Support for EBSI Natural Person did:key with the JWK_JCS-PUB multicodec

[ross-little]

FIWARE DSC Integration issue:

Our TANGO project aligns with the DSBA technical convergence v2 and EBSI specifications for integrating to the FIWARE Connector.

As part of this, we support natural persons with Employee Verifiable Credentials issued to a user´s wallet based on their did:key with JWK_JCS-PUB multicodec as specified by EBSI Guidelines here: EBSI-natural-person did:keys.

However, when presenting our VC to FIWARE DSC we get the following error: Err: decoding of Verifiable Presentation from JWS: decode Verifiable Presentation JWT claims: jwt proof check: invalid public key id: unresolvable_did, as shown in the log below:

{"level":"warning","msg":"Was not able to resolve the issuer did:key:z2dmzD81cgPx8Vki7JbuuMmFYrWPgYoytykUZ3eyqht1j9KbnPqt55NG29q8Re1ZVdg7X8RpqraEb9YaMyypYLzMyvre78pJ3Mz1GeN71YL1GBvwtNu5KtoDeT6D51hAY2VMemiqDihyqnTGHosBNRykPCYtLe8XiHfWFWMdc3XRvyeWXv.","time":"2025-01-30T08:07:07Z"}
{"level":"info","msg":"Was not able to parse the token ZXlKcmFXUWlPaUprYVdRNmEyVjVPbm95WkcxNlJEZ3hZMmRRZURoV2EyazNTbUoxZFUxdFJsbHlWMUJuV1c5NWRIbHJWVm96WlhseGFIUXhhamxMWW01UWNYUTFOVTVITWpseE9GSmxNVnBXWkdjM1dEaFNjSEZ5WVVWaU9WbGhUWGw1Y0ZsTWVrMTVkbkpsTnpod1NqTk5lakZIWlU0M01WbE1NVWRDZG5kMFRuVTFTM1J2UkdWVU5rUTFNV2hCV1RKV1RXVnRhWEZFYVdoNWNXNVVSMGh2YzBKT1VubHJVRU5aZEV4bE9GaHBTR1pYUmxkTlpHTXpXRkoyZVdWWFdIWWplakprYlhwRU9ERmpaMUI0T0ZacmFUZEtZblYxVFcxR1dYSlhVR2RaYjNsMGVXdFZXak5sZVhGb2RERnFPVXRpYmxCeGREVTFUa2N5T1hFNFVtVXhXbFprWnpkWU9GSndjWEpoUldJNVdXRk5lWGx3V1V4NlRYbDJjbVUzT0hCS00wMTZNVWRsVGpjeFdVd3hSMEoyZDNST2RUVkxkRzlFWlZRMlJEVXhhRUZaTWxaTlpXMXBjVVJwYUhseGJsUkhTRzl6UWs1U2VXdFFRMWwwVEdVNFdHbElabGRHVjAxa1l6TllVblo1WlZkWWRpSXNJblI1Y0NJNklrcFhWQ0lzSW1Gc1p5STZJa1ZUTWpVMkluMC5leUp6ZFdJaU9pSmthV1E2YTJWNU9ub3laRzE2UkRneFkyZFFlRGhXYTJrM1NtSjFkVTF0UmxseVYxQm5XVzk1ZEhsclZWb3paWGx4YUhReGFqbExZbTVRY1hRMU5VNUhNamx4T0ZKbE1WcFdaR2MzV0RoU2NIRnlZVVZpT1ZsaFRYbDVjRmxNZWsxNWRuSmxOemh3U2pOTmVqRkhaVTQzTVZsTU1VZENkbmQwVG5VMVMzUnZSR1ZVTmtRMU1XaEJXVEpXVFdWdGFYRkVhV2g1Y1c1VVIwaHZjMEpPVW5sclVFTlpkRXhsT0ZocFNHWlhSbGROWkdNeldGSjJlV1ZYV0hZaUxDSnVZbVlpT2pFM016Z3lNalF6Tmpjc0ltbGhkQ0k2TVRjek9ESXlORFF5Tnl3aWFuUnBJam9pWm1seWMzUnphVzF3YkdWbGVHRnRjR3hsSWl3aWFYTnpJam9pWkdsa09tdGxlVHA2TW1SdGVrUTRNV05uVUhnNFZtdHBOMHBpZFhWTmJVWlpjbGRRWjFsdmVYUjVhMVZhTTJWNWNXaDBNV281UzJKdVVIRjBOVFZPUnpJNWNUaFNaVEZhVm1Sbk4xZzRVbkJ4Y21GRllqbFpZVTE1ZVhCWlRIcE5lWFp5WlRjNGNFb3pUWG94UjJWT056RlpUREZIUW5aM2RFNTFOVXQwYjBSbFZEWkVOVEZvUVZreVZrMWxiV2x4Ukdsb2VYRnVWRWRJYjNOQ1RsSjVhMUJEV1hSTVpUaFlhVWhtVjBaWFRXUmpNMWhTZG5sbFYxaDJJaXdpYm05dVkyVWlPaUpNT1VFdE9XbFVhbUYyU25SQ1pFNVhhMloxVlZKQklpd2lZWFZrSWpvaVpHbGtPbmRsWWpwcGNITXVkR1Z6ZEdsdVp6SXVhemh6TFdOc2RYTjBaWEl1ZEdGdVoyOHVjbWxrTFdsdWRISmhjMjltZEM1bGRUcGthV1FpTENKMmNDSTZleUpBWTI5dWRHVjRkQ0k2V3lKb2RIUndjem92TDNkM2R5NTNNeTV2Y21jdk1qQXhPQzlqY21Wa1pXNTBhV0ZzY3k5Mk1TSmRMQ0owZVhCbElqcGJJbFpsY21sbWFXRmliR1ZRY21WelpXNTBZWFJwYjI0aVhTd2lhV1FpT2lKbWFYSnpkSE5wYlhCc1pXVjRZVzF3YkdVaUxDSm9iMnhrWlhJaU9pSmthV1E2YTJWNU9ub3laRzE2UkRneFkyZFFlRGhXYTJrM1NtSjFkVTF0UmxseVYxQm5XVzk1ZEhsclZWb3paWGx4YUhReGFqbExZbTVRY1hRMU5VNUhNamx4T0ZKbE1WcFdaR2MzV0RoU2NIRnlZVVZpT1ZsaFRYbDVjRmxNZWsxNWRuSmxOemh3U2pOTmVqRkhaVTQzTVZsTU1VZENkbmQwVG5VMVMzUnZSR1ZVTmtRMU1XaEJXVEpXVFdWdGFYRkVhV2g1Y1c1VVIwaHZjMEpPVW5sclVFTlpkRXhsT0ZocFNHWlhSbGROWkdNeldGSjJlV1ZYV0hZaUxDSjJaWEpwWm1saFlteGxRM0psWkdWdWRHbGhiQ0k2V3lKbGVVcHlZVmRSYVU5cFNtdGhWMUUyV2xkS2VtRlVjRFpqTWxwWlVsVktUV1ZXVm5aTk1sSmFXa1JHZFZrelNtaGFiV1IxVVdsTmVGcHFaM2xOTWxwcVRWUkJkMDB5VFRCTlYwMHlUMWRPYkU1SFdYZE9WR2N3VFVSbk5GbDZWVEZhVTBselNXNVNOV05EU1RaSmEzQllWa05KYzBsdFJuTmFlVWsyU1d0V1ZFMXFWVEpKYmpBdVpYbEtlbVJYU1dsUGFVcHJZVmRSTm1FeVZqVlBibTk1V2tjeE5sSkVaM2haTW1SUlpVUm9WMkV5YXpOVGJVb3haRlV4ZEZKc2JIbFdNVUp1VjFjNU5XUkliSEpXVm05NldsaHNlR0ZJVVhoaGFteE1XVzAxVVdOWVVURk9WVFZJVFdwc2VFOUdTbXhOVm5CWFdrZGpNMWRFYUZOalNFWjVXVlZXYVU5V2JHaFVXR3cxWTBac1RXVnJNVFZrYmtwc1RucG9kMU5xVGs1bGFrWklXbFUwTTAxV2JFMU5WV1JEWkc1a01GUnVWVEZUTTFKMlVrZFdWVTVyVVRGTlYyaENWMVJLVjFSWFZuUmhXRVpGWVZkb05XTlhOVlZTTUdoMll6QktUMVZ1YkhKVlJVNWFaRVY0YkU5R2FIQlRSMXBZVW14a1RscEhUWHBYUmtveVpWZFdXRmRJV1dsTVEwcDFXVzFaYVU5cVJUTk5lbWQ1VFdwUmVrOVVhM05KYld4NlkzbEpOa2x0VW5CYVJIQnNXVzVPY0U5dWNIcGFiR2hHVVd0NE5WWlhPSHBhUm14clRWYzFhbU50Um0xYU1qVkRTV2wzYVZwWWFIZEphbTk0VG5wWk5VNXFZM3BQVkdzMVRFTktjRmxZVVdsUGFrVXpUWHBuZVUxcVVYcFBWR3R6U1c1YWFrbHFjRGRKYTBKcVlqSTFNRnBZYURCSmFuQmlTVzFvTUdSSVFucFBhVGgyWkROa00weHVZM3BNYlRsNVduazRlVTFFUlRSTU1rNTVXbGRTYkdKdVVuQlpWM2g2VEROWmVFbHNNSE5KYmxJMVkwZFZhVTlzYzJsV2JWWjVZVmRhY0ZsWFNuTmFWVTU1V2xkU2JHSnVVbkJaVjNkcFRFTktWMXBZU25CYWJXeG9XVzE0YkZGWVVqQmFXRTR3V1ZoU2NHSXlOR2xNUTBwRVZrWmthR0pIZUd4a1JrNW9ZbGRXUW1SWVVtOWlNMHB3WXpKV2ExTlhOVlZoVnpGc1NXd3djMGx0Ykd0SmFtOXBaRzFOTm1SWVRteGlSMWsyV1Zka2JHSnVVV3BQUkUweFRucHJlazE2WXpGT1ZGa3dUVlJSTkU1VVdUQlBRMGx6U1cxc2VtTXpWbXhhUTBrMlNXcEpkMDFxVlhSTlJFVjBUWHBDVlUxRVp6Wk5SRmsyVFhwc1lVbHBkMmxrYlVaellWZFNSMk50T1hSSmFtOXBUV3BCZVU1VE1IZE5VekI2VFVaUmQwOUViM2RPYW05NlQxWnZhVXhEU21wamJWWnJXbGMxTUdGWFJuTlZNazV2V2xjeGFFbHFjRGRKYld4clNXcHZhV0ZJVWpCalNFMDJUSGs1YUdOSGEzUlpNamwxV20wNWVXSlhSblZaTWxWMVdsZEtlbUZUTld4a1V6a3dZMjVXZW1SSFZtdE1XRTVxWVVkV2RGbFlUWFJqYlZadVlWaE9NR051YTNaa2FrbDJZekpPYjFwWE1XaGplVGsyVFRBeGJsWlZXbFpoTWtrelRXcEtNV05VVWpSTk1sSXlUbGhzUWxOdE1YVlViVEUyVWtWYWJGTjZWbFpSZW1nMFQwUk9VbUl5VmsxVGF6QnBURU5LTUdWWVFteEphbTlwVW01V2MySkZjSHBpTWpWVVdUSm9iR0pYUmxkWlYzaHdXa2RHTUdJelNYbE5SRWw0U1c0d2MwbHRiSHBqTTFac1kybEpOa2x0VW5CYVJIQnNXVzVPY0U5dWNIcGFiR2hHVVd0NE5WWlhPSHBhUm14clRWYzFhbU50Um0xYU1qVkRTV2wzYVdGWVRucGtWMFoxV1RKV1JWbFlVbXhKYW05cFRXcEJlVTVUTUhkTlV6QjZUVVpSZDA5RWIzZE9hbTk2VDFadmFVeERTbXhsU0VKd1kyMUdNR0ZYT1hWU1IwWXdXbE5KTmtscVNYZE5hbGwwVFVSRmRFMXFiRlZOUkdjMlRVUlpOazE2YkdGSmFYZHBXVE5LYkZwSFZuVmtSMnhvWWtaT01WbHRjR3haTTFGcFQyNXphV0ZYVVdsUGFVcHJZVmRSTm1FeVZqVlBibTk1V2tjeE5sSkVaM2haTW1SUlpVUm9WMkV5YXpOVGJVb3haRlV4ZEZKc2JIbFdNVUp1VjFjNU5XUkliSEpXVm05NldsaHNlR0ZJVVhoaGFteE1XVzAxVVdOWVVURk9WVFZJVFdwc2VFOUdTbXhOVm5CWFdrZGpNMWRFYUZOalNFWjVXVlZXYVU5V2JHaFVXR3cxWTBac1RXVnJNVFZrYmtwc1RucG9kMU5xVGs1bGFrWklXbFUwTTAxV2JFMU5WV1JEWkc1a01GUnVWVEZUTTFKMlVrZFdWVTVyVVRGTlYyaENWMVJLVjFSWFZuUmhXRVpGWVZkb05XTlhOVlZTTUdoMll6QktUMVZ1YkhKVlJVNWFaRVY0YkU5R2FIQlRSMXBZVW14a1RscEhUWHBYUmtveVpWZFdXRmRJV1dsTVEwcHdXa1JGYVU5cFNtdGhWMUUyWVRKV05VOXViM2xhUnpFMlVrUm5lRmt5WkZGbFJHaFhZVEpyTTFOdFNqRmtWVEYwVW14c2VWWXhRbTVYVnprMVpFaHNjbFpXYjNwYVdHeDRZVWhSZUdGcWJFeFpiVFZSWTFoUk1VNVZOVWhOYW14NFQwWktiRTFXY0ZkYVIyTXpWMFJvVTJOSVJubFpWVlpwVDFac2FGUlliRFZqUm14TlpXc3hOV1J1U214T2VtaDNVMnBPVG1WcVJraGFWVFF6VFZac1RVMVZaRU5rYm1Rd1ZHNVZNVk16VW5aU1IxWlZUbXRSTVUxWGFFSlhWRXBYVkZkV2RHRllSa1ZoVjJnMVkxYzFWVkl3YUhaak1FcFBWVzVzY2xWRlRscGtSWGhzVDBab2NGTkhXbGhTYkdST1drZE5lbGRHU2pKbFYxWllWMGhaYVdaWU1ITkpiWEF3WVZOSk5rbHVXbXBQYmxaNldsZDRiVTl0Um01YVZ6VXdTWHBuZWs1VVl6Vk5lazB6VGxSVk1rNUVSVEJQUkZVeVRrUm5hV1pSTGxWeFdsQjZRMDQ0ZEMxc1ZubEhTVkJ2YzIwMFFWSjZXRlZHYzJSc1pXWkZlR3RUUzFwV1FqSklTSFU1VFVnNVlrWmpZMWRsZWxZMVNtRnpZME5MTnpaSWEwbGFSV3BSWTBoWmVtZEhkbkIxZGxGRGFVeEJJbDE5ZlEubkdyNVVNYXpUNlVpR1RFdksxZjN6N2VvWG90SExoS0V5aERlU1AwQ0QyOF9HT0s2VGcwc0Z4Ym9ZZWxjTTJvY1I0Q3V4dlY2ZGo3bWIzVkZ1NWk2Y2c. Err: decoding of Verifiable Presentation from JWS: decode Verifiable Presentation JWT claims: jwt proof check: invalid public key id: unresolvable_did","time":"2025-01-30T08:07:07Z"}

Solution:
To support the EBSI Guidelines and VC Framework, it is requested to enhance the VCVerifier did:key functionality to resolve the did:key profile specified by EBSI for natural persons.

Note: EBSI uses the JWK_JCS-PUB multicodec as noted in the document linked above, however, JWK_JCS-PUB is not exclusive to EBSI and may be used elsewhere.

Example did:key & EBSI Resolver
Please see here an example:

did:key:z2dmzD81cgPx8Vki7JbuuMmFYrWPgYoytykUZ3eyqht1j9KbnPqt55NG29q8Re1ZVdg7X8RpqraEb9YaMyypYLzMyvre78pJ3Mz1GeN71YL1GBvwtNu5KtoDeT6D51hAY2VMemiqDihyqnTGHosBNRykPCYtLe8XiHfWFWMdc3XRvyeWXv

The EBSI Resolver can be used to resolve it, and it also supplies source code to support it as follows:

[pulledtim]

Hi Ross,
I added support for the encoding to the underlying library and am currently adding tests to make sure it works properly. In case you want to try yourself too, the image quay.io/fiware/vcverifier:4.6.0-pre-51 contains the fix

[ross-little]

Hi Tim, That is great news thanks! I have asked for it to be loaded onto TANGO for testing. Cheers //Ross From: Tim Smyth ***@***.***> Sent: 18 February 2025 12:59 To: FIWARE/VCVerifier ***@***.***> Cc: ross-little ***@***.***>; Author ***@***.***> Subject: Re: [FIWARE/VCVerifier] Support for EBSI Natural Person did:key with the JWK_JCS-PUB multicodec (Issue #48) Caution: External email. Do not open attachments or click links, unless this email comes from a known sender and you know the content is safe. Hi Ross, I added support for the encoding to the underlying library and am currently adding tests to make sure it works properly. In case you want to try yourself too, the image quay.io/fiware/vcverifier:4.6.0-pre-51 contains the fix - Reply to this email directly, view it on GitHub<#48 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AFIYVNC54IULCYCPIK2S3S32QMOCDAVCNFSM6AAAAABWMFSS3CVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDMNRVGQ3TSNRXG4>. You are receiving this because you authored the thread.Message ID: ***@***.******@***.***>> [pulledtim]pulledtim left a comment (FIWARE/VCVerifier#48)<#48 (comment)> Hi Ross, I added support for the encoding to the underlying library and am currently adding tests to make sure it works properly. In case you want to try yourself too, the image quay.io/fiware/vcverifier:4.6.0-pre-51 contains the fix - Reply to this email directly, view it on GitHub<#48 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AFIYVNC54IULCYCPIK2S3S32QMOCDAVCNFSM6AAAAABWMFSS3CVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDMNRVGQ3TSNRXG4>. You are receiving this because you authored the thread.Message ID: ***@***.******@***.***>>