cheqd AnonCreds Object Method Specification
cheqd intends to directly support AnonCreds using its DID-Linked Resource module in an AnonCreds Object Method. With its resource module, cheqd will identify each on-ledger resource with a DID Core compliant DID URL. This DID URL will be able to be dereferenced in order to fetch the resource and associated metadata.
While AnonCreds are only one flavour of Verifiable Credentials, they are currently in a functional state and are heavily used by cheqd's partners. Other Credential types, such as JSON-LD with BBS+ signatures, can provide a lot of equivalent functionality, but are currently not production ready.
Therefore, it is important for cheqd to provide support for AnonCreds in order to enable partners with existing clients using AnonCreds to use cheqd and existing Indy ledgers concurrently, within existing applications.
Our aim is to support the functionality enabled by identity-domain transactions in by Hyperledger Indy into cheqd-node
. This will reach the goal of allowing use cases of existing SSI networks on Hyperledger Indy to be supported by the cheqd network.
Importantly, we want to make sure that this work is done in a manner which brings AnonCreds closer to W3C compliance and wide-scale interoperability.
Schemas
Create Schemas using DID-Linked Resources to support AnonCreds on cheqd.
Credential Definitions
Create CredDefs using DID-Linked Resources to support AnonCreds on cheqd.
Revocation Registry Definitions
Create Revocation Registry Definitions using DID-Linked Resources to support AnonCreds on cheqd.
Revocation Status Lists
Create Revocation Status Lists using DID-Linked Resources to support AnonCreds on cheqd.
cheqd support for Ledger-Agnostic AnonCreds Revocation Registry Definitions
In the ledger-agnostic AnonCreds specification, a Revocation Registry Definition Object acts as an on-ledger hub for revocation, providing a central point information about the:
type
of Revocation Registry (In Indy this is always "CL_ACCUM
").
cred_def_id
: Each Revocation Registry must be linked to one specific Credential Definition.
tag
: An issuer-specified name for the Revocation Registry, to ensure consistency when referencing the registry.
maxCredNum
: The maximum amount of Credentials that can be revoked in the Revocation Registry before a new one needs to be started.
tailsLocation
: A URL resolving to the location of the Tails File.
A Tails File is a large file containing a cryptographic accumulator value of prime numbers multiplied together. When a Credential is revoked, the value of the accumulator changes, removing the cryptographic value of the Credential as a factor of the accumulator value.
Each credential issued using the Revocation Registry Definition is given its own index (1 to the maxCredNum
).
While not required, the Indy community has created a component, the “Indy Tails Server,” which is basically a web server for storing Tails Files.
This documentation will guide an implementor of AnonCreds on cheqd on how the cheqd AnonCreds Object Method defines and structures Revocation Registry Definition IDs and associated content.
If you are not familiar with the latest Ledger-Agnostic AnonCreds Revocation Registry Definition structure, click the collapsible tile below to learn about the new format.
cheqd uses DID-Linked Resources to identify individual resources, associated with a DID, using fully resolvable DID URLs.
cheqd resources module uses the following format:
did:cheqd:mainnet:<issuerDid>/resources/<revRegDefResourceId>