W3C home > Mailing lists > Public > public-credentials@w3.org > June 2016

Re: Feedback requested: VC Architecture Diagram

From: Eric Korb <eric.korb@truecred.com>
Date: Fri, 17 Jun 2016 08:34:58 -0400
Message-ID: <CAMX+RnBZVQeXJ2fR3oFv570nS-LjevJjG_HUogybyJsA96H3ew@mail.gmail.com>
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: Credentials Community Group <public-credentials@w3.org>
+1 to Manu's sentiments

Accreditrust's viewpoint is aligned with Manu's comment, "Verifiable Claims
ensure that the entity that a website is speaking to has a certain set of
qualifications that have been vetted by a trusted 3rd party. It also
ensures that those qualifications can be asserted across multiple origins.

+1 to the Diagrams from Dave L.

Eric


On Tue, Jun 14, 2016 at 9:03 PM, Manu Sporny <msporny@digitalbazaar.com>
wrote:

> On 06/14/2016 05:08 PM, David Chadwick wrote:
> > 1. The storage of the subject identifier in the repository is
> > optional, as per earlier discussion with Manu today, but is seen to
> > be mandatory in both diagrams. It should be marked optional.
>
> Hmm, sorry, something I said made you jump to the wrong conclusion.
>
> I think part of the issue is that we keep having discussions in the
> abstract. For example: "Is X possible with the Verifiable Claims data
> model?"
>
> The answer to that question is probably "Yes".
>
> I interpreted your question about the subject identifier as a public key
> identifier like this:
>
> "If one wanted to do proof of possession, but wanted to issue claims to
> public keys and do proof of possession using a public key, is writing
> the subject identifier (and key information) to the identifier
> repository mandatory based on the current Verifiable Claims data model"
>
> ... and the answer to that question is "No, writing the subject
> identifier to the registry is not necessary", because the subject
> identifier is a public key and the fingerprint is good enough for most
> cases IF you want to deploy an ecosystem where the subject identifiers
> are public key identifiers.
>
> I hope I'm being clear when I say that a non-trivial number of us think
> that sort of ecosystem would be really bad for end users. Let me
> re-state that to be crystal clear. We have considered that approach and
> come to the conclusion that it would result in an ecosystem that will
> not scale wrt. adoption (unless there are some serious advances made in
> cryptographic key recovery).
>
> Someone that disagrees is welcome to build an alternate ecosystem based
> on the assumption of public key identifiers as subject identifiers for
> claims. You can even use the verifiable claims /data model and syntax/
> to do this. However, the verifiable claims architecture does present
> what we think the ideal outcome should be (and that vision is NOT public
> key identifiers as subject identifiers).
>
> So, -1 for marking the identifier registry as optional. It paints a
> future that I think many of us don't want (but others are welcome to
> fork the architecture and travel down a different path, because we may
> be wrong).
>
> > 2. Verifying identity ownership can be done by direct communication
> > with the holder (in the case where the holder is the subject and the
> > identifier is a public key) but this option is not represented in the
> > diagram.
>
> I hope the above explains why it's not presented as an option.
>
> > In terms of the arrows, I prefer Dave Crocker's version
>
> Good to know, thank you. Why? (out of curiosity)
>
> -- manu
>
> --
> Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
> Founder/CEO - Digital Bazaar, Inc.
> JSON-LD Best Practice: Context Caching
> https://manu.sporny.org/2016/json-ld-context-caching/
>
>
Received on Friday, 17 June 2016 12:35:46 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:29 UTC