FEP-8b32: Object Integrity Proofs

According to Verifiable Credentials in the description of proofPurpose:

For example, without this value the creator of a proof could be tricked into using cryptographic material typically used to create a Verifiable Credential (assertionMethod) during a login process (authentication) which would then result in the creation of a Verifiable Credential they never meant to create instead of the intended action, which was to merely logging into a website.

From my understanding this means that in feps/fep-8b32.feature at main - feps - Codeberg.org, one needs to proofPurpose to match the key the MultiKey is under in the Actor.

As the intended use case in the example is allowing the document to be shared via InboxForwarding, I would tend towards using authentication (see Proof Purposes).

For the use case of FEP-c390 one should use assertionMethod.

cc @codenamedmitri

2 Likes