a clear semantic meaning, so that the verifier can know what the issuer intended. They support explicitly typed properties and semantic inheritance. A schema may include other schemas as property types, or extend another schema with additional properties. For example a schema for "employee" may inherit from the schema for "person."
Schema objects are processed in a generic way defined in Rich Schema Objects Common.
Many organizations, such as HL7 who publish the FHIR standard for heath care data exchange, have invested time and effort into creating data schemas that are already in use. Many schemas are shared publicly via web sites such as https://schema.org/, whose mission is, "to create, maintain, and promote schemas for structured data on the Internet, on web pages, in email messages, and beyond."
These schemas ought to be usable as the basis for verifiable credentials.
Although verifiable credentials are the primary use case for schemas considered in this document, other future uses may include defining message formats or objects in a verifiable data registry.
Existing applications make use of schemas to organize and semantically describe data. Using those same schemas within anonymous credentials provides a means of connecting existing applications with this emerging technology. This allows for an easy migration path for those applications to incorporate anonymous credentials.
Using schemas which may be shared among verifiable credential ecosystems allows for semantic interoperability between them, and enables a path toward true multi-lateral credential exchange.
Using existing schemas, created in accordance with widely-supported common standards, allows anonymous credentials to benefit from the decades of effort and thought that went into those standards and to work with other applications which also adhere to those standards.
Rich schemas can be re-used within Indy. Because these schemas are hierarchical and composable, even unrelated schemas may share partial semantic meaning due to the commonality of sub-schemas within both. For example, a driver license schema and an employee record are not related schemas, but both may include a person schema.
A schema that was created for a particular use-case and accepted within a trust framework may be re-used within other trust frameworks for their use-cases. The visibility of these schemas across trust boundaries increases the ability of these schemas to be examined in greater detail and evaluated for fitness of purpose. Over time the schemas will gain reputation.
Applications can use these schemas as a basis for complex data objects for use within the application, or exposed through external APIs.
One important aspect of relying on schemas to provide the semantic meaning of data within a verifiable credential, is that the meaning of the credential properties should not change. It is not enough for entities within the ecosystem to have a shared understanding of the data in the present, it may be necessary for them to have an understanding of the credential at the time it was issued and signed. This depends on the trust framework within which the credential was issued and the needs of the parties involved. The Indy ledger can provide immutable storage of schemas.
schema
objects are used to enforce structure and semantic meaning on a
set of data. They allow Issuers to assert, and Holders and Verifiers to
understand, a particular semantic meaning for the properties in a
credential.
Rich schemas are JSON-LD objects. Examples of the type of schemas supported here may be found at schema.org. At this time we do not support other schema representations such as RDFS, JSON Schema, XML Schema, OWL, etc.
Rich Schema's properties follow the generic template defined in Rich Schema Common.
Rich Schema's content
field is a JSON-LD-serialized string with the following fields:
A rich schema must have an @id
property. The value of this property must
be equal to the id
field which is a DID (see Identification of Rich Schema Objects).
A rich schema may refer to the @id
of another rich schema to
define a parent schema. A property of a rich schema may use the @id
of
another rich schema as the value of its @type
or @id
property.
A mapping object
will contain the @id
of the rich schema being mapped.
A presentation definition
will contain the @id
of any schemas a holder may use to present proofs to
a verifier.
A rich schema must have a @type
property. The value of this property must
be (or map to, via a context object) a URI.
A rich schema may have a @context
property. If present, the value of this
property must be a
context object or a URI which can
be dereferenced to obtain a context object.
These schemas will be used in conjunction with the JSON-LD representation
of the verifiable credentials data model to specify which properties may be
included as part of the verifiable credential's credentialSubject
property, as well as the types of the property values.
The @id
of a rich schema may be used as an additional value of the
type property property of a
verifiable credential. Because the type
values of a verifiable credential
are not required to be dereferenced, in order for the rich schema to
support assertion of the structure and semantic meaning of the claims in
the credential, an additional reference to the rich schema should be made
through the
credentialSchema
property. This may be done as a direct reference to the rich schema @id
,
or via another rich schema object which references the rich schema @id
such as a
credential definition
as would
be the case
for anonymous credentials, as discussed in the
mapping section of
the rich schema overview RFC.
An example of the content
field of a Rich Schema object:
"@id": "did:sov:2f9F8ZmxuvDqRiqqY29x6dx9oU4qwFTkPbDpWtwGbdUsrCD",
"@type": "rdfs:Class",
"@context": {
"schema": "http://schema.org/",
"bibo": "http://purl.org/ontology/bibo/",
"dc": "http://purl.org/dc/elements/1.1/",
"dcat": "http://www.w3.org/ns/dcat#",
"dct": "http://purl.org/dc/terms/",
"dcterms": "http://purl.org/dc/terms/",
"dctype": "http://purl.org/dc/dcmitype/",
"eli": "http://data.europa.eu/eli/ontology#",
"foaf": "http://xmlns.com/foaf/0.1/",
"owl": "http://www.w3.org/2002/07/owl#",
"rdf": "http://www.w3.org/1999/02/22-rdf-syntax-ns#",
"rdfa": "http://www.w3.org/ns/rdfa#",
"rdfs": "http://www.w3.org/2000/01/rdf-schema#",
"schema": "http://schema.org/",
"skos": "http://www.w3.org/2004/02/skos/core#",
"snomed": "http://purl.bioontology.org/ontology/SNOMEDCT/",
"void": "http://rdfs.org/ns/void#",
"xsd": "http://www.w3.org/2001/XMLSchema#",
"xsd1": "hhttp://www.w3.org/2001/XMLSchema#"
},
"@graph": [
{
"@id": "schema:recipeIngredient",
"@type": "rdf:Property",
"rdfs:comment": "A single ingredient used in the recipe, e.g. sugar, flour or garlic.",
"rdfs:label": "recipeIngredient",
"rdfs:subPropertyOf": {
"@id": "schema:supply"
},
"schema:domainIncludes": {
"@id": "schema:Recipe"
},
"schema:rangeIncludes": {
"@id": "schema:Text"
}
},
{
"@id": "schema:ingredients",
"schema:supersededBy": {
"@id": "schema:recipeIngredient"
}
}
]
recipeIngredient schema from schema.org.
Rich Schema will be written to the ledger in a generic way defined in Rich Schema Objects Common.
Indy Node processes ledger transaction requests via request handlers.
There is a write request handler for RICH_SCHEMA
transaction.
The numerical code for a RICH_SCHEMA
transaction is 201
.
A Rich Schema can be obtained from the Ledger by the generic GET_RICH_SCHEMA_OBJECT_BY_ID
and GET_RICH_SCHEMA_OBJECT_BY_METADATA
requests (see Rich Schema Objects Common).
The numerical code for a GET_RICH_SCHEMA_OBJECT_BY_ID
transaction is 300
.
The numerical code for a GET_RICH_SCHEMA_OBJECT_BY_METADATA
transaction is 301
.
Adds a Rich Schema object as part of Rich Schema feature.
It's not possible to update an existing Rich Schema. If the Rich Schema needs to be evolved, a new Rich Schema with a new id and name-version needs to be created.
-
id
(string):A unique ID (for example a DID with an id-string being base58 representation of the SHA2-256 hash of the
content
field) -
content
(json-serialized string):Rich Schema object as JSON serialized in canonical form. This value must be a json-ld, rich schema object. json-ld supports many parameters that are optional for a rich schema txn. However, the following parameters must be there:
@id
: The value of this property must be (or map to, via a context object) a URI.@type
: The value of this property must be (or map to, via a context object) a URI.@context
(optional): If present, the value of this property must be a context object or a URI which can be dereferenced to obtain a context object.
-
rsType
(string enum):Rich Schema's type. Currently expected to be
sch
. -
rsName
(string):Rich Schema's name
-
rsVersion
(string):Rich Schema's version
The combination of rsType
, rsName
, and rsVersion
must be unique among all rich schema objects on the ledger.
The generic patterns for RICH_SCHEMA
transaction, request, and reply can be found in Rich Schema Objects Common.
Indy VDR methods for adding and retrieving a Rich Schema from the ledger comply with the generic approach described in Rich Schema Objects Common.
This means the following methods can be used:
indy_vdr_build_rich_schema_object_request
indy_vdr_build_get_schema_object_by_id_request
indy_vdr_build_get_schema_object_by_metadata_request
This HIPE and associated RFC does not add support here or through Aries for existing Indy schemas (which only contain a simple array of attribute names).
More information on the Verifiable Credential data model use of schemas
may be found here
- 0119: Rich Schema Objects
- 0120: Rich Schema Objects Common
- Common write request structure
- Common read request structure
- Common transaction structure
- Common reply structure for write requests
- Common reply structure for read requests
Rich schema objects introduce more complexity.
- We are not defining Rich Schema objects as DID DOCs for now. We may re-consider this in future once DID DOC format is finalized.
- It may make sense to extend DID specification to include using DID for referencing Rich Schema objects.
- The proposed canonicalization form of a content to be used for DID's id-string generation is in a Draft version, so we may find a better way to do it.
- We don't check if the specified
@context
is valid by resolving all external links. - We may introduce more discovery features in future.
- Future work may include methods for anchoring to Indy a Rich Schema which is immutably stored elsewhere.