W3C home > Mailing lists > Public > public-credentials@w3.org > March 2016

Re: Proposed VC Use Case: Consignment of Claims

From: Dave Longley <dlongley@digitalbazaar.com>
Date: Thu, 3 Mar 2016 17:05:19 -0500
To: Steven Rowat <steven_rowat@sunshine.net>, public-credentials@w3.org
Message-ID: <56D8B51F.90603@digitalbazaar.com>
On 03/03/2016 01:05 PM, Steven Rowat wrote:
> On 3/3/16 6:10 AM, Eric Korb wrote:
>> A.6 Consignment of Claims
>>
>> A.6.1 Holder Consigns Their Claim to Another Trusted Entity
>
> +1. The language of this Consignment of Claims in A.6.1 was a delight to
> read -- fully explained itself to me by the examples themselves, which
> were easy to follow.
>
> IMO there are many important uses for this. Tim put in some others in
> his reply.

I agree the there are important uses for this. We may also need more 
than one way of doing it -- depending on the use case. For example, 
there are delegated-authorization use cases here that we've briefly 
discussed that could be modeled via Google macaroons:

1. A service could control access via a macaroon that requires a 
particular credential/claim as a caveat.

2. Someone who is eligible to use the service could provide their 
credential/claim to an authenticating service to discharge that caveat.

3. That person can then apply their own caveat that requires a 
particular credential/claim that appropriately identifies another 
trusted party that they give the macaroon to. This party can then act on 
their behalf, provided that they can discharge the caveat by presenting 
the required credential/claim.

Some other use cases, for example, where the main party is incapacitated 
or cannot be looped into the authentication process, wouldn't be as 
easily solved using this sort of method.

I think supporting this concept is worth considering during the data 
model/syntax phase -- even if we can't get into the protocols required 
to fully support the use cases.

>
> One that's not mentioned yet I think, and I think is important, is the
> legal one for end of life or incapacity (like your example, but more
> inclusive): Attorney for Health Care, Attorney for Financial Affairs --
> named differently in different jurisdictions but meaning that person B
> acts as the legal agent for Person A when person A is incapacitated, in
> a whole realm of legal acts: decisions with doctors, decisions with
> banks. These uses should definitely be covered in a seamless way by VCs
> if possible, and Consignment seems a good way to do that.
>
> Though...it seems possible that some combination of other scenarios
> already in the VC Use Cases contains this capability? Unfortunately some
> of them are so dense as to be impenetrable for me, so I can't tell if
> that's true or not. For instance,
>
> "A.3.8 Verifiable Claims as Qualifiers" -- maybe this is related? I
> tried to understand it and gave up, admittedly quickly. The TL;DR
> response took over and I fled. ;-)

Perhaps the requirements from other use cases would allow someone to 
compose what they need in order to solve the consignment use cases, but 
it may be worth mentioning them anyway.

Anyone else have thoughts on this?


-- 
Dave Longley
CTO
Digital Bazaar, Inc.
http://digitalbazaar.com
Received on Thursday, 3 March 2016 22:05:45 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 3 March 2016 22:05:45 UTC