Krisna's service takes on the responsibility of formulating the "ShopSphere Account Holder" Data Verification Request (DVR), which serves as the benchmark for validating "ShopSphere ID Token" user information. In the zkPass ecosystem, the Krisna service takes the role of the Proof Verifier. To craft precise DVR queries, Krisna needs a comprehensive grasp of the data structure of the ShopSphere ID Token, as specified by the ShopSphere OIDC Provider. By employing the zkPass Query Language, Krisna is able to target particular fields within the user data through the concept of 'Variable'. Key guidelines for integration consist of the following two main steps:
The Krisna service needs to provide a RESTful API that allows for the secure retrieval of DVRs. This API must be equipped with strong user authentication measures to ensure that only the rightful owner can access their data. While zkPass doesn't specify the exact methods for authentication, the semantics of the API, or the formats of responses, it offers developers the freedom to create their own implementation. Generally, this API is used by the Data Holder as a starting point in the data verification process.
Signing the DVR
To support the smooth functioning of the zkPass process, the Krisna service is required to sign the "ShopSphere Account Holder" DVR object into a JWS (JSON Web Signature) token. To make this task easier, the zkpass-client SDK library offers a function specifically designed to streamline the signing process.
In addition, the Krisna service needs to provide the necessary public key that allows for the verification of the signed DVR. This distribution can be handled either manually or through an out-of-band method, or more efficiently, through a programmatic API call, as outlined by the JSON Web Key Set (JWKS) protocol.
After the ShopSphere app obtains the zkPass proof from the zkPass Service, it will send this proof to the Krisna service for validation. This is accomplished by the app using a proof verification API offered by the Krisna service. Similar to other aspects of zkPass, the specific methods for authentication, the design of the API, and the response formats are not rigidly defined by zkPass, allowing developers the flexibility to tailor their own implementations.
To process this verification request, the Krisna service will employ the verify_zkpass_proof
function, which is a part of the zkpass-client SDK library. This function is designed to efficiently handle the verification of the zkPass proof.
By adhering to these guidelines, Krisna reinforces the overall security and effectiveness of the zkPass ecosystem, thereby providing a reliable and secure means of data verification.