# Credential definitions # # Each credential has a name and named fields. All fields are scalars. [credentials] account = ["user_id"] bridge = ["user_id", "nonce", "bridge_id"] # The presentations section defines credential presentation protocols. # # Each presentation protocol has a list of credentials presented simultaneously (must present at least one). # # client_attrs_hidden is a list of attributes of input credentials which are hidden from the server by the client. # # client_attrs_revealed is a list of attributes of input credentials which are revealed to the server by the client. # # client_attrs_hidden and client_addrs_revealed must be a disjoint union of all attributes of all input and output credentials. [presentations.show_bridge] credentials = ["account", "bridge"] client_attrs_hidden = ["account.user_id", "bridge.user_id"] client_attrs_revealed = ["bridge.bridge_id", "bridge.nonce"] relations = ["account.user_id = bridge.user_id"] # The issuances section defines credential issuance protocols. # # Each issuance protocol has a set of input credentials (can be empty) and a set of output credentials (must produce at least one output). # # client_attrs_hidden is a list of attributes of input and output credentials which are hidden from the server by the client. # # client_attrs_revealed is a list of attributes of input and output credentials which are revealed to the server by the client. # # server_attrs is a list of attributes of output credentials which are specified by the server, not the client. # # client_attrs_hidden, client_addrs_revealed, and server_attrs must be a disjoint union of all attributes of all input and output credentials. # # relations is a list of relations between attributes of input and output credentials. Only '=' is supported. [issuances.create_user] input_credentials = [] output_credentials = ["account"] client_attrs_hidden = [] client_attrs_revealed = [] server_attrs = ["account.user_id"] [issuances.create_bridge] input_credentials = ["account"] output_credentials = ["bridge"] client_attrs_hidden = [ "account.user_id", "bridge.user_id", "bridge.nonce" ] client_attrs_revealed = [] server_attrs = ["bridge.bridge_id"] relations = [ "account.user_id = bridge.user_id" ]